Internal compliance audits are performed by the audit staff in the University Compliance Office, under the direction of the Director of Compliance Audit. These audits are internal assessments and evaluations of the university’s compliance with external regulations and with university policies and activities related to compliance with external regulations. Recommendations are made to improve any compliance issues or related policy and procedure weaknesses identified. Follow-up reviews are performed on recommendations made to help ensure implementation of the recommendations.
In addition, external regulatory agencies could perform compliance audits at any time.
For more information visit the External Audit Guidelines page.
What Gets Audited and Why
Audits are selected based on risk assessments developed by the University Compliance Office, with information provided by the university’s area-specific Compliance Offices. Risk factors differ by type of compliance area, but include size and scope of the compliance area at the university, length of time since the last audit, significance of past audit findings, changes in the area-specific compliance office, etc.
Interim updates are provided to auditee management throughout the course of the audit. The audit observations accumulate into a draft audit report after the completion of the audit, which is sent to management for discussion with the University Compliance Office and management’s response. Management’s formal written responses are then included in the final audit report that is distributed to management of the audited area and to appropriate members of university management. Follow-up reviews are performed 90 days after final report dates to determine whether recommendations have been implemented. If not implemented, follow-up reviews continue.