2resno17 “Types of Acs DAF Home [Departments | Campus Maps For Employees Forms DAF Index + Home ‘About the Director FAQ Mission and Chanter 1 TeRepor Improper Acts Types of Au > Whistleblower Complant Procedure + Retatation Procedure Types of Audits and Reviews The Audit Process In general, a typical aud includes the folowing sequential steps ‘Scheduing an opening confernce to discuss the aut objectives, timing, and report format and dstibuton. [Assessing the soundness of the intemal controls or business systems and operations. ‘esting the intemal conrals to ensure proper operation, Discussing with management all preliminary observations, Discussing wih management the call audit report and thelr responses, if avaliable, prior to release ofthe final audit por. + Following up on crtical issues raised in audit reports to determine if they have been successtuly resolved. Internal Controls Educational Seminar ‘Any department or organization that would tke a gession on intemal Controls inthe University Environment should canta the Director of Intemal Auding Services at Ext. 5-4818 to schedule i. The seminars are typically 1-2 hous in length ana Include a 20-minute vdeo on intemal controls at collages and universes. The presentation includes lime for questions and answers and can be tailored to address a departments speci needs or requests, Audits ‘Types of Audits and Reviews: 4. Financial Audis or Reviews 2, Operational Audis 5, Deparment Reviews 4 ofomation Systems Audte 5 8 z. Integrated Aucts Followup Auste Financial Audit A historically ented, independant evaluation performed forthe purpate of alteting to the faimass, accuracy, ane relablty of financial data. CSULB's extemal auitors, KPMG, perform this type of review. CSULB's Directo of Financial Reporting coordinates the work ofthese auditors on our campus. Operational Audit [A future-rianted, sysematic, and independent evaluation of eranizational activites. Financial data may be used, but the primary sourees of evidence ae the operational policies and achievements related to organizational objectives. Inlornal Controls and efficiencies may be evaluated curing tis type of review. Department Review ‘A current period analy of adminstraive functions, to evaluate the adequacy of controls, safeguarding of assets, efficient se ofresourees, compliance wit related laws, regulations and University pole and integty of financial Information, Information Systems (IS) Audit Thee are thvee basic kinds of IS Audis that may be performed: 4. Gener Controls Review {A roviw of the controls which gover the development, operation, maintenance, and securty of application systoms in ‘8 paticilr environment, Ths type of aut might involve reviewing a data center, an operating system, a security software foo, or processes and procedures (such asthe procedure for controling production program changes), ee 2. Application Controls Review hipaa cst edlticesiniv_svosinlerralaxstnglausts Nm we2resno17 hipaa cst edlticesiniv_svosinlerralaxstnglausts Nm “Types of Acs ‘review of controls fora specific application system, This would involve an examination of the contols over the input processing, and output of system data, Data communications issues, program and data secury, system change control And data qual issues are also considered 4. System Development Review A reviow of the development of a new application system. This inves an evaluation ofthe development process as wall asthe product. Consideration also given to the general controls over a new application, particularly it new ‘perating envionment or technical platform wil be use. Integrated Audit This isa combination of an operational aut, department reviw, and IS aut application controls review. This type of review allows fora very comprehensve examination ofa funcional aperation within the Univers Investigative Audit ‘This isan aut that takes place as 2 result of a report of unusual 0 suspicous activity onthe part of an individual or @ partment. I's usually focused on specific aspects ofthe work of @ department o individual. Al members ofthe campus ‘community are invited to report suspicions of improper acy tothe Director of Internal Auditing Services on a confidential basis. Her direct number is 562-085-4818, Follow-up Audit ‘These are audits conducted approximately ex months aftr an inleral or external aut report has been issued. Thay are esignod to evaluate corrective ation that has been taken on the aut issues reported inthe orginal report. When these fellow-up auits are done on extemal auditors pars, the results ofthe follow-up may be reported to those extemal auditors