Audit Plan

Fiscal Year 2014

Operational Audits
Non-Instructional Summer Salary (Payments Against Contract and Grant Projects) The objective of this audit is to review non-instructional summer salary payments against contract and grant projects for Summer 2013. This is the second audit of summer salary. The first audit of summer salary was of the Summer 2011 payments and resulted in the implementation of a new process.
Controls Over Purchase Cards The objective of the audit is to review both the University-level and Departmental-level purchase card processes, internal controls, and compliance with College/University policy and funding source requirements.
Information Technology Audits
Security Governing External-facing Network Perimeter Entry Points The objective of this audit is to test the security governing external-facing entry points through the perimeter of the network. This is one in a series of audits related to security of the NCSU network infrastructure. Other audits in the series include:

  • University Network Firewall Protection Service Audit (FY12 Audit Plan; completed)
  • WolfTech Active Directory: Security and Operational Controls (FY13 Audit Plan; completed)
  • University Applications Web Interface Security Controls (FY14 Audit Plan, scheduled)
University Applications Web Interface Security Controls The objective of this audit is to determine whether the web interfaces of major University applications that provide access to sensitive data are adequately protected from well-known external threats. This is one in a series of audits related to security of the NCSU network infrastructure. Other audits in the series include:

  • University Network Firewall Protection Service Audit (FY12 Audit Plan; completed)
  • WolfTech Active Directory: Security and Operational Controls (FY13 Audit Plan; completed)
  • Security Governing External-facing Network Perimeter Entry Points (FY14 Audit Plan; scheduled)
Investigative Audits
The Audit Plan allows time for investigations reported through the Internal Audit Division (IAD) or Office of the State Auditor (OSA) or other external sources.
Follow-Up Audits
IAD performs follow-up audits on all audit issues subsequent to the issuance of audit reports by our office or the OSA. As of March 2013, 77 issues reported in the prior year audit reports listed below are scheduled for follow-up:

  • Department of Electrical and Computer Engineering (ECE) – Faculty Performance Review Audit
  • Department of ECE – Contracts and Grants Audit
  • Department of ECE – Special Review of Internal Allegations of Misuse of State Property/Assets
  • Cooperative Extension Service (CES) – Warren County
  • The Future Renewable Electric Energy Delivery and Management Systems Center
  • Chemistry Electronic Instrumentation Shop Investigation
  • College of Agriculture and Life Sciences Distance Education Investigation
  • Horticultural Department – Misuse of State Assets Investigation
  • Audit of Compliance to Federal Financial Aid Requirements (Office of Management and Budget Circular A-133)
  • Student Affairs – Information Technology (IT) General Controls
  • University Network Firewall Protection Service
  • Follow-up to OSA Audit Letter Issued to the Vice Chancellor for Information Technology
  • Office of Information Technology – WolfTech Active Directory: Security and Operational Controls
Consulting
Southern Association of Colleges and Schools (SACS) Team is supporting activities of the University’s reaffirmation of SACS accreditation in 2014; includes drafting and review of reports that demonstrate NCSU’s compliance with SACS Principles of Accreditation.
Cooperative Extension Service Team is providing training on University policies, best practices in business and financial activities/transactions, use of Internal Audit self-assessment tools (available on IAD website), and awareness of common issues. On-site reviews as necessary. Other ad hoc consulting as requested.
University of North Carolina (UNC) Finance Improvement and Transformation (FIT) Team Director is on UNC FIT Internal Audit Advisory Team. Internal Audit will participate in FIT monitoring visits on campus and follow-up on any issues reported as needed.
University Information Technology Strategic Advisory Committee (ITSAC) and Subcommittees Director is a member of the ITSAC committee which focuses on ensuring that the University makes the best possible decisions in advancing the use of technology to meet its mission, vision and goals. The Information Technology Audit Manager and other audit staff consult on various ITSAC subcommittees to ensure adherence to University policies, rules and regulations and other requirements.
Internal Control Assessment Committee Team is participating in committee which assesses internal controls across the University to support the University’s annual certification to the Office of the State Controller.
Business Operations Centers (BOC) Implementation Team is consulting on BOC implementation.
Special Assignments and Administration
The Audit Plan allows time for special assignments, including:

  • Continuous Risk Assessment Process
  • Continuous Quality Assurance and Improvement Program (Institute of Internal Auditors requirement)
  • Continuous TeamMate Audit Management Software Enhancements & Optimization
  • Administrative activities such as staff development and appraisal; reporting to executive management, BOT, and external stakeholders; training; staff meetings; and other management activities