Internal Audit

Internal Audits objective is to serve the students and to enhance and protect the university. This is accomplished by providing independent auditing and consulting services to assist management in balancing operational efficiency with risk identification, assessment and control. We report to the board of trustees and collaborate with management to enhance assurance and accountability at all levels of the university community. We will work with you to find solutions that strengthen your internal controls and help manage risk.

Types of Engagement

Audits and assurance engagements include planned reviews of compliance, operations, information technology, finance, and internal controls. They also include integrated audits which incorporate more than one of those categories in a single engagement. Audits are typically included on our office’s annual audit plan (work plan), and they result in a formal audit report that includes an overall opinion of the area under review and any findings and recommendations that were identified.

Administrative Reviews

Administrative reviews begin with a risk assessment to determine the most important issues to the area based on risk and management's requests. Administrative reviews often include assessments of items such as:

  • Financial processes and transactions
  • Cash handling
  • Fixed assets and computer inventory management
  • Payroll and personnel
  • Policies
  • General controls and access rights
  • Academic areas including admission procedures and the awarding of scholarships
  • Tax issues including unrelated business income tax, sales tax, and fringe benefits
  • Governance structure and communication

Compliance Reviews

During a compliance review, operations are compared to external regulations such as those of a Federal, State, or accrediting agency. Our recommendations are intended to help management fully comply with the established regulations.

Information System Reviews

Information system reviews include many different topics such as:

  • System, software, and document access
  • Document storage and retention
  • Credit card compliance
  • Business continuity and disaster recovery planning
  • Online presence
  • Physical security of computer assets

Audit and assurance services provide numerous benefits to management. They can:

  • Determine adequacy of internal controls
  • Promote best practices for controls
  • Ensure compliance with policies and regulations
  • Identify operational inefficiencies and waste
  • Review IT projects, systems, and technology
  • Provide objective insight
  • Assess efficient and responsible use of resources
  • Identify potential cost savings
  • Assist management in addressing complex, cross-functional issues

Our office completes audits based on risk, time since last audit and management requests to ensure we are best meeting UNCP's needs.

Your Involvement

 Most of the audit work is done behind the scenes at our office; however at times we will need your assistance:

  • Entrance Meeting with key leaders in your area to discuss the audit process and the anticipated audit scope.
  • Risk discussions with management includes meeting individually with key leaders and select staff to gain an overview of their area of operations and the related risks.
  • Notify staff members of fraud reporting hotline - Internal Audit and/or NC State Auditor.
  • Fieldwork is the phase in which we conduct testing. We may need to meet with staff to obtain supporting documentation, to better understand processes, or to discuss potential areas of concern.
  • Draft report/Draft observations. You will receive draft copies of the report and any observations prior to the exit meeting.
  • Exit meeting is conducted with key leaders in your area to discuss the results of the audit.
  • Provide responses to any findings. You will have the opportunity to formally respond to any audit findings.
  • Final review of draft report. A final draft of the report with your responses to findings will be shared with you before the report is released.
  • Report is issued.
  • Follow up

Internal Audit provides consultative and advisory services which are intended to provide advice and information on internal controls, risk management and sound business practices. This includes reviewing current practices, interpreting policies and procedures, participating on standing committees, completing limited-life projects, attending ad-hoc meetings and responding to routine questions. In addition, our advisory work includes work with UNC System Office and several professional organizations and serving as liaisons between the University and various external auditors.

Investigations are conducted in response to suspected fraud, waste or abuse of university resources. We evaluate the actions and intent of the individuals and offices involved.

Additional Resources

Documents on a clipboard with hands

Charter

Policies and procedures binders

University Policies & Regulations

FAQs

When most people think of auditing the first thing that comes to mind is, financial auditing. While this is an important aspect of auditing, it is only one small facet. The Institute of Internal Auditors defines internal auditing as "an independent, objective assurance and consulting activity designed to add value and improve an organization's operations". It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

  • Consult with management and provide methodologies, facilitation, focus, knowledge, technology, best practices and independence that help solve problems.
  • Verify the existence of university assets and ensure proper safeguards for their protection.
  • Evaluate the reliability and integrity of data produced by information systems.
  • Assess the extent of compliance of each area with applicable laws, regulations, accreditation standards, policies and procedures.
  • Evaluate the adequacy of the internal control structure within a department or unit.
  • Investigate concerns relating to fraud, embezzlement and theft.

Internal Audit develops an annual audit plan (work plan) to identify the engagement projects to be conducted during the upcoming fiscal year. Throughout the year the audit plan may be amended to include requested reviews, special projects or changes in priority.

Some of the things we consider when developing our audit plan include:

  • To what extent is the process or area required to comply with state or federal regulations?
  • Is this area subject to a great deal of public scrutiny?
  • Has recent organizational change occurred?
  • What is the volume of activity?
  • How reliant is the area on technology?
  • When was the last time Internal Audit reviewed it?
  • Have concerns about conduct resulted in a requested review?
  • Does management have concerns that they’d like us to look into?  Concerns can be about the internal structure, regulations, complexity of operations or any prior audit findings

The annual audit plan is reviewed and approved by the Audit Committee of the UNCP Board of Trustees and the Chancellor.

Fraud and Abuse Reporting

Any dishonest or improper act by an employee such as those that violate the law, waste money, or endanger public health and safety, are of concern to UNCP. In addition, North Carolina General Statute & 143B-920 requires all state agencies, including UNCP, to report misuse of state property.When potential violations are reported, all reports are investigated as promptly and discreetly as possible with the facts made available only to those who need to investigate and resolve the matter. UNCP Policy 07.45.01, Misuse of State Property, protects employees who have reported suspected criminal activity in good faith from retaliation.
Dishonest or fraudulent activities include:
  • Forgery or alteration of documents
  • Misrepresentation of information on documents
  • Misuse, mismanagement, or misappropriation of funds, supplies, or any other asset
  • Improper handling or reporting of money transactions
  • Authorizing or receiving payments for goods not received or services not performed
  • Authorizing or receiving payments for hours not worked
  • Theft of university property
  • Personal use of university purchasing cards, materials, or assets
  • Falsification of documents or reports
  • Any apparent violation of Federal, State, or local laws
  • Any unusual or suspicious activity

Report it to your Supervisor

Alert those in your chain of supervision and give them a chance to solve or resolve it.

Report it to Internal Audit.

Contact us at 910.775.4403 or complete our Anonymous Form for Reporting Fraud and Abuse. These forms are sent directly to UNCP's Office of Internal Audit.

Report it to the Office of the State Auditor.

NC State Auditor Anonymous Abuse Reporting Hotline

Report it to the University of North Carolina System.

InternalAudit@northcarolina.edu or 919.843.3623

Contact Us

Carla Jacobs, headshot

Carla Jacobs

Chief Audit Officer


910.775.4403

Have Questions?

Contact Us
Dr. Joseph B. Oxendine Administrative Building Suite 104
PO Box 1510 Pembroke, NC 28372
Phone: 910.775.4403
Fax: 910.521.6176
carla.jacobs@uncp.edu


Email Us
Clock tower water feature flowers