In order to meet the responsibilities and objectives as set forth in the Audit Charter, it is necessary for internal audit to perform reviews and audits of varying types and scopes depending on the circumstances and requests from management.
Each fiscal year an annual audit plan is developed and submitted to the president and Board of Governors' Committee on Audit, Risk Management, and Compliance for review and approval. The audit plan is based on a risk assessment methodology, as well as requests from management. Audit services can be requested by members of the University of North Carolina System Office community through memos, e-mail or via the Contact Us link.
The following types of audit services are provided by internal audit:
Operational audits review the effectiveness and efficiency of operational units within the UNC System Office. Effectiveness measures how successfully an organization achieves its goals and objectives. Efficiency measures how well an entity uses its resources to achieve its goals.
Compliance audits measure the compliance with established University, Federal or State laws, regulations, and/or policies.
Information technology (IT) audits are conducted to evaluate the quality of the controls and safeguards over the information technology resources and critical data of the organization. These audits normally consist of reviewing the effective use of information technology resources, adherence to management's policies, and assessing the design and implementation of internal controls over computer applications and the computing environments in which they are used.
A financial audit is a review intended to serve as a basis for expressing an opinion on the fairness, consistency, and conformity of financial information with generally accepted accounting principles. Financial audits can be full or limited in scope, depending on the objectives.
Follow Up Reporting
For internal or external audit work that results in recommended improvements, internal audit conducts follow-up reviews to assess if corrective action has been implemented.
Consulting / Advisory
Internal audit often provides routine consultation and advisory services to all levels of management. Consultative engagements may include but are not limited to interpreting policies, reviewing specific processes and controls, and offering feedback on how internal controls and/or operations might be strengthened. These are frequently undertaken when a significant process change is being planned. We strongly encourage departments to contact us for consultation when starting a new business process or making significant changes to the way you conduct your day-to-day activities. We believe that it is easier to "get it right" from the beginning rather than having to "fix it" later!
These audits are normally requested on an as-needed basis by management or by anonymous tips and/or requests. Investigative audits typically focus on topics such as alleged irregular conduct, non-compliance with established policies or laws, misuse of State/UNC System resources, false time reporting, internal theft, and/or conflicts of interest.
Fraud & Abuse
Any dishonest or improper act by an employee such as those that violate the law, waste money, or endanger public health and safety, are a concern. In addition, North Carolina General Statute § 143B-920 requires all state employees, including employees of the UNC System Office, to report theft or misuse of state property. Under UNC System Office policies and procedures (see INT 13.0 Reporting and Investigating the Misuse of State Property), such information should be reported to internal audit and legal. When potential violations are reported, internal audit will investigate as promptly and discreetly as possible.
To report suspected fraud, waste, or abuse, please see the Hotline page to submit a concern.