Audit Plan

Fiscal Year 2017

Click here for a printable copy.

Audits
Title IX The objective of the audit is to assess the University’s compliance to the federal Office of Civil Rights Title IX requirements relating to sexual violence in the student population.
Clery Act The objective of the audit is to assess compliance with elements of the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (Clery Act) which requires istitutions of higher education to prepare and make accessible policy statements and statistics about specific crimes committed on campus.
Non-Salary Year End Transfer of Expenses The objective of the audit is to test non-salary year end transfer of expenses for allowability, allocability, and appropriateness.
Assessment of Colleges’ Research Support Structure The objective of the audit is to assess the research support structures at each of the University’s Colleges.  Particular focus will be given to the efficiency and effectiveness of customer support and ability to adapt to the growing and changing University research environment.
University Business Operations Division Travel Center Process Pilot The objective of the audit is to assess the travel center process currently being piloted by the University Business Operations Division for potential expansion campus-wide.  This will include testing of internal controls, appropriateness of assigned roles and accountability, comprehensive guidance and training, and review of proposed campus-wide rollout.
Information Technology Network Infrastructure Maintenance The objective of the audit is to assess the Office of Information Technology’s practices for maintaining the University’s network device infrastructure.
Security Applications and Technology (SAT) Services The objective of the audit is to assess the processes and related controls governing the system used by SAT in providing physical access controls for campus locations.
Fiscal Year 2016 Audits Carried Forward
The Audit Plan includes estimated time for audits that are still in process as of July 1, 2016.
Investigations
The Audit Plan includes estimated time for due dilligence and investigation of allegations reported through the Internal Audit Division Hot Line. the Office of the State Auditor Hot Line, or other internal and extrenal sources.
Follow-Up Audits
IAD performs follow-up audits on all audit issues subsequent to the issuance of audit reports by our office or the Office of the State Auditor. As of March 8, 2016, corrective actions for issues noted in the following audit reports will be followed up in fiscal year 2017:

  • College of Sciences – Mathematics Grant Funds Investigation
  • Controls over Purchase Cards (PCards)
  • Data Security Controls Related to Peripheral Devices
  • Division of Academic and Student Affairs – Information Technology General Controls
  • Non-Instructional Summer Salary Performance Audit – Effectiveness of Faculty Training
  • Office of the State Auditor Information Technology – Audit Letter Issued to the Vice Chancellor of Information Technology
  • Office of Information Technology – Infrastructure, Systems, and Operations: Virtual Computing Services
  • Office of Information Technology – WolfTech Active Directory: Security and Operational Controls
  • Office of the State Auditor Fiscal Year 2014/2015 Financial Statement Audit, Information Technology Controls Segment
  • University Network Firewall Protection Service Audit
Consulting
Athletics Summer Camps and Clinic – Financial Record Reporting As recommended in Athletic’s NCAA required, “Review of Certain Components of the Athletics Department’s Compliance Program,” Internal Audit will consult with the Compliance Program to analyze the completion and submission rate of financial record reporting forms required of the privately owned summer camps and clinics.
College of Sciences Audit of Department of Mathematics Grant Internal Auditor is consulting with College of Sciences in their internal review of Mathematics grant resulting from the College of Sciences – Mathematics Grant Funds Investigation (see Follow-Up Audits section above).
Office of Information Technology Security Roadmap Director and Information Technology Auditor are providing advisory and consulting services for Office of Information Technology Security and Compliance to assist in the development of the Security Roadmap.
Power America Institute Director and Information Technology Auditor are consulting with the Office of Research, Innovation and Economic Development and Power America Institute regarding govenance, business operations, compliance, and security.
Student Development, Health, and Wellness Risk Management Consultation Director and Operational Audit Manager are consulting with the Vice Provost of Student Development, Health and Wellness to evaluate strategic risk within the Department.
Various Minor Consulting Activities Time is allowed on the Audit Plan for consulting activities less than 1 hour and up to 3 days.
Special Assignments
Revise Information Technology (IT) Governance Steering Committee Director is on the steering team to redesign the Office of Information Technology University-wide IT governance structure.
University Information Technology Strategic Advisory (ITSAC) Committee and Security Subcommittees Director is a member of the ITSAC, the University-wide, top-level committee of non-Information Technology personnel whose intended focus is to ensure that the University makes the best possible decisions in advancing the use of technology to meet its mission, vision and goals.  Additional consulting activities are performed by the Information Technology Auditor who provides objective, independent input to several of the ITSAC subcommittees.
Various Minor Consulting Activities Time is allowed on the Audit Plan for consulting activities less than 1 hour and up to 3 days.