Internal Audit Plan for Fiscal Year 2010
Risk-based Audits:
It is the policy of the Finance and Audit Committee of the Board of Visitors and the management of Virginia Polytechnic Institute and State University to support the maintenance of an internal audit function to assist in the effective discharge of their responsibilities for the control of institutional resources. The objective of these audits is to contribute to the improvement of risk management and the control systems within the University by identifying and evaluating exposures to business risks and the controls designed by management to reduce those risks.
Internal Audit will perform audits of all University operations and activities to appraise:
• The reliability, integrity, and timeliness of significant financial, managerial, and operating information
and the adequacy of the internal controls employed over the compilation and reporting of such information
• Compliance with policies, procedures, standards, laws, and regulations
• Measures taken to safeguard assets, including tests of existence and ownership
• The adequacy, propriety, and cost-effectiveness of accounting, financial, and other controls throughout the
University, as well as compliance therewith
• Whether University resources are being managed in an economical, efficient, and effective manner
The audit plan for fiscal 2010 includes the following engagements:
| Audit | Projected Start (FY Quarter) |
Projected BoV Meeting |
| Athletic Department - Operations | 2nd Quarter | March |
| Virginia Bioinformatics Institute | 2nd Quarter | March |
| Environmental Health & Safety | 2nd Quarter | March |
| Learning Technologies | 2nd Quarter | March |
| Macromolecules & Interfaces Institute | 2nd Quarter | March |
| Information Technology Security Office | 2nd Quarter | March |
| Office of Sponsored Programs - Pre-Award | 2nd Quarter | March |
| Department of Chemistry | 3rd Quarter | June |
| Scholarships and Financial Aid | 3rd Quarter | June |
| Dining Services | 3rd Quarter | June |
| Emergency Preparedness - Action Plans | 3rd Quarter | June |
| Construction Project Management Process | 3rd Quarter | June |
| Network Infrastructure System Support | 3rd Quarter | June |
| Electronic Sensitive Data | 3rd Quarter | June |
| Departmental Scholarships/Foundation | 3rd Quarter | August |
| University Unions & Student Activities | 3rd Quarter | August |
| Cooperative Extension | 3rd Quarter | August |
| Investment & Debt Management | 4th Quarter | June |
| Secure Enterprise Technology Initiatives | 4th Quarter | August |
| Surplus Property Compliance | 4th Quarter | August |
| Leave Accounting | 4th Quarter | August |
Compliance Reviews:
In order to provide the Finance and Audit Committee of the Board of Visitors and Executive Management with a clear picture of university-wide business practices and compliance with key university fiscal and administrative policies, Internal Audit began performing an ongoing series of compliance reviews in fiscal 2004. Audit has concluded that the reviews are most effectively conducted and reported at the senior management (i.e., Deans, Vice Presidents) level. It is at this level where the authority and resources reside to make compliance and good business practices a priority. There are approximately twenty-five senior management areas identified in the University’s financial system, and each will be reviewed at least once during every five-year cycle. The ultimate objective of the reviews is to contribute to the improvement of risk management and the control systems within the various senior management areas by evaluating compliance with the following university policies and procedures:
• Fiscal responsibility and reconciliation of financial activities (Policy No. 3100)
• Employee compensation and leave (Policy Nos. 4296, 4298, 4300, and 4320)
• Expenditures (Policy No. 3200)
• Fixed asset management (Policy No. 3950)
• Funds handling procedures (Policy No. 3600 and University Bursar procedures)
• Access and key control (Policy No. 5620)
• Information Technology Security (Policy Nos. 1060, 7010, and 7105)
The compliance review plan for fiscal 2010 includes the following senior management areas:
| Senior Management Area | Projected Start (FY Quarter) |
Projected BoV Meeting |
| Vice President for Alumni Relations | 2nd Quarter | March |
| College of Business | 2nd Quarter | March |
| College of Science | 3rd Quarter | June |
| Vice President & Dean for Undergraduate Education | 4th Quarter | August |
| Vice President for Administrative Services | 4th Quarter | August |