Internal Audit

The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.

Internal Auditors...

• Perform their work with honesty, diligence, and responsibility.
• Observe the law and make disclosures expected by the law and the profession of internal auditing.
• Will not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.
• Respect and contribute to the legitimate and ethical objectives of the organization.

Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments. 

Internal Auditors...

• Will not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.
• Will not accept anything that may impair or be presumed to impair their professional judgment.
• Will disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.

Internal Auditors...

• Will be prudent in the use and protection of information acquired in the course of their duties.
• Will not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

Internal auditors apply the knowledge, skills, and experience needed in the performance of internal auditing services.

Internal Auditors...

• Will engage only in those services for which they have the necessary knowledge, skills, and experience.
• Will perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing.
• Will continually improve their proficiency and the effectiveness and quality of their services.

Operational audits review the effectiveness and efficiency of operational units within the University.  Effectiveness measures how successfully an organization achieves its goals and objectives.  Efficiency measures how well an entity uses its resources to achieve its goals.

Compliance audits measure the University's compliance with specific established University, Federal, or State laws, regulations, and/or policies, such as Travel guidelines, HIPAA, FERPA, etc. 

Information technology (IT) audits are conducted to evaluate the quality of the controls and safeguards over the information technology resources and critical data of the University. These audits normally consist of reviewing the effective use of information technology resources, adherence to management's policies, and assessing the design and implementation of internal controls over computer applications and the computing environments in which they are used.

In addition to "traditional" IT audits, our office provides computer forensic services to the University, in response to computer security incidents, legal requests, and other business needs, using the most current forensic tools available.  

These audits are normally requested on an as-needed basis by management, or are requested by anonymous tips.  Investigative audits focus on things such as alleged irregular conduct, non-compliance with established policies or laws, misuse of University resources, false time reporting, internal theft, and/or conflicts of interest.

A financial audit is a review intended to serve as a basis for expressing an opinion regarding the fairness, consistency, and conformity to financial information with generally accepted accounting principles.  Financial audits can be full or limited in scope, depending on the objectives.

A full scope financial audit consists of a review of the financial statements of an entity of sufficient extent to express an opinion on those statements. Such an audit is conducted in accordance with generally accepted auditing standards as adopted by the AICPA. The North Carolina Office of the State Auditor normally performs the University's financial audit. External accounting firms perform the Foundation audits.

Financial audits that are limited in scope are normally performed by the Internal Audit Department. These audits can include a transaction cycle review of administrative systems such as purchasing, payroll, and payables or a special examination of the financial activities of a decentralized university department.

Other special projects may be performed by the Office of Internal Audit as delegated or requested by the UNC General Administration, North Carolina Office of State Auditor, ECSU Board of Trustees, the University Chancellor, or other University management.

**Whenever feasible, we apply an integrated audit approach in performing audit services.  This involves combining elements of financial, operational, compliance, and information technology audits into a single "holistic" audit. This approach is a cost saving measure that results in a broader coverage of assurance.