Fiscal Year 2013
| Internal Control Testing and/or Review Audits | |
| Audit of Controls Over the Usage of Restricted Gifts | The objective of this audit is to evaluate the adequacy and effectiveness of controls over foundation accounts. A random sample of unit accounts that had restricted gift expenditures in Fiscal Year 2012 will be tested to determine if: • Purchases follow restrictions set by the donor • Expenditures are made prudently with the intent of the donor and best business practices in mind • Purchases are made using university purchasing and travel guidelines via university systems, where applicable • Awards paid to employees from foundation Projects are taxed, reported to payroll, and in employee’s W-2 • Purchases of assets are titled in the name of the Foundation rather than the University |
| Financial Audits | |
| Audit of the 2011 Financial Profile and Indicators Report | The objective of this audit is to verify the accuracy of the University’s Southern Association of Colleges and Schools (SACS) 2011 Financial Profile and Indicators Report submitted to the Integrated Postsecondary Education Data System (IPEDS) at the end of Fiscal Year 2011. |
| Compliance Audits | |
| Non-Instructional Summer Salary Audit (Payments Against Contract and Grant Projects) | The objective of this audit is to follow-up on the Fiscal Year 2012 issues reported in the Non-Instructional Summer Salary (Payments Against Contract and Grant Projects) Audit. This will include but not be limited to: • Review of the new regulation and standard operating procedures for comprehensiveness • Analysis of the effectiveness of the new process • Evaluation of compliance to Federal, University, and grant sponsor requirements |
| Procurement of Construction and Design Services | The objective of this audit is to assess the University’s process for construction and design services contracts/agreements to ensure compliance with State statutes and University requirements. |
| Information System Control Audits | |
| Office of Information Technology – Infrastructure, Systems, and Operations: Virtual Computing Services | The objective of this audit is to evaluate the Office of Information Technology (OIT) Virtual Computing Services (VCS) environment to ensure appropriate implementation of management, process, and technical controls including: • Robust infrastructure design and implementation to facilitate scalability, reliability, and availability • Adequate configuration management • Adequate security controls • Appropriate separation of duties |
| Office of Information Technology – WolfTech Active Directory: Security and Operational Controls | The objective of this audit is to verify adequate security and effective operational controls for the WolfTech Active Directory service. WolfTech is the official University information technology directory service used for central administration and security of Microsoft-based personal computers and servers deployed across the University. |
| Follow-up Audits | |
| The Audit Plan allows time for planned follow-up activities on prior year’s audit report issues. | |
| Consulting | |
| Southern Association of Colleges and Schools (SACS) | Director co-chairing the Resources and Control Compliance Team in support of the University’s next reaffirmation of SACS accreditation in 2014. Includes drafting reports that will demonstrate NC State’s compliance with SACS’ Principles of Accreditation, review of reports drafted by others to ensure consistency, and submission to the SACS Leadership Team prior to submission to SACS in September 2013. |
| University Business Operations Realignment Steering Team | Director consultation to the BORST as they work to review, assess, and make recommendations for realignment of the University’s business operations. |
| Cooperative Extension Service | Training on University policies, best practices in business and financial activities/transactions, use of new IA self-assessment tools on IA website, and awareness of common issues. On-site reviews as necessary. Ad hoc consulting at District Meetings. |
| UNC Finance Improvement and Transformation (FIT) Team | Director is on FIT Internal Audit Advisory Team and will also participate in GA monitoring visits and follow-up on any issues reported as needed. |
| Identity and Access Management (IAM) | Participation on Office of Information Technology strategic IAM initiative; consulting on IAM standards and best practices. |
| University Information Technology Strategic Advisory Committee | Participation in advisory committee’s meetings including security subcommittee and college Academic IT Directors meetings; consulting on University PRR’s, IT standards, and best practices. |
| Internal Control Assessment Committee | Director is a member of this committee which assesses internal controls across the University to support the University’s annual certification to the Office of the State Controller. |
| University Record Retention | Participation on University Record Retention guidance development team. |
| University Enterprise Risk Management | Director is member of University Enterprise Risk Management Advisory Task Force. |
| Administrative Systems Steering and Management Teams | Consulting on information technology standards, best practices, and PRRs; consulting on upgrades to Financials System and Human Resources Information System. |
| Special Investigations (i.e., Misuse or Misappropriation of Assets) | |
| The Audit Plan allows time for unexpected investigations. | |
| Special Assignments | |
| The Audit Plan allows time for special assignments. | |