In order to meet the responsibilities and objectives as set forth in the Audit Charter, it is necessary for the Internal Audit Office to perform reviews and audits of varying types and scopes depending on the circumstances and requests from management.
Each fiscal year, an annual audit plan is developed and submitted to the Chancellor and Board of Trustees Audit Committee for review and approval. The audit plan is based on a risk assessment methodology, as well as requests from management. Audit services can be requested by members of the University community through memos or email.
The following types of audit services performed:
Operational Audits
Operational audits review the effectiveness and efficiency of operational units within the University. Effectiveness measures how successfully an organization achieves its goals and objectives. Efficiency measures how well an entity uses its resources to achieve its goals.
Financial Audits
Financial audits address issues related to the proper accounting and reporting of financial transactions, including authorizations, cash receipts, cash disbursements, and commitments to purchase.
Compliance Audits
Compliance audits measure the university’s compliance with specific established University, federal, or state laws, regulations, and/or policies, such as travel guidelines, HIPAA, and FERPA.
Information Technology Audits
Information technology (IT) audits are conducted to evaluate the quality of the controls and safeguards over the information technology resources and critical data of the University. These audits normally consist of reviewing the effective use of information technology resources and adherence to management’s policies and assessing the design and implementation of internal controls over computer applications and the computing environments in which they are used.
Investigative Audits
These audits are normally requested on an as-needed basis by management or are requested via anonymous tips. Investigative audits focus on things such as alleged irregular conduct, non-compliance with established policies or laws, misuse of University resources, false time reporting, internal theft, and/or conflicts of interest.
Follow-up Audits
The Internal Audit Office performs follow-up audits on all audit issues after the issuance of an audit report by either the Internal Audit Office or the North Carolina Office of the State Auditor. During the follow-up audit process, the Internal Audit Office performs the appropriate testing and reviews the steps taken by management to resolve the reported issues.
Consultations/Advisory Services
The Office of Internal Audit often provides routine consultation and advisory services to all levels of University management. Consultative engagements typically involve interpreting policies or reviewing specific processes and controls and offering an opinion on how internal controls might be strengthened. These are frequently undertaken when a significant process change is being planned. We strongly encourage departments to contact us for consultation when starting a new business process.
Assistance to Office of the State Auditor
The Office of Internal Audit provides assistance to the North Carolina Office of the State Auditor (OSA) upon request. These duties may involve the following:
Other
Other special projects may be performed by the Internal Audit Office as delegated by the UNC System Office, Board of Trustees, Chancellor, or other university management.
Fraud and Abuse Reporting
Any dishonest or improper act by an employee, such as acts that violate the law, waste money, or endanger public health and safety, are of concern to NCCU. In addition, NCGS § 114-15.1 requires all state agencies, including NCCU, to report misuse of state property.
When potential violations are reported, all reports are investigated as promptly and discreetly as possible, with the facts made available only to those who need to investigate and resolve the matter.
NCCU Policy 01.04.8, "Misuse or Theft of University Property," protects employees who have reported suspected criminal activity in good faith from retaliation.
I. What Should Be Reported
Dishonest or fraudulent activities include:
-
Forgery or alteration of documents
-
Misrepresentation of information on documents
-
Misuse, mismanagement, or misappropriation of funds, supplies, or any other asset
-
Improper handling or reporting of money transactions
-
Authorizing or receiving payments for good not received or services not performed
-
Authorizing or receiving payments for hours not worked
-
Theft of university property
-
Personal use of university purchasing cards, materials, or assets
-
Falsification of documents or reports
-
Any apparent violation of Federal, State, or local laws
-
Any unusual or suspicious activity
II. How to Report
To report suspected fraud, waste, or abuse of university resources, you may use any of the following three anonymous and confidential ways for reporting these observations:
- Report it to your supervisor. Alert those in your chain of supervision and give them a chance to solve or resolve it.
- Report it to Internal Audit. Contact us at 919-530-6189.
- Report it to the Office of the State Auditor. Contact the Office of the State Auditor at 1-800-730-TIPS or by completing the online reporting form. Reports are initially sent to the North Carolina Office of the State Auditor. An investigation into the allegations may be completed by the Office of Internal Audit.