The mission of the Office of Internal Audit and Management Advisory Services is to provide independent, objective assurance and consulting services designed to add value and improve Elizabeth City State University's operations. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
(The Office of Internal Audit reports functionally to the Audit Committee of the ECSU Board of Trustees, and administratively to the Chancellor.)
The Office of Internal Audit and Management Advisory Services utilizes the following standards and guidelines:
- Institute of Internal Auditors (IIA)
- Association of Certified Fraud Examiners (ACFE)
- Information Systems Audit and Control Association ("ISACA).
The IIA Standards require that internal audit functions undergo an independent, quality assurance review every five years to ensure adherence to the Standards.
The IIA Core Principles consist of the following:
The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.
- Perform their work with honesty, diligence, and responsibility.
- Observe the law and make disclosures expected by the law and the profession of internal auditing.
- Will not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.
- Respect and contribute to the legitimate and ethical objectives of the organization.
Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.
- Will not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.
- Will not accept anything that may impair or be presumed to impair their professional judgment.
- Will disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.
Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
- Will be prudent in the use and protection of information acquired in the course of their duties.
- Will not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.
Internal auditors apply the knowledge, skills, and experience needed in the performance of internal auditing services.
- Will engage only in those services for which they have the necessary knowledge, skills, and experience.
- Will perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing.
- Will continually improve their proficiency and the effectiveness and quality of their services.
In order to meet the responsibilities and objectives as set forth in the Audit Charter, it is necessary for the Office of Internal Audit to perform reviews and audits of varying types and scopes depending on the circumstances and requests from management.
Each fiscal year an annual audit plan is developed and submitted to the Chancellor and Audit Committee for review and approval. The audit plan is based on a risk assessment methodology, as well as requests from management. Audit services can be requested by members of the university community through memos or e-mail.
The following types of audit services are provided by the Office of Internal Audit:
Operational audits review the effectiveness and efficiency of operational units within the University. Effectiveness measures how successfully an organization achieves its goals and objectives. Efficiency measures how well an entity uses its resources to achieve its goals.
Compliance audits measure the University's compliance with specific established University, Federal, or State laws, regulations, and/or policies, such as Travel guidelines, HIPAA, FERPA, etc.
Information technology (IT) audits are conducted to evaluate the quality of the controls and safeguards over the information technology resources and critical data of the University. These audits normally consist of reviewing the effective use of information technology resources, adherence to management's policies, and assessing the design and implementation of internal controls over computer applications and the computing environments in which they are used.
In addition to "traditional" IT audits, our office provides computer forensic services to the University, in response to computer security incidents, legal requests, and other business needs, using the most current forensic tools available.
These audits are normally requested on an as-needed basis by management, or are requested by anonymous tips. Investigative audits focus on things such as alleged irregular conduct, non-compliance with established policies or laws, misuse of University resources, false time reporting, internal theft, and/or conflicts of interest.
The Office of Internal Audit often provides routine consultation and advisory services to all levels of University management. Consultative engagements typically involve interpreting policies or reviewing specific processes and controls and offering an opinion on how internal controls might be strengthened. These are frequently undertaken when a significant process change is being planned.
We strongly encourage departments to contact us for consultation when starting a new business process or making significant changes to the way you conduct your day-to-day activities. We believe that it is easier to "get it right" from the beginning rather than having to "fix it" later!
A financial audit is a review intended to serve as a basis for expressing an opinion regarding the fairness, consistency, and conformity to financial information with generally accepted accounting principles. Financial audits can be full or limited in scope, depending on the objectives.
A full scope financial audit consists of a review of the financial statements of an entity of sufficient extent to express an opinion on those statements. Such an audit is conducted in accordance with generally accepted auditing standards as adopted by the AICPA. The North Carolina Office of the State Auditor normally performs the University's financial audit. External accounting firms perform the Foundation audits.
Financial audits that are limited in scope are normally performed by the Internal Audit Department. These audits can include a transaction cycle review of administrative systems such as purchasing, payroll, and payables or a special examination of the financial activities of a decentralized university department.
Other special projects may be performed by the Office of Internal Audit as delegated or requested by the UNC General Administration, North Carolina Office of State Auditor, ECSU Board of Trustees, the University Chancellor, or other University management.
**Whenever feasible, we apply an integrated audit approach in performing audit services. This involves combining elements of financial, operational, compliance, and information technology audits into a single "holistic" audit. This approach is a cost saving measure that results in a broader coverage of assurance.
The ECSU Board of Trustees Audit Committee assists the Board of Trustees in fulfilling its oversight of the university system of internal control, the audit process, compliance with laws and regulations, and accounting practices.
The Office of Internal Audit provides independent, objective assurance and consulting services designed to add value and improve the organization's operations. It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Please contact us any time that you…
- Have a question regarding internal controls, protection of University resources, or compliance with policies, rules, regulations, or law.
- Are considering implementing a new business process, or making a change to the way you do business, and would like us to consult with you regarding the appropriate internal controls that should be built into the process.
- Plan to engage an external entity for any audit, review, or consulting activity.
- Are notified by any outside agency of a pending audit or review of your department, business process, or program.
- Are aware of any instances of fraud, waste, or abuse of University resources, or you have any other concerns regarding issues which may be detrimental to the University, its constituents, or its reputation.