Internal Audit schedules core reviews as part of its annual work plan, as approved by the Audit Subcommittee (UK Board of Trustees). Core reviews evaluate control procedures (departmental processes) through utilization of the COSO framework. COSO is considered a best practice for the implementation of the Sarbanes-Oxley Act of 2002. Internal Audit's objective is to provide reasonable assurance to Senior Management that University objectives are being met. Core Reviews are divided among the Campus and Medical Center.
Compliance Review
A Compliance review is a review of a department's compliance with applicable laws, regulations, policies and/or procedures. The auditor will test a statistically valid sample of data and/or transactions to verify compliance within a stated confidence interval.
Investigations
Internal Audit investigates improper activities that lead to a monetary or physical loss to the University. Internal Audit investigates a single event. The role of IA is to accurately document the event and determine if a review of the condition is necessary. Regardless of an event being reviewed, investigations are noted for trends. Continuous Auditing and Fraud are also part of the investigations services. These preventative measure services help to indicate fraud and trends.
Advisory Review
Advisory Reviews serve as advisory and consulting reports that have been requested by management or through the audit work plan. The scope for advisory reviews is determined prior to the start of the review.
Information Technology Review
Information technology audits are conducted as part of core, compliance, and advisory reviews and as separate IT reviews to evaluate the quality of the controls and safeguards over the information technology resources of the University. These audits normally consist of reviewing the effective use of information technology resources, adherence to management's policies, and to encourage the design and implementation of adequate controls over computer applications and the computing environments in which they are used.
Types of Services
Core Review
Internal Audit schedules core reviews as part of its annual work plan, as approved by the Audit Subcommittee (UK Board of Trustees). Core reviews evaluate control procedures (departmental processes) through utilization of the COSO framework. COSO is considered a best practice for the implementation of the Sarbanes-Oxley Act of 2002. Internal Audit's objective is to provide reasonable assurance to Senior Management that University objectives are being met. Core Reviews are divided among the Campus and Medical Center.
Compliance Review
A Compliance review is a review of a department's compliance with applicable laws, regulations, policies and/or procedures. The auditor will test a statistically valid sample of data and/or transactions to verify compliance within a stated confidence interval.
Investigations
Internal Audit investigates improper activities that lead to a monetary or physical loss to the University. Internal Audit investigates a single event. The role of IA is to accurately document the event and determine if a review of the condition is necessary. Regardless of an event being reviewed, investigations are noted for trends. Continuous Auditing and Fraud are also part of the investigations services. These preventative measure services help to indicate fraud and trends.
Advisory Review
Advisory Reviews serve as advisory and consulting reports that have been requested by management or through the audit work plan. The scope for advisory reviews is determined prior to the start of the review.
Information Technology Review
Information technology audits are conducted as part of core, compliance, and advisory reviews and as separate IT reviews to evaluate the quality of the controls and safeguards over the information technology resources of the University. These audits normally consist of reviewing the effective use of information technology resources, adherence to management's policies, and to encourage the design and implementation of adequate controls over computer applications and the computing environments in which they are used.