University Audit


Audits and advisory services are used to evaluate the adequacy and effectiveness of controls in responding to risks within the university’s governance, operations, and systems regarding the:

  • Achievement of the university’s strategic plan
  • Reliability and integrity of financial and operational information
  • Effectiveness and efficiency of operations and programs
  • Safeguarding of assets
  • Compliance with laws, rules, regulations, policies, procedures, and contracts

Audits are typically based on one or more of the following six objectives:

  1. Evaluation of program performance and effectiveness
  2. Evaluation of compliance with external regulations and/or internal UCF policies
  3. Evaluation of the effectiveness and efficiency of current workflow processes including internal control design and implementation
  4. Calibration of the audit client’s initiatives, objectives, and output with the values and priorities of the UCF Strategic Plan
  5. Evaluation of IT general controls
  6. Evaluation of the sourcing, budgeting, monitoring, and reporting of financial transactions.
Business people talking

Audit Selection Process

Audits are selected based on a risk assessment of the university. Areas with higher risk are those with a larger volume of transactions or potential for fraud risk, past internal control concerns, complex operations, significant impact on university operations or the strategic plan, greater potential for negative publicity, significant changes in management or organizational structure, and extended time since last audit.

Business people talking

Audit Process

1. Planning and Entry Conference

The audit begins with planning the audit and meeting with management at an entry conference. At the meeting, we explain the audit scope and objectives, discuss the timing of the audit, and ask about any concerns of management. The auditor next obtains background information, reviews applicable regulations, and discusses with management the area's mission, objectives, and higher risk issues.

2. Review of Internal Controls and Test of Transactions

In this phase of the audit, the auditor meets with staff and management to understand the unit's procedures and internal controls. The auditor identifies controls that reduce risk, as well as any missing controls.

The auditor tests a sample of transactions, with emphasis placed on higher risk items to verify that controls are functioning as intended or determine where improvements are needed. Audits of revenues and expenditures typically include tests of revenues, purchases, PCard purchases, property, travel, and payroll.

3. Draft Report and Exit Conference

The auditor first meets informally with management of the area to discuss probable report comments to ensure the comments are accurate and that the recommendations are feasible. Then the report is drafted and sent to management for review prior to discussion at the exit conference.

4. Final Report

The final report reflects changes discussed at the exit conference as well as management's plan for corrective action. The report is officially addressed to the University President, with copies to applicable administrators and to the Board of Trustees.

Audit Follow-up

We follow-up with management to determine whether the recommendations were successfully implemented. To perform the follow-up, the auditor enquires about progress in implementing the recommendations and may test transactions related to new or redesigned controls.