UKIA performs several different kinds of audits to assist the University in achieving its fiduciary goals. In addition, UKIA offers consulting services and training for UK units which help to ensure that programs both new and old operate as efficiently and effectively as possible. A list of all UKIA services appears below.
Core reviews utilize the COSO and CoBIT frameworks to provide reasonable assurance to UK's Board of Trustees and senior management that effective controls are in place at the administrative and/or departmental levels. The objective is to ensure compliance with applicable laws and regulations, the integrity of financial reporting, the safeguarding of assets and operational efficiency and effectiveness. The audit scope is determined during the planning phase of the audit upon identification of the risks most likely to impede the attainment of UK's objectives. Appropriate and sufficient work in the core review area allows UKIA to trend data, assess business practices, and evaluate the internal control environment of the University.
Investigations examine events that may have led to a monetary or physical loss to the University. Investigations develop from various routes including tips (comply line, calls to UKIA), auditor observations and UK Police reports. The role of UKIA is to accurately document the event and determine whether a review of the condition is necessary. UKIA ensures that appropriate units within the University's Multidepartment Action Group (MAG), which is comprised of UKIA, Human Resources, Legal, Information Technology (IT), and UK police, have knowledge of UKIA investigations so they can take suitable action.
Information Technology Reviews
Information Technology (IT) reviews utilize the CoBIT framework to evaluate the quality of the controls and safeguards over the information technology resources at the University. The objective of an IT review is to ensure the effectiveness and efficiency of University IT resources, data integrity is maintained, adherence to UK policies and procedures, and proper controls are in place to protect computer applications and the computing environment. IT reviews can serve as a standalone evaluation or a component of the Core, Compliance, or Investigation reviews.
Follow-up reviews are conducted in accordance with the Annual Audit Work Plan. Follow-up reviews take place approximately 12 months after the initial audit, or are based on target dates. The purpose is to see if the findings and observations from the audit have been resolved.
Compliance reviews evaluate departmental adherence to University regulations for University-wide processes such as cash handling, travel reimbursements and purchasing. The review has a limited focus and a quick turnaround time. As a result, management response or a resolution plan is not required at time of report issuance. UKIA will follow up with appropriate department management 30-60 days following a Compliance Review to document actions taken to resolve review findings.
Assessment reviews identify and evaluate the potential risks and critical processes of a University unit with multiple departments. The review evaluates the unit's operations (including structure, regulations, governing agencies and objectives), finance (including revenue streams, contracts and expenditures) and information technology (including all software and hardware supporting operations). The identified risks and critical processes are prioritized in order to establish an appropriate audit cycle for the unit over several years.
Continuous Auditing Programs
UKIA's continuous auditing program examines areas of high risk for non-compliance. UKIA's continuous auditing program also supports the detection of fraudulent activity at the individual employee level. UKIA's continuous auditing program involves testing University compliance with central office procedures. The audit determines adherence utilizing computer-aided auditing techniques to test business activity compliance related to University-wide processes such as payroll, benefits, cash, inventory, contracts, financial reporting and grants.
UKIA's consultation services are compliance and performance improvement evaluations of existing or new departmental activities and processes. These services are available upon request to any unit's management and are aimed at providing reasonable assurance that processes meet unit and University objectives.
UKIA offers workshops and seminars through UK's Human Resources Training and Development Program. These group presentations facilitate awareness, review policy, and coach attendees on the application of internal controls and departmental procedures that conform to University standards. Additional information and current course offerings can be found on the Training & Events page of the UKIA website or by contacting UKIA directly.