|Internal Audit||U of T Home Office of the President Login|
Internal Audit provides the following services:
The objectives of a Department Review consist of identifying significant risks and risk areas in a client department and (a) determining the adequacy and effectiveness of existing procedures and controls to manage the significant risks identified, (b) assessing compliance with University and Sponsor policies and procedures in the target risk areas, and (c) identifying opportunities for improving the efficiency and effectiveness of the client’s administration.
See Conducting a Review.
Information Technology Reviews include System Development Reviews and Computer Facility Reviews.
The scope of a Systems Development Review includes the planning, development, testing and implementation phases of new or modified central administrative systems and their components. The objective is to evaluate the existence of adequate controls to mitigate the risk that a systems development/acquisition project will provide an information system that:
Computer facilities encompass data centres, server rooms, tape libraries, etc. The objective of a Computer Facility Review is to assess the adequacy of disaster recovery plans, backup and recovery procedures, physical security, logical security and user administration, access logs and follow-up of exceptions for controls to mitigate the risk of:
Internal Audit performs follow-up reviews approximately 12 months after issuing the final audit report for Department and Information Technology reviews. The objectives of the Follow-up Review are to assess the client’s progress in implementing the action plan(s) agreed upon during the original review and to assist the client’s managers and administrators where difficulties were experienced with implementation of the plan(s).
The objective of Continuous Auditing is to assess the completeness, accuracy and propriety of a monthly sample of transactions drawn from the University’s accounting system using Computer Assisted Audit Techniques (CAAT’s). CAAT’s are tools used by the Department to select audit samples and monitor transactions and data recorded in the University’s accounts for anomalies and compliance with University policies and procedures. When a transaction is selected for audit, the initiator of the transaction is contacted and asked to supply all relevant documentation. Audit findings are discussed with the initiator who then receives a detailed Continuous Audit letter which is copied to the appropriate supervisor. The Department summarizes the results of the Continuous Audit process in a quarterly report to the President/Vice-Presidents’ Committee.
Special Reviews can be undertaken as a result of requests by senior University administrators or department heads, findings identified in the course of an audit review or concerns reported to the Department (see Reporting Incidents of Suspected Financial Impropriety). The reviews are limited in scope to address the specified concerns only.
Reviews generally relate to loss of assets, violations of policies, procedures and laws or other University business risks. Where appropriate, the Department consults with the Human Resources Department, legal counsel, law enforcement agencies or others.
The Department regularly consults with the University’s external auditor to coordinate audit activities and avoid duplication of effort.
The Department assists the University’s external auditor with the undertaking of the annual external audit requirements to the extent that internal audit resources are available.
Internal audit reports are copied to the external auditor for information purposes.
Last updated: April 25, 2007
© University of Toronto | Contacts | University Switchboard: 416.978.2011 | University of Toronto, 27 King's College Circle, Toronto, Ontario, Canada M5S 1A1 | Contact Internal Audit | www.internalaudit.utoronto.ca