The Internal Audit Office

The Internal Audit Office strives to continually add value and mitigate risk through evaluation of the university's operations. We are dedicated to adding value to the university through continuous improvement, risk assessment, and internal controls evaluation efforts. We are obligated to maintain high standards of competence, objectivity, and integrity in the performance of our duties and responsibilities. We are here to serve all departments and constituents of the university. 

The Internal Audit Office should be contacted any time a member of the university community: 

• Has a question regarding internal controls, protection of university resources, or compliance with policies, rules, regulations, or laws; 

• Is considering implementing a new business process or making a change to the way they do business so that consultation can be provided regarding the appropriate internal controls that should be built into the process; 

• Plans to engage an external entity for any audit, review, or consulting activity; 

• Is notified by any outside agency of a pending audit or review of their department, business process, or program; 

• Is aware of any instances of fraud, waste, or abuse of university resources or has any other concerns regarding issues that may be detrimental to the university, its constituents, or its reputation. (This information may be submitted anonymously via the Internal Audit Hotline.)

Vision 

Protecting. Assisting. Enhancing. 

Values 

Integrity. Objectivity. Confidentiality. Competence. 

If we can assist you in any way, please call us at 919-530-6189. We value your feedback and will work with you to find solutions that strengthen your internal controls and help manage risk. 

The mission of the Internal Audit Office is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. 

NCCU is required by North Carolina General Statute (NCGS) §143-746 to maintain an internal audit function. In accordance with the NCCU Internal Audit charter, the Internal Audit Office operates as an independent appraisal function within NCCU and reports functionally to the Audit Committee of the Board of Trustees and administratively to the Chancellor's Office. 

The primary purpose of the Internal Audit Office is to function as a service unit to assist all levels of management in the effective discharge of their responsibilities.  Through consulting and performing independent audits, reviews, and investigations, the office seeks to provide reasonable assurance to management that effective stewardship is maintained over the University’s resources. The Internal Audit Office also serves as a liaison between management and all external auditors. 

In general, the objectives of Internal Audit are to: 

• Evaluate the adequacy of the internal control structure within a department or unit;

• Assess the extent of compliance of each area with applicable laws, regulations, policies, and procedures; 

• Verify the existence of University assets and ensure proper safeguards for their protection; 

• Identify risks that can impact the University;

• Investigate concerns relating to fraud, embezzlement, and theft; 

• Consult with management and provide methodologies, facilitation, focus, knowledge, technology, best practices, and independence that help solve management’s problems. 

In accordance with the internal audit charter, NCGS §116-40.7, NCGS §143-748, and other applicable laws, the Internal Audit Office has unrestricted access to all records, assets, and other resources of the University that are necessary to accomplish its objectives. Internal Audit ensures the safekeeping and confidentiality of all records and information used during an engagement to the extent provided by NCGS §116-40.7, §116-40.7, and other applicable laws. 

The Internal Audit Office develops an annual audit plan that is reviewed and approved by the Audit Committee of the NCCU Board of Trustees and the Chancellor of NCCU. This plan identifies the engagement projects to be conducted during the upcoming fiscal year; however, it can be amended to include requested reviews, special projects, or changes in priority. 

Not all reviews are selected in the same way. An area can be selected for a review for the following reasons: 

• It is assessed as an area with high risk. 

• It is a cyclical engagement project. 

• Irregular conduct is alleged, and a review is requested. 

• Management specifically requests a review. 

§ 143-748. Confidentiality of internal audit work papers. 

Internal audit work papers are confidential except as otherwise provided in this section or upon subpoena issued by a duly authorized court. A published internal audit report is a public record as defined in G.S. 132-1 to the extent it does not include information that is confidential under State or federal law or would compromise the security of a State agency.  Internal Audit shall maintain for ten years a complete file of all audit reports and reports of other examinations, investigations, surveys, and reviews conducted under Internal Audit's authority.

Audit work papers, and other evidence and related supportive material directly pertaining to the work of the Internal Audit Department, shall be retained in accordance with Chapter 132 of the General Statutes.  Unless otherwise prohibited by law and to promote intergovernmental cooperation and avoid unnecessary duplication of audit effort, audit work papers related to released audit reports shall be made available for inspection by duly authorized representatives of the State and federal government in connection with some matter officially before them. (2013-406, s. 1.) 

