UKIA performs several different kinds of audits to assist the University in achieving its fiduciary goals. In addition, we offer consulting services and training for UK units which help to ensure that programs both new and old operate as efficiently and effectively as possible. A list of all of our services appears below.
Core reviews utilize the Committee of Sponsoring Organizations (COSO) and Control Objectives for Information and Related Technologies (CoBIT) frameworks to provide reasonable assurance to UK’s Board of Trustees and senior management that effective controls are in place at the administrative and/or departmental levels. The objective is to ensure compliance with applicable laws and regulations, the integrity of financial reporting, the safeguarding of assets and operational efficiency and effectiveness. The audit scope is determined during the planning phase of the audit upon identification of the risks most likely to impede the attainment of UK’s objectives. Appropriate and sufficient work in the core review area allows us to trend data, assess business practices, and evaluate the internal control environment of the University.
Investigations examine events that may have led to a monetary or physical loss to the University. Investigations develop from various routes including tips (comply line, calls to UKIA), auditor observations and UK Police reports. Our role is to accurately document the event and determine whether a review of the condition is necessary. We ensure that appropriate units within the University’s Multidepartment Action Group (MAG), which is comprised of UKIA, Human Resources, Legal, Information Technology (IT), and UK police, have knowledge of our investigations so they can take suitable action.
Information Technology Reviews
Information Technology (IT) reviews utilize the CoBIT framework to evaluate the quality of the controls and safeguards over the information technology resources at the University. The objective of an IT review is to ensure the effectiveness and efficiency of University IT resources, data integrity is maintained, adherence to UK policies and procedures, and proper controls are in place to protect computer applications and the computing environment. IT reviews can serve as a standalone evaluation or a component of the Core, Compliance, or Investigation reviews.
Follow-up reviews are conducted in accordance with the Annual Audit Work Plan. Follow-up reviews take place approximately 12 months after the initial audit, or are based on target dates. The purpose is to see if the findings and observations from the audit have been resolved.
Data mining is used to compare and analyze large and complex data sets to determine exceptions or detect anomales based on certain criteria.
Assessment reviews identify and evaluate the potential risks and critical processes of a University unit with multiple departments. The review evaluates the unit’s operations (including structure, regulations, governing agencies and objectives), finance (including revenue streams, contracts and expenditures) and information technology (including all software and hardware supporting operations). The identified risks and critical processes are prioritized in order to establish an appropriate audit cycle for the unit over several years.
Repetitive Auditing Programs
Our repetitive auditing programs examine areas of high risk for non-compliance. They involve testing University compliance with central office procedures and support the detection of fraudulent activity at the individual employee level. Adherence is determined utilizing computer-aided auditing techniques to test business activity compliance related to University-wide processes such as payroll, benefits, cash, inventory, contracts, financial reporting and grants.
Our consultation services are compliance and performance improvement evaluations of existing or new departmental activities and processes. These services are available upon request to any unit's management and are aimed at providing reasonable assurance that processes meet unit and University objectives.
We offer workshops and seminars through UK’s Human Resources Training and Development Program. These group presentations facilitate awareness, review policy, and coach attendees on the application of internal controls and departmental procedures that conform to University standards. Additional information and current course offerings can be found on the Training & Special Events page, https://www.uky.edu/internalaudit/training-special-events, of the UKIA website or by contacting UKIA directly.