Audit Plan

Fiscal Year 2018

Click here for a printable copy.

Audits
College Program Enhancement Fee and Special Tuitions The objective of this audit is to ensure that expenditures against these funds are compliant with the approved purpose.
Cooperative Extension Services Financial Governance The objective of this audit is to assess financial controls and the effectiveness of governance over financial management practices.
Fraud Controls in the Accounts Payable Vendor Account Management Process The objective of this audit is to assess newly implemented internal controls intended to prevent fraud in vendor account management process.
Grant Expenses at Award End The objective of this audit is to test financial expenditures at the end of federal grant awards to ensure they are allowable, allocable, and reasonable.  Compliance of the expenditures to applicable regulations and provisions of the award agreements will also be assessed.
Internal Controls Over Salary Supplements The objective of this audit is to evaluate internal controls over the administration of supplemental salary payments to employees and campus-wide compliance to University requirements (REG 05.58.01 – Additional Compensation Paid through the University), Section 4.4 Salary Supplements.  Primary focus will be on salary supplements such as honor, interim, administrative, and temporary whether or not considered part of base salary.
Information Technology Audits
Academic Information Technology Disaster Recovery Planning The objective of this audit is to assess the strategic alignment between college and departmental information technology disaster recovery (DR) planning and their related business continuity plans (BCP).  Primary focus will be on academic and instructional DR and BCP.
Fiscal Year 2017 Engagements in Progress at July 1, 2017
The Audit Plan includes estimated time for engagements that we anticipate will still be in progress as of July 1, 2017:

  • College of Agriculture and Life Sciences – Foundations Internal Controls Review
  • Security Applications and Technology Services
  • Title IX
Investigations
The Audit Plan includes estimated time for analysis of allegations reported through the Internal Audit Division Hot Line, the Office of the State Auditor Hot Line, or other internal and external sources and subsequent investigation.
Prior Year’s Follow-Up Audits
The Internal Audit Division performs follow-up activities on all audit issues reported by our office or the Office of the State Auditor. As of March 8, 2017, corrective actions for issues noted in the following audit reports will be followed up in fiscal year 2018:

  • College of Agriculture and Life Sciences – Animal Science Department Investigation Follow-up
  • College of Agriculture and Life Sciences – Business Processes Follow-up
  • University Employee Time and Leave Management Follow-up
  • User Controls Over Ultra-Sensitive Data Follow-up
Consulting
Implementation of Accounts Payable Vendor Management System Internal Audit Division is consulting with the University Controller’s Office on their implementation of a vendor management system application.
National Institute of Standards and Technology (NIST) 800-171 Compliance Steering Team Internal Audit Division is providing advisory and consulting services to the Office of Research, Innovation and Economic Development, Office of Finance and Administration, Office of General Counsel, and Office of Information Technology as they develop a collaborative compliance process to assist the University in achieving its research goals while maintaining compliance with NIST 800-171 “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” and NIST 800-53 “Security and Privacy Controls for Federal Information Systems and Organizations”.  The goal is to raise awareness of research compliance, provide compliance educational opportunities, assess the impact of compliance, and create and provide quality resources that will optimize compliance activity.
PeopleSoft Module Implementation – Timekeeping and Absence Management Module Internal Audit is providing advisory and consulting services to Human Resources on their implementation of the PeopleSoft Timekeeping and Absence Management module to be implemented by July 2017.  The changes will automate 90% of the business processes that are currently completed manually for timekeeping for non-exempt personnel.
Power America – Government Accountability Office (GAO) Audit Director and Assistant Director are consulting with Power America and the Contracts and Grants Office regarding the Federal GAO review of selected Federal Department of Commerce grant activities.
Research Administration Systems Replacement – eRA (electronic Research Administration) Assistant Director is providing advisory and consulting services to the Office of Research, Innovation and Economic Development and the Office of Finance and Administration in their replacement of legacy systems used for electronic research administration activities (PINS, RADAR, COI, NOI, TEARS).
University Information Technology Strategic Advisory Committee (ITSAC) and Various Subcommittees Director is a member of the ITSAC, the University-wide, top-level committee of non-Information Technology personnel whose focus is to ensure that changes, new directions, and planning is done in a coordinated and collaborative fashion.  Additional consulting activities are performed by the Information Technology (IT) Auditor who provides objective, independent input to several of the ITSAC subcommittees such as Security, Enterprise Application Systems management, and the College IT Directors.
Various Minor Consulting Activities Time is allowed on the Audit Plan for consulting activities lasting less than 1 hour and up to 3 days.
Special Assignments
Office of Finance and Administration – University-wide Research Management Business Processes In Fiscal Year 2017, Internal Audit is collaborating with the Office of Finance and Administration in reviewing existing research management and research support structures across campus.  This includes identifying: 1) gaps in compliance; 2) best practices; 3) improvements to general business and central processes; 4) gaps in current available guidance documents; 5) efficiency and effectiveness of customer support structure; and, 6) ability to adapt to the growing and changing University research environment.  Review should span all applicable University entities involved in the area of research management.  In Fiscal year 2018, Internal Audit will be reporting on and presenting the results of this review to the Colleges, Central Offices, and other stakeholders.
Quality Assurance Review (QAR) Preparation A QAR is mandated by the Institute of Internal Auditors (IIA) Professional Standards and by the state of NC for all state internal audit units every five years.  The objective of a QAR is to determine whether an internal audit function/program is in compliance with the International Standards for the Professional Practice of Internal Auditing promulgated by the Institute of Internal Auditors, and to determine whether they are meeting management’s needs.
Quality Assurance Review (QAR) for Internal Audit A QAR is mandated by the Institute of Internal Auditors (IIA) Professional Standards and by the state of NC for all state internal audit units every five years.  The objective of a QAR is to determine whether an internal audit function/program is in general compliance with the International Standards for the Professional Practice of Internal Auditing promulgated by the Institute of Internal Auditors, and to determine whether they are meeting management’s needs.
University Compliance and Integrity Initiative Internal Audit is collaborating with the Office of General Counsel’s Compliance Manager to enhance University-wide compliance activities by increasing collaboration and expanding reporting opportunities for student, faculty, and staff ethical or compliance related concerns.