Audits

Sometimes people feel nervous when they learn their department is going to be audited, but there’s nothing to worry about. Just remember, we’re here to help you give your department a tune-up so you and your team can do your very best work for the university.

Auditing Process

Internal auditing […] helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

- from IIA's definition of Internal Auditing

The most important member of the audit team is you, the client. Your input is essential to a successful engagement. Our objective is to have you involved at every stage of the process, so you understand what we are doing and why. Most audits consist of four stages:

At the beginning of this phase, we will hold a welcome meeting and conduct an Engagement Risk Assessment. We’ll explain our risk‐based approach, gather information about risks and controls, and determine the objectives for fieldwork. When planning our review, we welcome input from management on areas they would like to include.

During the Fieldwork phase, the actual work of the audit is performed through the testing of controls. This phase typically includes:

determining whether controls are operating efficiently and effectively.
assessing accuracy of financial reporting.
verifying that policies and procedures are available, up to date, and address risks adequately.
reviewing compliance with applicable laws, regulations, and policies.

Test results will be discussed with you and your management team during the fieldwork phase, and again at the engagement’s conclusion.

Draft Report — During a closing meeting, we will review the draft report with you and make any appropriate revisions.

Final Report — Management’s action plans, including responsible parties and a timeline for completion, are added to the report. The final report is distributed to management, appropriate university leadership, and the Board of Trustees.

Follow-up is the final phase of the auditing process. We will continue to check in with you periodically until the action plans developed in stage three are completed. Our team remains available to answer questions and assist you in reaching these goals. We maintain a tracking report to record open audit recommendations. This report is shared with the Audit, Compliance and Risk Committee of the Board of Trustees.

Audit Plans

Each year we perform a university-wide risk assessment which serves as the foundation for the development of an audit plan that addresses high risk areas. The audit process assists the university in strengthening its internal control structure and provides assurance that resources are used efficiently and effectively in keeping with mandated requirements and the university's mission, goals, and objectives. As new risks emerge throughout the year, our audit plan changes accordingly.

Academics/Student Support

ADA Compliance
Financial Aid Abatements & Withdrawl Refunds

Financial

HEERF Fund Expenditures

Information Technology

Strategic Planning
Managed Human Resources
Cybersecurity (Secure Configurations of Assets)
Cybersecurity (Remote Access is Managed)
Cybersecurity (Protections Against Data Leaks)
Managed Service Agreements
Suppliers and Third Party Risks

Operational

Classification and Compensation
College Business Operations - School of Law
Transporation Services - Columbia
University Policies and Procedures
USC Beaufort Business Operations
P-card monitoring (advisory)

Research

Grant Accounting

Safety & Security

Mental Health - Comprehensive Universities
Student Event Risk Mitigation
Title IX Operations
Campus Safety Training - Columbia

Strategic

Artificial Intelligence (advisory)

Reviews Required by Policy or Charter

Board Office and President's Expenses
Follow-up Reviews for Outstanding Audit Issues
IT Investment Analysis
Management Advisory Reviews
Special Investigations/Internal Control Reviews