Auditing Process
Internal auditing […] helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
- from IIA's definition of Internal Auditing
The most important member of the audit team is you, the client. Your input is essential to a successful engagement. Our objective is to have you involved at every stage of the process, so you understand what we are doing and why. Most audits consist of four stages:
At the beginning of this phase, we will hold a welcome meeting and conduct an Engagement Risk Assessment. We’ll explain our risk‐based approach, gather information about risks and controls, and determine the objectives for fieldwork. When planning our review, we welcome input from management on areas they would like to include.
During the Fieldwork phase, the actual work of the audit is performed through the testing of controls. This phase typically includes:
- determining whether controls are operating efficiently and effectively.
- assessing accuracy of financial reporting.
- verifying that policies and procedures are available, up to date, and address risks adequately.
- reviewing compliance with applicable laws, regulations, and policies.
Test results will be discussed with you and your management team during the fieldwork phase, and again at the engagement’s conclusion.
Draft Report — During a closing meeting, we will review the draft report with you and make any appropriate revisions.
Final Report — Management’s action plans, including responsible parties and a timeline for completion, are added to the report. The final report is distributed to management, appropriate university leadership, and the Board of Trustees.
Follow-up is the final phase of the auditing process. We will continue to check in with you periodically until the action plans developed in stage three are completed. Our team remains available to answer questions and assist you in reaching these goals. We maintain a tracking report to record open audit recommendations. This report is shared with the Audit, Compliance and Risk Committee of the Board of Trustees.
Audit Plans
Each year we perform a university-wide risk assessment which serves as the foundation
for the development of an audit plan that addresses high risk areas. The audit process
assists the university in strengthening its internal control structure and provides
assurance that resources are used efficiently and effectively in keeping with mandated
requirements and the university's mission, goals, and objectives. As new risks emerge
throughout the year, our audit plan changes accordingly.
Academics/Student Support
- ADA Compliance
- Financial Aid Abatements & Withdrawl Refunds
Financial
- HEERF Fund Expenditures
Information Technology
- Strategic Planning
- Managed Human Resources
- Cybersecurity (Secure Configurations of Assets)
- Cybersecurity (Remote Access is Managed)
- Cybersecurity (Protections Against Data Leaks)
- Managed Service Agreements
- Suppliers and Third Party Risks
Operational
- Classification and Compensation
- College Business Operations - School of Law
- Transporation Services - Columbia
- University Policies and Procedures
- USC Beaufort Business Operations
- P-card monitoring (advisory)
Research
- Grant Accounting
Safety & Security
- Mental Health - Comprehensive Universities
- Student Event Risk Mitigation
- Title IX Operations
- Campus Safety Training - Columbia
Strategic
- Artificial Intelligence (advisory)
Reviews Required by Policy or Charter
- Board Office and President's Expenses
- Follow-up Reviews for Outstanding Audit Issues
- IT Investment Analysis
- Management Advisory Reviews
- Special Investigations/Internal Control Reviews
Academics/Student Support
- Financial Aid Abatements
- Mental Health Access and Awareness
Compliance/Human Resources
- Hiring and Retention
- Student Athletes Medical Records Privacy
Financial
- University Libraries (advisory)
Information Technology
- IBM Support
- Incident Management
- IT Security Awareness
- Network Availability
- Research Computing Security
- User Access Management
- Wireless Network Upgrade-post implementation
Operational
- Capital Maintenance - Utility Outages
- College Business Operations
- Development - Donor Relations
- Housing Business Operations
- P-Card Monitoring (advisory)
- USC Upstate Business Operations
Research
- Animal Care and Use in Research
Safety
- Campus Safety - Comprehensive Universities
Strategic
- Office of Institutional Research, Assessment, and Analytics
Reviews Required by Policy or Charter
- Board Office and President's Expenses
- Follow-up Reviews for Outstanding Audit Issues
- IT Investment Analysis
- Management Advisory Reviews
- Special Investigations/Internal Control Reviews