Resources & Tools
1. General (Internal auditing-related guidelines)
- TCUS Archives - Record Retention Policy
- ACUA - Association of College and University Auditors
- NACUBO - National Association of College and University Business Officers
- AICPA - American Institute of Certified Public Accountants
- ACFE - Association of Certified Fraud Examiners
- IIA - Institute of Internal Auditor
2. Glossary
Audit Findings: Observations noted during fieldwork that are inconsistent with proper practices; findings typically highlight an increased risk to the institution/organization or a failure of controls.
Audit Plan: The annual blueprint for what areas will be reviewed by internal audit, created based on the results of the Risk Assessment.
Audit Scope and Approach: The areas that the audit will address (Scope) and the related audit activities (Approach).
Audit Work Program: Detailed procedures that guide us in the completion of the project.
Design of Controls: How well internal controls would address related risks if the controls operated as intended.
Draft Audit Report: The result of our work, typically in a report form detailing the audit’s background and scope, work performed, summary of observations, and recommendations.
Entrance Meeting: The initial meeting between Touro College audits and unit management and process owner(s), discussing the audit work to be performed.
Exit Meeting: Review of the draft report with unit management and/or process owner(s) to ensure understanding and agreement among both parties before information is shared with executive management.
Fieldwork: Action steps necessary for us to carry out our work to achieve the objectives of the audit.
Final Audit Report: Version of the audit report, including management’s response, which is presented to the Audit Committee and signifies the completion of the audit.
Information Request: List of files, policies, procedures, or other information that we will need to complete our work.
Interviews: Meetings with knowledgeable personnel to better understand the processes and operations of the unit.
Internal Control: A process, including policies, procedures, monitoring techniques, and attitudes, that helps to achieve a desire result.
Management’s Response: Management’s plan for addressing the observations and recommendations included in the report.
Process: Series of activities or tasks that produces a specific outcome (e.g., charging costs to a grant).
Process Documentation: Visual representation of the flow of information or work steps involved in completing specific processes.
Recommendations: Suggested changes or enhancements to policies or processes to strengthen intern controls or improve efficiency and effectiveness.
Risk Assessment: The process of reviewing an institution’s operations and determining the areas of greatest exposure.
Risk Mitigation: Actions taken to reduce the exposure or impact of what could go wrong.
Testing Procedures: Processes for determining the effectiveness of controls and existence of risk(s); may include sample selection, interviews, process walkthroughs, and transaction testing.