Integrity * Objectivity * Confidentiality * Competence
In order to meet the responsibilities and objectives as set forth in the Audit Charter, it is necessary for the Office of Internal Audit to perform reviews and audits of varying types and scopes depending on the circumstances and requests from management.
Each fiscal year an annual audit plan is developed and submitted to the Chancellor and Audit Committee for review and approval. The audit plan is based on a risk assessment methodology, as well as requests from management. Audit services can be requested by members of the university community through memos or e-mail.
Check out our most recent annual report, outlining the year's activities.
The following types of audit services are provided by the Office of Internal Audit.
Operational audits review the effectiveness and efficiency of operational units within the University. Effectiveness measures how successfully an organization achieves its goals and objectives. Efficiency measures how well an entity uses its resources to achieve its goals.
Compliance audits measure the University's compliance with specific established University, Federal, or State laws, regulations, and/or policies, such as Travel guidelines, HIPAA, FERPA, etc. An institution of the size and breadth of East Carolina has many requirements with which we must comply.
Click here for a list of some of the most relevant compliance requirements at the University.
Information Technology Audits
Information technology (IT) audits are conducted to evaluate the quality of the controls and safeguards over the information technology resources and critical data of the University. These audits normally consist of reviewing the effective use of information technology resources, adherence to management's policies, and assessing the design and implementation of internal controls over computer applications and the computing environments in which they are used.
In addition to "traditional" IT audits, our office provides computer forensic services to the University, in response to computer security incidents, legal requests, and other business needs, using the most current forensic tools available.
These audits are normally requested on an as-needed basis by management, or are requested by anonymous tips. Investigative audits focus on things such as alleged irregular conduct, non-compliance with established policies or laws, misuse of University resources, false time reporting, internal theft, and/or conflicts of interest.
The Office of Internal Audit often provides routine consultation and advisory services to all levels of University management. Consultative engagements typically involve interpreting policies or reviewing specific processes and controls and offering an opinion on how internal controls might be strengthened. These are frequently undertaken when a significant process change is being planned. We strongly encourage departments to contact us for consultation when starting a new business process or making significant changes to the way you conduct your day-to-day activities. We believe that it is easier to "get it right" from the beginning rather than having to "fix it" later!
As part of our advisory/consulting role, the Office of Internal Audit is also represented on a number of management and project committees and workgroups at the University. Some of the groups with which the office participates are:
- Technology Steering Committee
- HIPAA Steering Committee
- HIPAA Security Workgroup
- Brody School of Medicine Risk Management and Compliance Committee
- Identity Theft Protection Committee
- Enterprise Risk Management Committee
- University Policy Committee
- ECU Physicians HealthSpan Oversight Committee
- Educational Support Services Working Group
- Business Process Review Oversight Group
- Computer Incident Response Team
- Fixed Assets Working Group
A financial audit is a review intended to serve as a basis for expressing an opinion regarding the fairness, consistency, and conformity to financial information with generally accepted accounting principles. Financial audits can be full or limited in scope, depending on the objectives.
A full scope financial audit consists of a review of the financial statements of an entity of sufficient extent to express an opinion on those statements. Such an audit is conducted in accordance with generally accepted auditing standards as adopted by the AICPA. The North Carolina Office of the State Auditor normally performs the University's financial audit. External accounting firms perform the Foundation audits.
Financial audits that are limited in scope are normally performed by the Internal Audit Department. These audits can include a transaction cycle review of administrative systems such as purchasing, payroll, and payables or a special examination of the financial activities of a decentralized university department.
Assistance to Office of the State Auditor
The Office of Internal Audit provides assistance to the North Carolina Office of the State Auditor (OSA) upon request. These duties may involve the following:
- Assessments of Internal Controls
- Petty Cash Counts and Bank Certifications
- Identifying ECU Related Corporations
- Reviewing Inventories of critical University assets
- Assisting with OSA Investigative audits
Other special projects may be performed by the Office of Internal Audit as delegated by the UNC General Administration, ECU Board of Trustees, the University Chancellor, or other University management.
**Whenever feasible, we apply an integrated audit approach in performing audit services. This involves combining elements of financial, operational, compliance, and information technology audits into a single "holistic" audit. This approach is a cost saving measure that results in a broader coverage of assurance.