Types of audits and projects performed

These address cost accounting issues, recharge centers/user fees, internal control effects of proposed systems/process changes, performance measurement, pricing of services, in-house vs. contracting out/outsourcing issues, operational controls/procedures, process flows, forms, integrity of management information, and opportunities for more efficient and effective use of resources to fulfill the unit’s mission and objectives.

A compliance audit determines the degree of adherence to laws, internal and external policies and procedures, and terms of contracts or grants. These include federal/state of Arizona/local laws and regulations, Arizona Board of Regent’s policies and procedures, management standards, and NAU policies and procedures. Examples of specific regulations are NCAA, FERPA and FLSA.

These address accounting and reporting of financial transactions, transaction testing (document support, public purpose, policy compliance), internal financial reporting, accounting, and other internal controls, accounting and fund accounting issues, accountability, reconciliations, and checks and balances.

These audits address allegations or discoveries of internal theft, manipulation of records, misuse of assets and/or conflicts of interest. We work closely with senior management, General Counsel, the comptroller’s office as well as the NAU Police Department as necessary to resolve these issues.

These technical audits address the internal control environment of automated information and transaction processing systems and how people use those systems. IS audits typically evaluate system input, output, and processing, backup and recovery plans, and system security and documentation. IS audits at NAU are often performed by the Arizona Board of Regents’ IS Auditor.

Some of the Internal Audit department’s work comes in the form of inquiries from the campus community via phone, e-mail, or in person. A formal audit report is not issued in these cases. Instead, the work is documented in a memo or e-mail message, or discussed verbally. Examples of these miscellaneous projects include:

• requests for assistance in interpretation of policy
• review of proposed policy changes
• review internal control/good business practice issues
• evaluation of risk
• directing questions or complaints to proper department/authority
• review of prospective transactions
• provide input on operational procedures

These audits include providing assurance that system/process problems were properly corrected and that action was taken to prevent a recurrence.