Audit Committee Charter 

The NCCU Board of Trustees Audit Committee assists in oversight of the university system of internal control, the audit process, compliance with laws, and regulations. 

Internal Audit Charter 

The Internal Audit Office provides independent, objective assurance and consulting services designed to add value and improve the organization’s operations. It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. 

The Internal Audit Office adheres to the standards and guidelines published by the Institute of Internal Auditors (IIA). The Internal Audit Office applies and upholds the following principles: 

Integrity 

The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment. 

Objectivity 

Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments. 

Confidentiality 

Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. 

Competence 

Internal auditors apply the knowledge, skills, and experience needed in the performance of internal auditing services. 

Every five years, the Office of Internal Audit undergoes an external quality assessment in accordance with IIA standards. The office received the highest possible rating from the IIA review teams during our 2018 assessment. 

In order to meet the responsibilities and objectives as set forth in the Audit Charter, it is necessary for the Internal Audit Office to perform reviews and audits of varying types and scopes depending on the circumstances and requests from management. 

Each fiscal year, an annual audit plan is developed and submitted to the Chancellor and Board of Trustees Audit Committee for review and approval. The audit plan is based on a risk assessment methodology, as well as requests from management. Audit services can be requested by members of the University community through memos or email. 

The following types of audit services performed: 

Operational Audits 

Operational audits review the effectiveness and efficiency of operational units within the University.  Effectiveness measures how successfully an organization achieves its goals and objectives.  Efficiency measures how well an entity uses its resources to achieve its goals. 

Financial Audits 

Financial audits address issues related to the proper accounting and reporting of financial transactions, including authorizations, cash receipts, cash disbursements, and commitments to purchase. 

Compliance Audits 

Compliance audits measure the university’s compliance with specific established University, federal, or state laws, regulations, and/or policies, such as travel guidelines, HIPAA, and FERPA.

Information Technology Audits 

Information technology (IT) audits are conducted to evaluate the quality of the controls and safeguards over the information technology resources and critical data of the University. These audits normally consist of reviewing the effective use of information technology resources and adherence to management’s policies and assessing the design and implementation of internal controls over computer applications and the computing environments in which they are used. 

Investigative Audits 

These audits are normally requested on an as-needed basis by management or are requested via anonymous tips.  Investigative audits focus on things such as alleged irregular conduct, non-compliance with established policies or laws, misuse of University resources, false time reporting, internal theft, and/or conflicts of interest. 

Follow-up Audits 

The Internal Audit Office performs follow-up audits on all audit issues after the issuance of an audit report by either the Internal Audit Office or the North Carolina Office of the State Auditor.  During the follow-up audit process, the Internal Audit Office performs the appropriate testing and reviews the steps taken by management to resolve the reported issues. 

Consultations/Advisory Services 

The Office of Internal Audit often provides routine consultation and advisory services to all levels of University management.  Consultative engagements typically involve interpreting policies or reviewing specific processes and controls and offering an opinion on how internal controls might be strengthened.  These are frequently undertaken when a significant process change is being planned.  We strongly encourage departments to contact us for consultation when starting a new business process. 

Assistance to Office of the State Auditor 

The Office of Internal Audit provides assistance to the North Carolina Office of the State Auditor (OSA) upon request.  These duties may involve the following: 

• Assessments of internal controls 

• Assisting with OSA investigative audits 

Other 

Other special projects may be performed by the Internal Audit Office as delegated by the UNC System Office, Board of Trustees, Chancellor, or other university management. 

Fraud and Abuse Reporting 

Any dishonest or improper act by an employee, such as acts that violate the law, waste money, or endanger public health and safety, are of concern to NCCU. In addition, NCGS § 114-15.1 requires all state agencies, including NCCU, to report misuse of state property. 

When potential violations are reported, all reports are investigated as promptly and discreetly as possible, with the facts made available only to those who need to investigate and resolve the matter.  

NCCU Policy 01.04.8, "Misuse or Theft of University Property," protects employees who have reported suspected criminal activity in good faith from retaliation. 

