Auditing Process
Internal auditing […] helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
- from IIA's definition of Internal Auditing
The most important member of the audit team is you, the client. Your input is essential to a successful engagement. Our objective is to have you involved at every stage of the process, so you understand what we are doing and why. Most audits consist of four stages:
At the beginning of this phase, we will hold a welcome meeting and conduct an Engagement Risk Assessment. We’ll explain our risk‐based approach, gather information about risks and controls, and determine the objectives for fieldwork. When planning our review, we welcome input from management on areas they would like to include.
During the Fieldwork phase, the actual work of the audit is performed through the testing of controls. This phase typically includes:
- determining whether controls are operating efficiently and effectively.
- assessing accuracy of financial reporting.
- verifying that policies and procedures are available, up to date, and address risks adequately.
- reviewing compliance with applicable laws, regulations, and policies.
Test results will be discussed with you and your management team during the fieldwork phase, and again at the engagement’s conclusion.
Draft Report — During a closing meeting, we will review the draft report with you and make any appropriate revisions.
Final Report — Management’s action plans, including responsible parties and a timeline for completion, are added to the report. The final report is distributed to management, appropriate university leadership, and the Board of Trustees.
Follow-up is the final phase of the auditing process. We will continue to check in with you periodically until the action plans developed in stage three are completed. Our team remains available to answer questions and assist you in reaching these goals. We maintain a tracking report to record open audit recommendations. This report is shared with the Audit, Compliance and Risk Committee of the Board of Trustees.
Audit Plans
Each year we perform a university-wide risk assessment which serves as the foundation
for the development of an audit plan that addresses high risk areas. The audit process
assists the university in strengthening its internal control structure and provides
assurance that resources are used efficiently and effectively in keeping with mandated
requirements and the university's mission, goals, and objectives. As new risks emerge
throughout the year, our audit plan changes accordingly.
Academics/Student Support
- Academic Program Analysis
- Enrollment Management
- Health Services Business Operations
Athletics
- Athletics Financial Model
- Athletics Rules Education
Compliance/Human Resources
- Regulatory Compliance - Non-Columbia
Financial
- Bursar Operations
- Capital Debt Management
- Payroll Operations
Information Technology
- Asset Management
- Cloud Governance
- Cybersecurity Risk Mitigation
- Disaster Recovery - facilitated tabletop exercise
- Project Management Lifecycle
- User Access Management
Operational
- Credit Card Programs
- College of Engineering and Computing Business Operations
- Darla Moore Business Operations
- Health Sciences Capital Project
- Learning Management Systems
- Office of Economic Engagement
- Third-Party Contracts (non-IT)
- USC Aiken Business Operations
Research
- Export Controls
- Research Compliance - Human Subjects
Strategic
- Artificial Intelligence (advisory)
Reviews Required by Policy or Charter
- Board Office and President's Expenses
- IT Investment Analysis
- Management Advisory Reviews
- Special Investigations/Internal Control Reviews
- Follow-up reviews/Quality self-assessment