Types of Audits
Risk-based Operational Audits
Internal Audit performs an annual risk-assessment of University departments, programs and processes (auditable entities). Entities with the highest risk are selected for audit. Operational audits examine whether an entity is using available resources in the most effective, efficient and economical manner to achieve its mission and objectives. This can include analyzing whether good business practices and internal controls are followed, and whether operations or programs are carried out in accordance with established policies, rules and regulations.
Internal Audit conducts compliance audits either due to concerns identified during the annual risk assessment or at the request of management. Compliance audits review whether or not an entity is in compliance with established policies, procedures, laws, regulations, or grant agreements. In addition, Internal Audit conducts a NCAA compliance audit of ISU Athletics every four years.
Special Request Reviews
Internal Audit performs special request audits, reviews or analysis at the request of the president, vice presidents, State Board of Education or external regulatory agencies. These reviews are limited in scope and usually result in new policies or procedures. Special request reviews may be limited to information gathering or data analysis.
Internal Audit reviews management action plans implemented based on a previous audit or review. The purpose of these reviews is to ensure management follows through with proposed actions to resolve deficiencies or improve processes.
Internal Audit investigates allegations of misconduct related to fraud, waste, abuse and non-compliance. Investigations are initiated due to employee/student concerns, requests of management or referrals from the confidential misconduct hotline. A preliminary evaluation of all allegations will be conducted to determine whether they appear to be substantiated, the seriousness of the concern and if it should be referred for further investigation. Investigations involve the examination of records and interview of employees to determine if any illegal or non-compliant activities have taken place.
Purchase Card Audits
Internal Audit conducts audits of purchase card holders on a random basis and/or due to identified risk factors. These audits involve the review of receipts, card policy compliance, appropriateness of purchases and internal controls. Card holders are expected to maintain adequate records and to follow purchase card policies.
Verification of Assets
Internal Audit conducts unannounced counts of change and petty cash funds to ensure proper fund balances are maintained and cash handling policies are followed. Internal Audit may also verify year-end inventory counts or perform spot checks of equipment and other valuable assets.
- Consultative Services
- External auditor support