Internal Audit Services
OAC assists the University as a proactive partner to perform a variety of audit, consulting, and advisory services. The services described below are designed to promote, enhance, and strengthen processes across the University. Based on the type of project, evaluations and assessments can be performed by control, process, function, area or department.
Please click below for detailed information on audit services offered by the OAC.
Audit
Internal Audit performs financial, operational, and compliance audits based on its audit plan developed through a risk-based process. Examples of audits may include:
-
Financial– focuses on financial reporting which impacts the University’s financial stability. These audits typically focus on accounting controls of the general ledger system.
-
Operational – involves reviewing and assessing a business process that normally has a financial impact on the University.
-
Compliance – assesses, evaluates, and makes recommendations regarding the effectiveness of controls to ensure reasonable compliance with University policies and procedures, government and sponsored research rules and regulations, contracts, and other applicable laws and regulations.
-
Information Systems – assesses, evaluates, and makes recommendations regarding the adequacy of internal controls crucial to the University’s information systems and reviews the effectiveness of risk management over these systems. Additionally, this type of audit will assess whether the systems are in compliance with the University’s policies and procedures as well as applicable laws and regulations.
Consulting
As part of a consulting engagement, OAC can provide assistance during any phase of a project, which could include an assessment on the design of new processes, systems or other departmental initiatives. Consulting services generally involved two parties:
- The person or group offering the advice – internal auditor, and
- The person or group seeking and receiving advice – the engagement client. When performing consulting services, the internal auditor should maintain objectivity and not assume management responsibilities.
Advisory
Members of OAC serve in various advisory capacities at the University such as participating in work groups or project teams to assist with policy development or to facilitate interactions among multiple departments in order to provide benchmarks for the consistent and/or efficient management of a process.
Risk Assessments
Risk assessments are the identification and analysis of relevant risks to the achievement of an organization's objectives, for the purpose of determining how those risks should be managed. During the risk assessment process, the Office of Audit & Compliance (OAC) identifies and assesses both the likelihood and potential impact of various risks to Howard University.
Internal controls are then identified and evaluated to determine how adequate they are in reducing risk to ensure that residual risk is at manageable levels. Residual risk is the risk that something will occur after controls or procedures are implemented to prevent it. In addition to audits required by state regulations, those activities, or functions with higher levels of residual risk are typically selected for audits.
OAC conducts the risk assessment process through collaborative discussions with academic and administrative leadership; review and analysis of budgets and proposed programs; and a systematic evaluation of risk factors covering the functional and organizational units of the University. Based upon the results of the risk analysis, a proposed audit plan is presented to the President and the Board of Trustees for review and approval.