Comprehensive reviews utilize the Committee of Sponsoring Organizations (COSO) and Control Objectives for Information and Related Technologies (CoBIT) frameworks to provide reasonable assurance to UK’s Board of Trustees and senior management regarding the following:
- Compliance with applicable laws and regulations
- Integrity of financial reporting
- Safeguarding of assets
- Operational efficiency and effectiveness
For each comprehensive review, the full scope is not determined until after UKIA completes the planning phase during which time the risks most likely to impede the attainment of UK’s objectives are identified. Appropriate and sufficient work allows us to assess business practices, evaluate the internal control environment and trend data to provide value-added insights and recommendations to both the client and relevant stakeholders (process owners).
UKIA’s investigations team examines events that may have led to a monetary or physical loss to the university to validate the event, accurately calculate the resulting loss and determine the root cause – the conditions which allowed the event to occur and/or go undetected for a period of time. We ensure that appropriate units within the University’s Multidepartment Action Group (MAG), which is comprised of UKIA, Human Resources, Office of Legal Counsel, Information Technology Services (ITS), and UK Police Department, have knowledge of our investigations so they can take suitable action. These investigations typically stem from information provided through the following sources: tips (comply line, direct calls to UKIA), auditor observations and UK Police reports.
Information Technology Reviews
Information Technology (IT) reviews utilize the CoBIT framework to evaluate the quality of the controls and safeguards over the information technology resources at the university. The objectives of IT reviews are to ensure the following:
- The effectiveness and efficiency of university IT resources
- The integrity of all UK data and data systems
- Adherence to UK policies and procedures
- Proper controls are in place to protect computer applications and the computing environment.
IT reviews are conducted both as a standalone evaluation and as a component of Comprehensive, Compliance or Investigation reviews.
Follow-up reviews are typically conducted approximately six to 12 months after the initial audit is completed, in accordance with the Work Prioritization Plan. However, their actual commencement may vary based on target completion dates of the client’s remediation strategy, as the purpose of these reviews is to validate that the observations noted in the initial review have been resolved.
Data analytics is used to compare and analyze large and complex data sets to determine exceptions or detect anomalies based on select criteria.
Assessments provide a thorough appraisal of the operational (including structure, regulations, governing agencies and objectives), financial (including revenue streams, contracts and expenditures) and information technology (including all software and hardware supporting operations) processes within a unit that has multiple departments. The purpose is to identify risks associated with its critical processes and prioritize them in order to establish an appropriate audit cycle for the unit over several years.
Repetitive Auditing Programs
Our repetitive auditing programs examine areas at high risk for non-compliance, such as ProCards, web application security, non-exempt overtime compensation, cash and FERPA. The purpose of these reviews is to assess clients’ practices for compliance with federal regulations and university procedures, though they also support the detection of fraudulent activity at the individual employee level.
UKIA’s “big picture” analysis pinpoints units’ strengths and weaknesses and provides unit management with valuable insights and key benchmarks related to their functional responsibility(s) and/or high-risk administrative processes. The unit’s established plans and protocols are evaluated according to their stated goals and obligations. Managers can then use this guidance to be more proactive in implementing initiatives that increase operational efficiency and effectiveness. Consultations are performed at the unit’s request and the nature and scope are agreed upon in advance by the unit.
An abbreviated version of our full consultations, these meetings present unit leaders with an unprecedented opportunity to discuss specific initiatives, such as new projects, reorganizations, updating practices and get valuable feedback and guidance from a team of UKIA's professional business and/or IT consultants who know UK's policies and understand risk.
Human Resources Training and Development Program
These web-based trainings (WBTs) facilitate awareness, review policy, and coach attendees on the application of internal controls and departmental procedures that conform to university standards. More information about these programs can be found on UK's Human Resources Training page.
Lessons Learned are WBTs which share insights gleaned from audit activity and current events both here and across the nation. More information can be found on the Lessons Learned page, of the UKIA website or by contacting UKIA directly.