Audit Plan

Fiscal Year 2016

Audits
Compliance with Regulations Over Controlled Substances (Used Outside of University Pharmacies) The objective of this audit is to determine compliance to Federal, State, and University regulations regarding controlled substances used outside of pharmacies.
Controls Over Small Contracts The objective of this audit is to review the effectiveness of controls over small contracts (between $5000 and $35,000) and compliance with State and University requirements.
Grant Expenses at Award End The objective of this audit is to test financial expenditures at the end of federal grant awards to ensure they are allowable, allocable, and reasonable.  Compliance of the expenditures to applicable regulations and provisions of the award agreements will also be tested.
Gas Cylinder Inventory Tracking and Billing The objective of this audit is to test the accuracy and effectiveness of the gas cylinder inventory and billing process.
Security Applications and Technology (SAT) Services The objective of this audit is to assess the processes and related controls governing the system used by SAT in providing physical access controls for campus locations.
Academic Information Technology Disaster Recovery Planning The objective of this audit is to assess the strategic alignment between Information Technology disaster recovery planning and business continuity plans in Colleges and Departments.
University Information Technology Network Perimeter – Protection from External Threats The objective of this audit is to determine the effectiveness of security controls for protecting the University network from well-known external threats.  This audit will review security controls over gateway devices used to provide access from external sources to the University network excluding the wireless network.
Investigations
The Audit Plan allows time for investigations reported through the Internal Audit Division (IAD) hotline, the Office of the State Auditor (OSA) hotline, or other internal or external sources.
Follow-Up Audits
IAD performs follow-up audits on all audit issues subsequent to the issuance of audit reports by our office or the OSA. As of March 2015, corrective actions for issues noted in the following audit reports will be followed up in fiscal year 2016:

  • Audit of Controls Over the Usage of Restricted Gifts
  • Center for Marine Sciences and Technology 3rd Party Lodging Allegation
  • College of Agriculture and Life Sciences – 4-H Extension Horse Husbandry Misuse of Funds
  • College of Sciences – Mathematics Grant Funds Investigation
  • Controls over Purchase Cards (PCards)
  • Cooperative Extension Service – Poultry Extension Investigation
  • Data Security Controls Related to Peripheral Devices
  • Employee Time and Leave Management
  • Non-Instructional Summer Salary Performance Audit – Effectiveness of Faculty Training
  • Office of the State Auditor Information Technology – Audit Letter Issued to the Vice Chancellor of Information Technology
  • Office of Information Technology – Infrastructure, Systems, and Operations: Virtual Computing Services
  • Office of Information Technology – WolfTech Active Directory: Security and Operational Controls
  • Academic and Student Affairs – Information Technology General Controls
  • University Network Firewall Protection Service Audit
Consulting
Power America Institute Security and Compliance Program IAD will consult with Office of Information Technology Security and Compliance in the development of a security compliance program for the Power America Institute.
Student Development, Health, and Wellness Risk Management Consultation The IAD Director and the Audit Manager are consulting with the unit’s leadership to evaluate their risk profile and develop a risk management framework.
Athletics Summer Camps and Clinic – Financial Record Reporting As recommended in Athletic’s NCAA required, “Review of Certain Components of the Athletics Department’s Compliance Program,” IAD will consult with the Compliance Program to analyze the completion and submission rate of financial record reporting forms required of the privately owned summer camps and clinics.
University-wide Information Technology Risk Assessment IAD will work with the University Office of Information Technology Security and Compliance to ensure a comprehensive risk assessment of the University Information Technology environment with particular focus on risks related to sensitive data.
Various Minor Consulting Activities Time is allowed on the Audit Plan for consulting activities less than 1 hour and up to 3 days.
Special Assignments
The Audit Plan allows time for special assignments, including:

  • Continuous Risk Assessment Process
  • Continuous Quality Assurance and Improvement Program (Annual requirement of the Institute of Internal Auditors Professional Standards)