I. What Should Be Reported 

Dishonest or fraudulent activities include: 

• Forgery or alteration of documents 

• Misrepresentation of information on documents 

• Misuse, mismanagement, or misappropriation of funds, supplies, or any other asset 

• Improper handling or reporting of money transactions 

• Authorizing or receiving payments for good not received or services not performed 

• Authorizing or receiving payments for hours not worked 

• Theft of university property 

• Personal use of university purchasing cards, materials, or assets 

• Falsification of documents or reports 

• Any apparent violation of Federal, State, or local laws 

• Any unusual or suspicious activity 

II. How to Report 

To report suspected fraud, waste, or abuse of university resources, you may use any of the following three anonymous and confidential ways for reporting these observations: 

• Report it to your supervisor. Alert those in your chain of supervision and give them a chance to solve or resolve it. 
• Report it to Internal Audit. Contact us at 919-530-6189.
• Report it to the Office of the State Auditor. Contact the Office of the State Auditor at 1-800-730-TIPS or by completing the online reporting form. Reports are initially sent to the North Carolina Office of the State Auditor. An investigation into the allegations may be completed by the Office of Internal Audit. 

Each fiscal year, the Internal Audit Office develops an audit plan for the following year. This plan is coordinated with the university’s Executive Leadership Team and is approved by the Chancellor and the Board of Trustees Audit Committee. 

The annual audit plan is intended to allocate resources and establish audit priorities that are based on the risks and exposures that could have a significant impact on the university’s ability to accomplish our mission. A portion of the audit plan is also reserved for investigative audits and other unforeseen projects that arise during the year.

Each fiscal year, the Internal Audit Office develops an audit plan for the following year. This plan is coordinated with the university’s Executive Leadership Team and is approved by the Chancellor and the Board of Trustees Audit Committee. 

The annual audit plan is intended to allocate resources and establish audit priorities that are based on the risks and exposures that could have a significant impact on the university’s ability to accomplish our mission. A portion of the audit plan is also reserved for investigative audits and other unforeseen projects that arise during the year. 

Quality Assurance Reviews 

The Internal Audit Office is required by NC General Statutes to demonstrate that it is compliant with the International Standards for the Professional Practice of Internal Auditing, which is published by the Institute of Internal Auditors.  Compliance is validated by going through a quality assurance review (QAR), which is performed by an independent team of professionals with Director of Internal Audit experience from outside NCCU. 

We are pleased to report that we have achieved the highest possible rating in all of our last QARs to date. 

External Audits 

The University Director of Internal Audit has been designated by the Chancellor to serve as the University’s Audit Liaison Officer. The Audit Liaison Officer is responsible for following up on all findings and recommendations made by external auditors. Determining whether or not such recommendations have been satisfactorily addressed is a requirement that is mandated by the UNC Office of the President. 

If your department is contacted by an external entity (such as Federal or State auditors or investigators) regarding any type of pending audit or investigative work, please contact us. This will help ensure that: 

• The duties of the Audit Liaison Officer are fulfilled, as directed by the UNC System Office and the Chancellor;
• Duplication of effort on the part of internal auditors and external auditors, reviewers, or consultants is avoided. 

A representative from the Internal Audit Office will typically accompany the appropriate University representatives to any entrance and exit meetings with external reviewers. 

Copies of all findings and recommendations issued by external auditors and investigators, along with University responses to such recommendations, must be forwarded to the Audit Liaison Officer in a timely manner. 

Upon implementation of the recommendations or other alternative action by management, the Audit Liaison Officer will perform verification procedures to ensure that the stated plan of action has been implemented and will issue a status report to the Chancellor and the Audit Committee of the Board of Trustees. 

Internal Audit Office 
North Carolina Central University 
PO Box 19617 
1801 Fayetteville Street 
Durham, NC 27707 
 
Phone: 919-530-6189
Fax: 919-530-7656 
Email: internalauditoffice@nccu.edu

Robert Davis
Auditor 
Email: rdavis10@nccu.edu 
Phone: 919-530-7686

Kamal Rizk
Auditor 
Email: krizk001t@nccu.edu 
Phone: 919-530-7692