Office of Internal Audit

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization鈥檚 operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit鈥檚 mission is to enhance and protect organizational value by providing risk-based objective assurance, advice and insight. Professional staff are members of the Institute of Internal Auditors and abide by the Code of Ethics principles of integrity, objectivity, confidentiality, and competency.

Our services include assurance and consulting in the following areas:

Compliance with laws, regulations, policies, procedures, or contractual agreements.
Financial transactions and the systems/procedures used to process them.
Information Security/Technology to evaluate confidentiality, integrity, availability, and reliability of data and programs.
Operational/Performance tests the efficiency and economy of operations.

Internal Controls Training

The Office of Internal Audit offers training classes that address risks and controls. These are available to employees on tiktok成人版 campuses, the UAB Health System, and affiliated entities. These classes will help participants understand internal controls and how to effectively balance risks and controls.

Learn More

Ethics Support

tiktok成人版 encourages ethical conduct among all employees of the System and its three institutions. Ethics Support is a resource for employees to seek guidance, without fear of retaliation, regarding potential actions or situations that could be considered unethical or a violation of conflicts of interest or other governing standards.

Learn More

Frequently Asked Questions

What is Internal Auditing?
Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization鈥檚 operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. (The Institute of Internal Auditors definition.)
How are audits chosen?
With management鈥檚 input Internal Audit prepares an assessment of risks that may affect the University. A variety of risk factors are considered including financial, existing controls, degree of change or stability, complexity, length of time since last audit, and available audit resources. The audit plan is revised throughout the year as risks and priorities change.
What are internal controls?
Controls include policies and procedures to help prevent errors from occurring or to detect and correct them if they do occur. Preventive controls include proper segregation of duties, authorizations and approvals, limited access to assets, and supervisory oversight. To illustrate segregation of duties, the same individual should not:
- initiate or approve purchase and receive goods,
- collect money and record receipt,
- issue checks and reconcile accounts, or
- post transaction and reconcile account.
Detective controls include reconcilements, appropriate and timely resolution of variances between budgeted and actual transactions, and a random review of transactions on a periodic basis.
What should I expect during an audit?
You will be notified when we begin an audit in your area. We will schedule an entrance conference to explain our audit process and to obtain your input. During the audit we may meet with faculty or staff in your area, review and evaluate processes and systems, examine documentation, and select transactions for testing. At end of audit we will prepare a draft report, which will include identified opportunities for improvement. We will share draft report with you for your input and action plans. We will usually schedule an exit conference to finalize audit report and management action plans.

When your area is audited, you should expect the following as we plan, conduct, and report results.

Process
- Planning includes a project risk assessment to determine objectives.
- Field work includes process and control reviews and testing of transactions.
  - We will share opportunities to improve your operations as they are identified and ask for your input as we develop recommendations.
- Reporting
  - We will share a draft report for your input before final report is issued.
  - We will include your management action plan as a part of our final report.
Your input is encouraged at every phase.

Results

Some potential results you should expect when we complete our audit are:
- Recommendations for improved controls and more economical or efficient use of resources.
- Conclusions on degree of compliance with policies, procedures, regulations, and adequacy of financial records.
- Assessment of risks and controls.
Will I be kept informed during the audit process?
Yes. The auditor will keep you and your team informed of progress. We are sensitive to your busy schedule and will plan our work to limit disruptions to you/your team. If you would like more frequent updates than you receive, just ask.
Will I have a chance for input before the audit report is issued?
Yes. Audit issues will be discussed with you and your team as they are identified. Your feedback and input will be welcomed as opportunities for improvement and recommended actions are developed. You will have an opportunity to review and provide feedback to our draft report.

Staff