Office of Internal Audit
Who We Are
VISION
Internal Audit strives to be recognized by LU management and the Board of Directors as an independent and sought after resource that actively supports the organization’s identification, evaluation and mitigation of risks and serves as a proponent for internal controls and continuous improvement.
What We Do
MISSION
Internal Audit strengths Liberty University’s ability to create, protect, and sustain value by providing the board and management with independent, risk-based, and objective assurance, advice, insight, and foresight.
Requesting Our Services
You Should Contact Internal Audit (IA) to:
- Schedule an audit of your entire operation (e.g., the Purchasing Department)
- Schedule an audit of a specific function or process within your operation (e.g., processing requisitions)
- Review a specific concern or activity (e.g., controls over the vendor database)
- Participate on a special project (e.g., implementation of a new system, service, or product)
- Serve as the liaison for an external audit (e.g., regulatory audits, agency audits/reviews)
- Consult on various operational matters
Framework & Resources
Audit Process
Internal audits are designed to be a collaborative process, and we will work with management to identify any possible improvements, risk management, or controls in the area. Internal Audit strives to communicate clearly and effectively, and we work to make sure that each area understands any findings before an audit is concluded.
Though each audit will look different, audits will typically contain the following stages.
Annual Audit Plan
Internal Audit conducts an annual Risk Assessment that aims to encompass university-wide risk across auditable areas. These risks are then incorporated into an annual audit plan, which is then presented and approved by the Audit Committee of the Board of Trustees.
Audit Planning
During the planning phase, Internal Audit will conduct thorough research on the audit topic to gain a high-level understanding of the area and associated risks before working on the scope and objectives of the audit.
Once audit objectives and scope are defined, the audit program is created, which is the blueprint for conducting the audit and accomplishing the audit objectives. During this phase you can expect the following:
- Notification email and charter: With a few exceptions, areas are notified in writing via email when they have been selected for review. This notification may contain a request for preliminary information or a kick-off meeting.
- Kick-off meeting: Depending on the type of engagement, often we will plan a brief meeting to introduce the audit staff, and outline the audit process. It is also a time for management to bring any concerns forward for consideration.
Audit Fieldwork
This phase will look different for each audit but will typically involve review of policies and procedures followed by conducting tests to assess the adequacy of internal controls and compliance, testing of transactions, records, and resources, and performing other procedures necessary to accomplish the objectives of the audit.
It may be necessary for the audit team to conduct interviews with some key personnel; however, we do make an effort to minimize disruptions and try to work with areas to make the audit process as smooth as possible.
Throughout the audit, the area will be informed of the audit process through regular status updates. The audit team will present management with the opportunity to respond to any audit observations, potential issues, and proposed recommendations identified throughout the audit.
Audit Report
Audit reports are typically prepared in draft form and, if recommendations are made, management is given the opportunity to provide a response to the any findings or recommendations. Typically, a management response would be a rationale for disagreeing with a recommendation, some form of plan to implement a recommendation, or an alternative plan to address any identified concerns.
The final result of every audit is a written report or memo that details the audit scope and objectives, results, recommendations for improvement, and the management response or corrective action plans if applicable.