Types of audits and projects performed

Operational audits risks and controls related to cost accounting issues, recharge centers/user fees, internal control effects of proposed systems/process changes, performance measurement, pricing of services, in-house vs. contracting out/outsourcing issues, operational controls/procedures, process flows, forms, integrity of management information, and opportunities for more efficient and effective use of resources to fulfill the unit’s mission and objectives.

Compliance audits determine the degree of adherence to laws, rules, and regulations, internal and external policies and procedures, and terms of contracts or grants. These include federal/state of Arizona/local laws and regulations, Arizona Board of Regent’s policies and procedures, management standards, and NAU policies and procedures. Examples of specific regulations include HIPAA, FERPA, FLSA, and GLBA.

Financial audits address accounting and reporting of financial transactions, transaction testing (document support, public purpose, policy compliance), internal financial reporting, accounting, and other internal controls, accounting and fund accounting issues, accountability, reconciliations, and checks and balances.

Investigations address allegations or discoveries of internal theft, manipulation of records, misuse of assets and/or conflicts of interest. We work closely with senior management, General Counsel, the comptroller’s office as well as the NAU Police Department as necessary to resolve these issues.  In some cases, Internal Audit may complete investigations under the Attorney-Client Privilege Doctrine at the direction of NAU General Counsel.  Also, per Arizona State Statute, investigations related to financial improprieties must be turned over to the Arizona Office of the Auditor General (AZOAG or OAG).

Information Technology audits address the internal control environment of automated information and transaction processing systems and how people use those systems. IT audits typically evaluate system input, output, and processing, backup and recovery plans, and system security and documentation.

Special projects include a variety of work types including special request for audits that were not otherwise on the approved periodic/annual internal audit plan. Some of the Internal Audit department’s work comes in the form of inquiries from ABOR, NAU leadership, or the campus community via phone, e-mail, or in person. A formal report may or may not be issued in these cases depending upon the nature of the project and reports are typically for internal purposes only and do not become public.  However, where such is completed at the request of ABOR or identify significant improprieties the results may be formally reported to ABOR and may become public.. Examples of these miscellaneous projects include:

• requests for assistance in interpretation of policy

• review of proposed policy changes

• review internal control/good business practice issues

• evaluation of risk

• directing questions or complaints to proper department/authority

• review of prospective transactions
• proactive discussions and project implementations to streamline or improve systems and processes as they are being developed to help build in positive controls

•  input on operational policies, procedures, and/or practices

Follow-up audits include providing assurance that system/process improvements identified in formal audit reports were properly implemented per agreed-upon solutions or via means that Internal Audit agrees addressed the key control/process changes need to result in the necessary improvement.