The following will answer some of the questions frequently asked about the audit process.
The director of internal auditing evaluates unit and university risks based on general and specific observations throughout the year.
We are interested in discussing your observations. You may call us at 404-413-1310 to discuss the situation or you may report your observations anonymously using the hotline link on our web page.
An audit is a routine process conducted periodically to confirm something, such as whether financial records are accurate. An investigation is a more rigorous process conducted once to prove or disprove something, such as whether an allegation is factual or why an adverse incident occurred.
During the process of determining whether something is factual or why something adverse occurred the investigator may observe internal control weaknesses or circumstances that contributed to an allegation or allowed an adverse incident to occur. Recommendations are then made to strengthen internal controls or suggest a methodology that might prevent any further allegations or adverse incidents.
An IT audit is the examination and evaluation of an organization’s information technology infrastructure, policies and operations. Information technology audits determine whether IT controls protect corporate assets, ensure data integrity and are aligned with the business’s overall goals. IT auditors examine not only physical security controls, but also overall business and financial controls that involve information technology systems.
Prior to our review, we may submit an initial request for information to the department. This request may include general department information, which aids us in gaining an understanding of the department, unit and function being reviewed. When we begin the fieldwork segment of our review, the department, unit or function will need to provide us with various details supporting the transactions we are testing.
Yes. The purpose of internal controls and procedures is to mitigate risk. Developing and designing management controls into operations early is the most cost-effective and efficient use of resources. Auditors do not wish to audit systems that are known to be dysfunctional. Their role is to provide guidance and recommendations, not to just report on the obvious or known problems but to strengthen the ability of units to meet their operational and administrative goals.
The director of internal auditing evaluates unit and university risks based on general and specific observations throughout the year.
We are interested in discussing your observations. You may call us at 404-413-1310 to discuss the situation, or you may report your observations anonymously utilizing the hotline link on our web page.
An audit is a routine process conducted periodically to confirm something, such as whether financial records are accurate. An investigation is a more rigorous process conducted once to prove or disprove something, such as whether an allegation is factual or why an adverse incident occurred.
During the process of determining whether something is factual or why something adverse occurred the investigator may observe internal control weaknesses or circumstances that contributed to an allegation or allowed an adverse incident to occur. Recommendations are then made to strengthen internal controls or suggest a methodology that might prevent any further allegations or adverse incidents.
An IT audit is the examination and evaluation of an organization’s information technology infrastructure, policies and operations. Information technology audits determine whether IT controls protect corporate assets, ensure data integrity and are aligned with the business’s overall goals. IT auditors examine not only physical security controls, but also overall business and financial controls that involve information technology systems.
Prior to our review, we may submit an initial request for information to the department. This request may include general department information, which aids us in gaining an understanding of the department, unit and function being reviewed. When we begin the fieldwork segment of our review, the department, unit or function will need to provide us with various details supporting the transactions we are testing.
Yes. The purpose of internal controls and procedures is to mitigate risk. Developing and designing management controls into operations early is the most cost-effective and efficient use of resources. Auditors do not wish to audit systems that are known to be dysfunctional; their role is to provide guidance and recommendations, not to just report on the obvious or known problems but to strengthen the ability of units to meet their operational and administrative goals.