Audit Plan

Fiscal Year 2015

Employee Time & Leave Management The objective of this audit is to test compliance to Fair Labor Standards Act requirements in relation to employee compensatory and overtime hours earned.
FREEDM Center – Financial Controls The objective of this audit is to test financial expenditures within the FREEDM Center to determine compliance to Federal, State, and University requirements and ensure appropriate internal controls are in place.
Travel Reimbursements Audit The objective of this audit is to determine if the enhanced travel reimbursement process (implemented 2/2013) is functioning effectively and with appropriate internal controls to ensure compliance to University requirements.
Data Security Controls Related to Peripheral Devices The objective of this audit is to review the effectiveness of logical security controls over University data processed or stored on peripheral devices (printers, scanners, copies, etc.)
Audit of Security Controls Over University Research Data The objective of this audit is to evaluate general information technology controls related to university research data; this will include assessment of physical and logical security, and backup and recovery of research.
The Audit Plan allows time for investigations reported through the Internal Audit Division (IAD) or Office of the State Auditor (OSA) or other external sources.
Follow-Up Audits
IAD performs follow-up audits on all audit issues subsequent to the issuance of audit reports by our office or the OSA. As of March 2014, 39 issues reported in the prior year audit reports listed below are scheduled for follow-up:

  • Office of the State Auditor Information Technology (OSA IT) – Audit Letter Issued to the Vice Chancellor for Information Technology – Follow-up
  • University Network Firewall Protection Service Audit
  • Office of Information Technology – WolfTech Active Directory: Security and Operational Controls
  • Student Affairs – Information Technology (IT) General Controls
  • Martin County Cooperative Extension Service (CES) Travel Reimbursement Investigation
  • Audit of Compliance to Federal Financial Aid Requirements (Office of Management and Budget Circular A-133)
  • Office of Information Technology – Infrastructure, Systems, and Operations: Virtual Computing Services
  • Office of the State Auditor – Fiscal Year 2013 Single Audit Report – Student Financial Assistance and Research and Development Issues
University Information Technology Strategic Advisory Committee (ITSAC) and Subcommittees Director is a member of the ITSAC committee which focuses on ensuring that the University makes the best possible decisions in advancing the use of technology to meet its mission, vision and goals. The Assistant Director and staff consult on various ITSAC subcommittees to ensure adherence to University policies, rules and regulations and other requirements.
Cooperative Extension Service Team will provide training on University policies, best practices in business and financial activities/transactions, use of Internal Audit self-assessment tools (available on IAD website), and awareness of common issues. On-site reviews as necessary. Other ad hoc consulting as requested.
Sponsored Programs and Regulatory Compliance Services (SPARCS) – General IT Controls Assessment Internal Audit will assist SPARCS in evaluation of the general information technology controls related to the critical systems within SPARCS; this will include assessment of logical security controls over sensitive data and disaster recovery planning for critical systems.
Various Minor Consulting Activities Time is allowed on the Audit Plan for consulting activities less than 1 hour up to 3 days.
Special Assignments
The Audit Plan allows time for special assignments, including:

  • Continuous Risk Assessment Process
  • Continuous Quality Assurance and Improvement Program (Annual requirement of the Institute of Internal Auditors Professional Standards)