2resno17
“Types of Acs
DAF Home [Departments | Campus Maps For Employees Forms DAF Index
+ Home
‘About the Director
FAQ
Mission and Chanter
1 TeRepor Improper Acts
Types of Au
> Whistleblower
Complant
Procedure
+ Retatation
Procedure
Types of Audits and Reviews
The Audit Process
In general, a typical aud includes the folowing sequential steps
‘Scheduing an opening confernce to discuss the aut objectives, timing, and report format and dstibuton.
[Assessing the soundness of the intemal controls or business systems and operations.
‘esting the intemal conrals to ensure proper operation,
Discussing with management all preliminary observations,
Discussing wih management the call audit report and thelr responses, if avaliable, prior to release ofthe final
audit por.
+ Following up on crtical issues raised in audit reports to determine if they have been successtuly resolved.
Internal Controls Educational Seminar
‘Any department or organization that would tke a gession on intemal Controls inthe University Environment should canta
the Director of Intemal Auding Services at Ext. 5-4818 to schedule i. The seminars are typically 1-2 hous in length ana
Include a 20-minute vdeo on intemal controls at collages and universes. The presentation includes lime for questions and
answers and can be tailored to address a departments speci needs or requests,
Audits
‘Types of Audits and Reviews:
4. Financial Audis or Reviews
2, Operational Audis
5, Deparment Reviews
4 ofomation Systems Audte
5
8
z.
Integrated Aucts
Followup Auste
Financial Audit
A historically ented, independant evaluation performed forthe purpate of alteting to the faimass, accuracy, ane
relablty of financial data. CSULB's extemal auitors, KPMG, perform this type of review. CSULB's Directo of Financial
Reporting coordinates the work ofthese auditors on our campus.
Operational Audit
[A future-rianted, sysematic, and independent evaluation of eranizational activites. Financial data may be used, but the
primary sourees of evidence ae the operational policies and achievements related to organizational objectives. Inlornal
Controls and efficiencies may be evaluated curing tis type of review.
Department Review
‘A current period analy of adminstraive functions, to evaluate the adequacy of controls, safeguarding of assets, efficient
se ofresourees, compliance wit related laws, regulations and University pole and integty of financial Information,
Information Systems (IS) Audit
Thee are thvee basic kinds of IS Audis that may be performed:
4. Gener
Controls Review
{A roviw of the controls which gover the development, operation, maintenance, and securty of application systoms in
‘8 paticilr environment, Ths type of aut might involve reviewing a data center, an operating system, a security
software foo, or processes and procedures (such asthe procedure for controling production program changes), ee
2. Application Controls Review
hipaa cst edlticesiniv_svosinlerralaxstnglausts Nm we2resno17
hipaa cst edlticesiniv_svosinlerralaxstnglausts Nm
“Types of Acs
‘review of controls fora specific application system, This would involve an examination of the contols over the input
processing, and output of system data, Data communications issues, program and data secury, system change control
And data qual issues are also considered
4. System Development Review
A reviow of the development of a new application system. This inves an evaluation ofthe development process as
wall asthe product. Consideration also given to the general controls over a new application, particularly it new
‘perating envionment or technical platform wil be use.
Integrated Audit
This isa combination of an operational aut, department reviw, and IS aut application controls review. This type of
review allows fora very comprehensve examination ofa funcional aperation within the Univers
Investigative Audit
‘This isan aut that takes place as 2 result of a report of unusual 0 suspicous activity onthe part of an individual or @
partment. I's usually focused on specific aspects ofthe work of @ department o individual. Al members ofthe campus
‘community are invited to report suspicions of improper acy tothe Director of Internal Auditing Services on a confidential
basis. Her direct number is 562-085-4818,
Follow-up Audit
‘These are audits conducted approximately ex months aftr an inleral or external aut report has been issued. Thay are
esignod to evaluate corrective ation that has been taken on the aut issues reported inthe orginal report. When these
fellow-up auits are done on extemal auditors pars, the results ofthe follow-up may be reported to those extemal
auditors