Internal Audit Services looks beyond the numbers. There are many types of audit and our office will determine the kind of audit to undertake, based on an assessment process. The following list provides examples of the audits that may be undertaken by our office, either alone or in combination with another type of audit.
Operational Audits provide an objective evaluation of an area, or a department or functional operation. The process assesses the adequacy and effectiveness of controls designed to manage risks and ensure objectives are being met (e.g. duty to accommodate programs, scholarship and awards processes, policy development and international travel).
A Financial Audit is a historically-oriented, independent evaluation performed for the purpose of attesting to the fairness, accuracy, and reliability of financial data. The University of Alberta's external auditors and the Office of the Auditor General of Alberta perform this type of review annually. Our office will also conduct audits focusing on a financial system's controls to ensure that financial controls are adequate and effective (e.g. payroll withholdings assessments, tuition and differential fee revenues).
Information Systems Audits
There are many types of information systems audits that focus on the controls that govern the development, operation, maintenance and security of application systems in a particular environment. This type of audit might involve reviewing a data centre, an operating system, a security software tool, or processes and procedures (such as the procedure for controlling production program changes). Internal Audit Services may also review the development of a new application system.
These audits address the specific unit’s adherence to laws and regulations, policies and procedures, federal and provincial requirements, as well as restrictions imposed on endowments and grants, etc. (e.g. withholding remittances or pension processes).
After an internal or external audit report has been issued, our office may evaluate the corrective action that has been taken on the audit issues identified in the original report.
The types of consulting work that are undertaken by our office include facilitation services for control self-assessment, control framework development for new programs, opinions on new policies, as well as advice regarding application controls for systems under development.