Internal Audit Types
IA’s scope of work is comprehensive and considers all aspects of the organization, both financial and non-financial, with an emphasis on constructive improvement.
In addition to these types of reviews, IA also performs advisory services at the university. In this role, IA can assist management with identifying enterprise-wide cost efficiencies, provide insights that improve business performance, and recommend areas for risk focus and prioritization. IA uses its comprehensive knowledge of university operations and provides additional resources and analysis as a decision-making tool for management.
Address questions of accounting, recording, and reporting of financial transactions, as well as reviewing the adequacy of internal controls.
Determine if departments adhere to federal, state, and university rules, regulations, policies, and procedures.
Examine the use of department/university resources to evaluate whether those resources are utilized in the most efficient and effective way to fulfill the department's/university's mission and objectives. An operational audit may include elements of a compliance audit, a financial audit, and an information systems audit.
Focus on major capital projects at the university to ensure key processes and controls in place to manage these activities are operating effectively throughout the life of the project. As part of the Construction Audits, the IA team validates compliance with the contract terms, including detailed reviews of the contractor’s invoicing activity.
Combine a financial/controls audit of an area with an information technology assessment of the systems and infrastructure that support the unit. An integrated audit can assess the effectiveness of the coordination between the information systems and the business activities to support defined goals and objectives.
Information Systems (IS) Audits
Address the internal control environment of automated information processing systems and how these systems are used. IS Audits typically evaluate system input, output and processing controls, backup and recovery plans, and system security, as well as computer facility reviews. IS audits may focus on not only assessing existing systems, but performing real-time system assessments on system upgrades or implementations.
Performed when appropriate. These audit activities focus on alleged violations of federal and state laws and of university policies and regulations. Internal theft, misuse of university assets, hotline allegations, and conflicts of interest are examples of investigative audits.
Follow-up Audits and Validation Testing
IA maintains a database of all observations and recommendations generated from its audits. After a reasonable period, IA requests a status report from the audit client regarding corrective actions taken to date. IA evaluates the effectiveness of these corrective actions and performs follow-up and validation testing procedures to determine if revised processes and controls are operating effectively.
CMU Ethics Reporting Hotline
www.reportit.net (Username: tartans; Password: plaid)