Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit’s mission is to enhance and protect organizational value by providing risk-based objective assurance, advice and insight. Professional staff are members of the Institute of Internal Auditors and abide by the Code of Ethics principles of integrity, objectivity, confidentiality, and competency.
Our services include assurance and consulting in the following areas:
- Compliance with laws, regulations, policies, procedures, or contractual agreements.
- Financial transactions and the systems/procedures used to process them.
- Information Security/Technology to evaluate confidentiality, integrity, availability, and reliability of data and programs.
- Operational/Performance tests the efficiency and economy of operations.
Internal Controls Training
The Office of Internal Audit offers training classes that address risks and controls. These are available to employees on The University of Alabama System campuses, the UAB Health System, and affiliated entities. These classes will help participants understand internal controls and how to effectively balance risks and controls.
The University of Alabama System encourages ethical conduct among all employees of the System and its three institutions. Ethics Support is a resource for employees to seek guidance, without fear of retaliation, regarding potential actions or situations that could be considered unethical or a violation of conflicts of interest or other governing standards.
Frequently Asked Questions
- What is Internal Auditing?
Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. (The Institute of Internal Auditors definition.)
- How are audits chosen?
With management’s input Internal Audit prepares an assessment of risks that may affect the University. A variety of risk factors are considered including financial, existing controls, degree of change or stability, complexity, length of time since last audit, and available audit resources. The audit plan is revised throughout the year as risks and priorities change.
- What are internal controls?
Controls include policies and procedures to help prevent errors from occurring or to detect and correct them if they do occur. Preventive controls include proper segregation of duties, authorizations and approvals, limited access to assets, and supervisory oversight. To illustrate segregation of duties, the same individual should not:
- initiate or approve purchase and receive goods,
- collect money and record receipt,
- issue checks and reconcile accounts, or
- post transaction and reconcile account.
Detective controls include reconcilements, appropriate and timely resolution of variances between budgeted and actual transactions, and a random review of transactions on a periodic basis.
- What should I expect during an audit?
You will be notified when we begin an audit in your area. We will schedule an entrance conference to explain our audit process and to obtain your input. During the audit we may meet with faculty or staff in your area, review and evaluate processes and systems, examine documentation, and select transactions for testing. At end of audit we will prepare a draft report, which will include identified opportunities for improvement. We will share draft report with you for your input and action plans. We will usually schedule an exit conference to finalize audit report and management action plans.
When your area is audited, you should expect the following as we plan, conduct, and report results.
- Planning includes a project risk assessment to determine objectives.
- Field work includes process and control reviews and testing of transactions.
- We will share opportunities to improve your operations as they are identified and ask for your input as we develop recommendations.
- We will share a draft report for your input before final report is issued.
- We will include your management action plan as a part of our final report.
Your input is encouraged at every phase.
Some potential results you should expect when we complete our audit are:
- Recommendations for improved controls and more economical or efficient use of resources.
- Conclusions on degree of compliance with policies, procedures, regulations, and adequacy of financial records.
- Assessment of risks and controls.
- Will I be kept informed during the audit process?
Yes. The auditor will keep you and your team informed of progress. We are sensitive to your busy schedule and will plan our work to limit disruptions to you/your team. If you would like more frequent updates than you receive, just ask.
- Will I have a chance for input before the audit report is issued?
Yes. Audit issues will be discussed with you and your team as they are identified. Your feedback and input will be welcomed as opportunities for improvement and recommended actions are developed. You will have an opportunity to review and provide feedback to our draft report.
500 University Blvd, East
Tuscaloosa, AL 35401
1720 2nd Avenue South
Birmingham, AL 35294-0105
University of Alabama Office
Tuscaloosa, AL 35487-0146
University of Alabama at Birmingham Office
1720 2nd Avenue South
Birmingham, AL 35294-0105
University of Alabama in Huntsville Office
301 Sparkman Drive
Shelbie King Hall, Room 347
Huntsville, AL 35899
- Alabama Department of Examiners of Public Accounts
- Association of Certified Fraud Examiners (ACFE)
- Association of College & University Auditors (ACUA)
- American Institute of Certified Public Accountants (AICPA)
- Healthcare Financial Management Association (HFMA)
- Institute of Internal Auditors (IIA)
- Information System Audit and Control Association and Foundation (ISACA)
- National Association of College and University Business Officers (NACUBO)
- Southern Association of College and University Budiness Officers (SACUBO)