Advisory and Consulting Services
Advisory and consulting services include review of existing business processes and strategies, as well as implementations. It also includes evaluation and advice on policies, procedures, process enhancements, and any management requests for reviews of areas considered mutually critical.
The International Standards for the Professional Practices of Internal Auditing (IPPF) Standards define consulting services as advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation, and training.
Assurance Services (Audit)
Assurance services (as defined by the AICPA) is an independent professional service, typically provided by Certified Public Accountants, with the goal of improving the information or the context of the information so that decision makers can make more informed, and presumably better decisions. Assurance services provide independent and professional opinions that reduce the information risk (risk that comes from incorrect information).
The IPPF Standards of the IIA define assurance services as an objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples may include financial, performance, compliance, system security, and due diligence engagements.
Types of Audits:
- FINANCIAL AUDITS address questions of accounting and reporting of financial transactions, including commitments, authorizations, and receipt and disbursement of funds. The purpose is to verify that there are sufficient controls over cash and cash-like assets and that there are adequate process controls over the acquisition and use of resources.
- COMPLIANCE AUDITS determine the degree of a unit’s adherence to laws, regulations, policies, and procedures. Examples of external requirements include Federal and State laws, NCAA regulations, and Federal and State OSHA regulations. Recommendations often call for improvements in processes and controls intended to ensure compliance with regulations.
- INFORMATION SYSTEM (IS) AUDITS address the internal control environment of automated information processing systems and how people use those systems. IS audits typically evaluate system input, output, processing controls, backup and recovery plans, system security, and computer facility reviews. IS auditing projects can focus on existing systems as well as systems in the development stage.
- OPERATIONAL AUDITS, sometimes called program or performance audits, examine the use of unit resources to evaluate whether those resources are being used in the most efficient and effective ways to fulfill the unit’s mission and objectives. An operational audit includes elements of a compliance audit, a financial audit, and an IS audit.
- ADMINISTRATIVE INTERNAL CONTROL REVIEWS focus on the departmental level activities that are components of the University’s major business activities. Areas such as payroll and benefits, cash handling, inventory and equipment and their physical security, grants and contracts, and financial reporting are usually subject to review.
- INVESTIGATIVE AUDITS are performed when appropriate. These audits focus on alleged civil or criminal violations of State or Federal laws or violations of University policies and procedures that may result in prosecution or disciplinary action. Internal theft, white-collar crime, misuse of University assets, and conflicts of interest are examples of reasons for investigative audits.
- FOLLOW-UP AUDITS These are audits conducted approximately six months after an internal or external audit report has been issued. They are designed to evaluate corrective action that has been taken on the audit issues reported in the original report. The purpose of a follow-up audit is to revisit a past audit’s recommendations and management’s action plan to determine if corrective actions were taken and are working, or if situations have changed to warrant different actions.