The Office of Internal Audit is an independent, objective assurance and consulting activity desigened to add value and improve Wayne State University's operations. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
These services may be performed in conjunction with one of the service areas described below:
Assurance Services
What is an audit?
Compliance with policies and procedures Financial statements are fairly presented Operations are effective and efficient Goals and objectives are being achieved
Audits may be performed by internal or external auditors. They may be performed annually, periodically, or within designated timeframes prescribed by regulatory requirements, or other deadlines imposed by management.
Annually Required Engagements
An audit or review performed each year in compliance with regulatory requirements or Board of Governor mandates. In certain instances to achieve efficiencies, these audits may be performed biannually. When this occurs both annual periods are examined individually. These engagements are generally performed at these intervals in response to a specific management request or based upon heightened risk considering the nature of the activities.
Planned Full Scope and EDP
A planned engagement represents an engagement included in the Operating Audit Plan for the current calendar year. A planned engagement will generally be categorized as one or more of the following types of audits:
Full Scope:
Operational Audit "" a review for economic, efficiency, effectiveness, or other operational objectives. Financial Audit "" the analysis of the economic activity (i.e., financial transactions) as measured and reported by accounting methods. Compliance Audit "" the review of both financial and operating controls to evaluate compliance with established standards, policies, procedures, laws, regulations, or contracts. IT Audit"" a review of information technology (IT) systems and data, or assessment of IT-related functions/controls and responsibilities within the university's systems and technology platform. While each of the above engagement types has distinct goals and objectives, many audits include aspects of each of these areas to provide thorough coverage of the unit under review
Audit Frequency Annually Periodically (i.e., every 2-3, 3-4, or 5-7 years based on risk level) Limited Scope:
Post Audit Follow-up "" performed to identify and evaluate management actions implemented in response to a prior audit. This is not a full scope audit. The Post Audit Follow-Up commences with a series of meetings with management and departmental personnel to discuss actions taken to address each audit recommendation included in the original Report. Management's actions are then evaluated to determine the status of each recommendation and to assess the adequacy of each management action implemented. The status of each recommendation is assessed as implemented, partially implemented or not implemented. Further, management responses are required for audit recommendations deemed to be partially or not implemented. Audit Frequency "" 6 months "" 1 year following original audit Self Audits "" a review of low-risk units using the self audit checklist to verify the existence of internal controls and determine if further review is warranted. Typically includes areas like the Dean's Office. This review enables units to perform a self-assessment that will identify areas of audit risk by validating the presence or lack of internal controls. It also enables the unit to examine certain best practices. The information provided on the completed checklists is reviewed and assessed by Internal Audit to determine if the need to perform additional, more comprehensive audits or review procedures is warranted. Audit Frequency "" every 4 "" 6 years Special & Management Requests "" Specifically requested by university management or the Audit Subcommittee Frequently investigatory in nature May involve possible fraud identified by management Scope is designed to address the specific request Specific Procedures Review Report Audit Frequency "" upon request
Consulting Services
Consulting services frequently involve participation on special projects generally related to university process improvement initiatives. Internal Audit participates on these projects in various consultative roles involving the review of internal controls and operational efficiency and effectiveness of the proposed process. Our auditors frequently provide a global perspective to the project teams while simultaneously learning the new process and helping to build in quality control proactively in the developmental stages rather than requesting revisions upon implementation. The scope of these projects varies with each initiative. Participation in these projects helps Internal Audit to directly accomplish its mission of providing an objective consulting activity that is designed to add value and improve the University's operations.
System Development Participation Banner Projects Academic and enterprise systems University Task Forces Travel Management Program APPM Review Millenium Wayne Policy Issue Team One Card Procurement Card Banner Assistance Troubleshoot inquiries Business Advisory Recreation & Fitness Center Business Process Reviews Accounting Matters External Audit Liaison Monitor and Coordinate External Audits (i.e., PWC, federal regulators, etc "" see Registration Form for External Auditors) Provide Assistance to External Auditors Provide Assistance to department auditees
Assist with and coordinate responding to external audit report findings and recommendations