The Chief Audit Executive is empowered to conduct assurance services, special audit projects, reviews, or investigations at the request of the Board, ACR Committee, President, University Counsel, EVP Provost, EVP Chief Operating Officer, EVP Health Affairs, or their designee, to assist management in meeting its objectives, promoting economy and efficiency in the administration of, or preventing and detecting fraud and abuse in its programs and operations. The Office of Audit and Compliance may also provide consulting services, beyond assurance services, to assist management in meeting its objectives. Examples may include facilitation, process design, training, and advisory services.
Provide consulting and advisory services as requested by the Board of Visitors, president, provost, deans, and vice presidents of the university. Such services should improve the university’s governance, risk management, and control processes.
Determine compliance with policies, procedures, laws and regulations established by the university, the Commonwealth, the Federal Government and applicable external organizations.
Audit internal control systems and financial transactions of the university, including capital projects.
Provide an evaluation of operational efficiency and effectiveness in accordance with the goals and policies established by the university, Commonwealth, and the Federal Government.
Evaluate allegations of fraudulent business practices and/or misconduct involving financial or operational matters to determine if allegations are substantiated and to prevent future occurrences.
Follow-up engagements evaluate plans and actions taken to correct previously reported conditions because of completed audits and investigations.
Information Technology Audits
Evaluate information systems and the underlying infrastructure to ensure the accuracy of their processing, the security and confidentiality of personally identifiable information or intellectual property. They will typically include the assessment of general IT controls related logical access, change management, system operations, and backup and recovery.
Throughout the year, the Audit department may be engaged in miscellaneous special projects to gather information, perform unscheduled audits or reviews, or to address internal control related issues.