Determining audit projects

NAU’s internal audit team: purposeful, reasonable, objective, disciplined

The Internal Audit Department of Northern Arizona University develops an audit plan utilizing risk analysis to identify the major areas, functions, processes, and other control activities for which an audit may prove beneficial to NAU in achieving its objectives.  This involves periodic assessments of the university operating units and control functions to identify areas of potential institutional risk.  The assessment of risk is based on factors such as:

• financial impact
• historical data, prior audit results, and any known weaknesses/problems
• significant changes in personnel, operations, and policies
• the degree of risk or exposure to loss
• the results of audits by other auditors (ABOR, Auditor General, Federal)
• the extent of compliance with standard university policies and procedures as reported by processing departments (i.e., accounts payable, purchasing, payroll)
• the extent of compliance with federal, state, and local regulators
• input from the fiscal representatives for the vice presidents/provost and departments’ business managers
• new or changed laws/regulations
• reputational impact

Based on these assessments and discussions with administrators, an internal audit plan is recommended by the Internal Audit Department.  This plan is submitted to the IARB and ABOR for approval.  The plan is subject to modification depending on the urgency of projects/issues that may arise during the year.  The audit plan is intended to focus work where it would be most productive, address the highest-risk areas identified, and provide the most impact.