There are five categories of audits performed by the WVU Internal Audit Office. Although most audit projects can be classified into one of the five categories, some are a combination of two or more categories. The following is a list of the categories along with a brief description of each
This is a risk-based review of a unit’s internal controls and business practices and an evaluation of their effectiveness and efficiency. These audits include an evaluation of operating policies and procedures as they relate to achievement of the unit’s mission and objectives.
This type of audit is a technical review and evaluation of management controls within the information technology infrastructure. Its purpose is to provide assurance that University systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve University and departmental goals and objectives. Information system audits may include an evaluation of controls, procedures, and standards related to system development projects; environmental and physical security controls; application, operating system, and network logical access controls; and regulatory compliance.
This type of audit is performed to determine the reliability and integrity of financial information and the means used to identify, measure, classify, and report such information.
A compliance audit is a review of a unit’s adherence to rules, regulations, or agreement terms. Examples include University policies and procedures, regulations imposed by outside agencies such as the Federal Office of Management and Budget (OMB), National Collegiate Athletic Association (NCAA), contract requirements, or donor restrictions on use of funds.
This is a specialized audit performed to determine the extent of suspected fraud or abuse associated with University assets. These audits are tailored to the specific circumstances and generally require considerable audit effort and close communication with legal counsel and law enforcement personnel. In addition, the University provides an online portal, EthicsLine, for employees, students, and constituents to report issues regarding compliance with laws, regulations, and policies. Examples of the types of issues investigative audits would address are:
For the benefit of management, the WVU Internal Audit Office also provides consulting services. The services consist of activities that are advisory in nature and may include counsel, advice, facilitation or training. The engagement scope is agreed to with unit management and the engagements are intended to add value and improve a unit’s governance, risk management, and control processes.