Internal Audit-Audit Services - Carnegie Mellon University

Internal Audit

Carnegie Mellon University’s Internal Audit (IA) department’s primary goals and responsibilities include helping the university accomplish its objectives, improving operations, and assessing its risk management, internal controls, and governance processes at the institution. This is generally accomplished by providing planned and requested audits and reviews, as well as assisting in the education of staff and faculty, as it relates to operations, business processes and controls.

IA engages in three primary activities – audits, advisory services, and investigations. Our focus is to proactively work with central administration, as well as the  schools and colleges, assisting management to address financial, operational, and compliance risks and areas of exposures. Rather than duplicate the financial and compliance auditing performed by the DCAA or the university’s external auditors, IA concentrates on control systems and processes and performs deep dives of various functional areas. In this way, audit resources are maximized, creating synergies between the internal and external audit functions and reducing any duplication of efforts.

About Us

Internal Audit (IA) is an independent assurance activity serving the Carnegie Mellon community. Our ongoing reviews, based on a comprehensive audit plan, provide management with an evaluation of operating and financial systems and their related internal controls. This plan addresses not only financial systems, but also systems in non-financial areas established to ensure compliance with rules of external agencies and organizations.

The IA function is managed under the direction of the Executive Director of University Audit Services, who works with various stakeholders to develop and update the IA plan that is presented and approved by the Audit Committee of the Board of Trustees. In order to develop the IA plan, the Executive Director:

  • Meets with members of senior management to discuss key concerns.
  • Re-visits results of university-wide assessments of risk.
  • Considers changing environment and identified issues that could affect the university.
  • Integrates planning with external auditors.
  • Incorporates feedback and recommendations from the Audit Committee.

The Audit Plan Year begins January 1st and runs through December 31st. During this time, a portion of the IA services are provided by in-house resources, which are supplemented by external, specialized resources.

IA has direct reporting line to the Audit Committee of the Board of Trustees to ensure independence from management. Administratively, there is a reporting relationship through the Vice President for Finance and Chief Financial Officer.