What’s in an Audit Plan?

Internal Audit uses an audit risk analysis methodology that encompasses all major University operations. The risk analysis methodology is based on objective and subjective criteria, combined with input from University management. This methodology allows us to identify and prioritize systems and operations for audit review.

In addition to our annual commitments, we perform the following types of services for the University:


Computer-Assisted Audit Techniques

Utilize computer resources to analyze the University’s electronic data and other computer-related systems in an effort to find anomalies, errors, and potential areas for extended review.

Contract Compliance Audits

Ascertain the University’s compliance with externally imposed restrictions, or compliance by external parties with restrictions imposed by the University.

Construction Cost Audits

Assist management in determining whether the costs reported by the General Contractor represent actual costs incurred in accordance with the terms and conditions of the construction contract. Also, provide an advisory function for financial aspects of the project.

Departmental Surveys

Assess the adequacy and effectiveness of the accounting and administrative controls by obtaining an understanding of the financial, organizational, regulatory, and information technology activities of the department.

Financial Statement Audits

Determine the fairness of presentation of financial data for the annual financial statement audit, including of the WBUR Group.

Follow-Up Reviews

A post-audit follow-up to assess the progress of the department in implementing changes or strengthening controls, and to further lend our services in meeting their goals and making additional recommendations.

Information Technology Audits

Includes participation in systems development projects and committees, pre- and post-implementation reviews for application systems, operational integrity reviews, systems evaluations, consultation, and programming across the University’s information systems environment.

Integrated Audits

A combined effort of the financial/operational auditors and the information technology auditors to assess the adequacy and effectiveness of internal controls and the efficiency of the information technology being utilized.

Management and Special Requests

Perform various reviews at the specific request of management, including management audits, fraud reviews, and other special services as needed.

Operational Audits

Determine whether internal controls are adequate and functioning as intended, and whether global operational concerns are performed in an efficient and cost-effective manner.

Service Center Reviews

Ascertain compliance with OMB Circular A-21 and University policy. Ensure that rates charged by service centers do not discriminate between federal sponsors and other users, and that rates are properly established.