University of Kentucky, Lexington, Ky
Internal Audit: We provide reasonable assurance

Types of Services

Comprehensive Core Review

The core review utilizes the COSO and COBIT frameworks to provide reasonable assurance to UK's Board of Trustees and senior management that effective controls are in place at the administrative and/or departmental levels. The objective is to ensure compliance with applicable laws and regulations, integrity of financial reporting, the safeguarding of assets and operational efficiency and effectiveness. The audit scope is determined during the planning phase of the audit upon identification of the risks most likely to impede the attainment of UK's objectives. Appropriate and sufficient work in the core review area allows UKIA to trend data, assess business practices, and evaluate the internal control environment of the University.

Investigations

Investigations examine events that may have led to a monetary or physical loss to the University. The role of UKIA is to accurately document the event and determine whether a review of the condition is necessary. UKIA ensures that appropriate units within the University's Multidepartment Action Group (MAG) have knowledge of UKIA investigations to take suitable action. The MAG is comprised of: UKIA, HR, Legal, IT, and UK police.

Investigations develop from various routes including tips (comply line, calls to UKIA), auditor observations and UK Police reports.

Information Technology Review

Information Technology (IT) reviews utilize the COBIT framework to evaluate the quality of the controls and safeguards over the information technology resources at the University. The objective of an IT review is to ensure effectiveness and efficiency of University IT resources, adherence to UK policies and procedures, maintain data integrity and assurance of controls over computer applications and the computing environment. IT reviews serve as a standalone evaluation or a component of the Core, Compliance, or Investigation reviews.

Follow-Up Reviews

These reviews are conducted in accordance with the Annual Audit Work Plan. Follow-up reviews take place around 12 months after the initial audit, or are based on target dates. The purpose is to see if the findings and observations from the audit have been resolved.

Compliance Review

The compliance review evaluates departmental adherence to University regulations for University-wide processes such as cash handling, travel reimbursements and purchasing. The review has a limited focus and a quick turnaround time.  As a result, management response or resolution plan is not required at time of report issuance. UKIA will follow-up with appropriate department management in 30-60 days regarding actions taken to resolve review findings.

Assessment Review

The assessment review identifies and evaluates the potential risks and critical processes of a University unit with multiple departments. The review evaluates the unit's operations (including structure, regulations, governing agencies and objectives), finance (including revenue streams, contracts and expenditures) and information technology (including all software and hardware supporting operations). The identified risks and critical processes are prioritized in order to establish an appropriate audit cycle for the unit over several years.

Continuous Auditing Program

UKIA's continuous auditing program examines areas of high risk for non-compliance. UKIA's continuous auditing program also supports the detection of fraudulent activity at the individual employee level. UKIA's continuing auditing program involves testing university compliance with central office procedures. The audit determines adherence utilizing computer-aided auditing techniques to test business activity compliance related to University-wide processes such as payroll, benefits, cash, inventory, contracts, financial reporting and grants.

Consultations

UKIA's consultation services are compliance and performance improvement evaluations of existing or new departmental activities and processes. These services are requested by unit's management and are aimed at providing reasonable assurance that processes meet unit and University objectives.

Presentations/Seminars

UKIA offers workshops and seminars through UK's Human Resources Training and Development Program. These group presentations facilitate awareness, review policy, and coach attendees on the application of internal controls and departmental procedures that conform to University standards. Additional information and current course offerings can be obtained through HR's training website or by contacting UKIA directly.