Types of Audits and Advisory Services

AMAS conducts several different types of internal audits. While certain audits focus on only one of the categories described below, many incorporate elements of several categories. From financial security to IT security assessments, each type contributes to the holistic management of risks and opportunities.

  • Operational Audits: Provide assessments of processes, systems, workflows, and policies to determine the adequacy of internal controls and achievement of objectives.
  • Financial Audits: Provide assessments of internal controls over financial and budgetary reporting and focus on controls over recording of revenue and expenditures.
  • Compliance Audits: Help determine the degree to which university organizations are in compliance with applicable federal, state, and local regulations. A compliance audit typically includes determining whether current university policies, procedures, and training programs are effective in supporting compliance with regulations.
  • Information Technology (IT) Audits: Provide assessments of the university’s various information technology support services, with a focus on controls over data security, change control, applications, system/infrastructure security, cloud-based systems, information privacy etc. as they relate to the university’s administrative, academic and research applications and data management. Compliance with IT related laws and regulations is also considered within the scope of an IT audit engagement. IT audits may be conducted by AMAS or co-sourced with an external firm.
  • Departmental or Unit Level Reviews: Ensure that adequate internal controls exist pertaining to administrative activities and their use of university resources and compliance with university policies and external regulations.
  • Management Advisory Services: In addition to the audit and risk management services AMAS provides, we are often asked by management to provide our opinions concerning the efficiency and/or effectiveness of various activities or sufficiency of internal controls associated with a new or revised business process. We also provide guidance pertaining to other various administrative and compliance matters.
  • Assistance with Enterprise Risk Management: AMAS helps support the University’s enterprise risk management program and governance activities. We are also available to facilitate the development of school or division based risk registers in accordance with the risk assessment model adopted by the University. Risk registers are helpful in documenting and ranking certain risks that can affect the achievement of a school or division’s operating and strategic objectives and to help identify where mitigation strategies are required to effectively address them.