University Audit serves as the university’s internal auditor, providing internal audits and reviews, management consulting and advisory services, investigations of fraud and abuse, follow-up of audit recommendations, evaluation of the processes to mitigate risk and governance, and coordination with external auditors outside of UCF.
The office is the official contact for persons to report suspected fraud and oversees investigations into allegations of falsification, misappropriation, fiscal irregularities, and other wrongdoing covered in UCF Policy 2-800 Fraud Prevention and Detection.
Internal Audits
Audits are selected based on a risk assessment conducted on a specific area of the university. Those areas with higher risk are ones with a larger volume of transactions or potential for fraud risk, past internal control concerns, complex operations, significant impact on university operations or the strategic plan, greater potential for negative publicity, significant changes in management or organizational structure, and the length of time since the last audit was conducted on the area.
Audits are typically based on one or more of the following objectives:
- Evaluation of program performance and effectiveness
- Evaluation of compliance with external regulations and/or internal UCF policies
- Evaluation of the effectiveness and efficiency of current workflow processes, including internal control design and implementation
- Calibration of the audit client’s initiatives, objectives, and output with the values and priorities of the UCF Strategic Plan
- Evaluation of IT general controls
- Evaluation of the sourcing, budgeting, monitoring, and reporting of financial transactions
Once an audit is completed, the auditor will meet with the management of the area to discuss any potential recommendations for corrective action contained in the drafted final report. This report is officially addressed to the university president, with copies sent to applicable management, administrators, and to the University Board of Trustees. If recommendations for corrective action are made within the report, University Audit will follow up with management to determine if the recommendations were successfully implemented. This process may include requesting progress status on implementing the recommendations and/or testing transactions related to new or redesigned controls.
Management Consulting and Advisory Services
Consulting services provided by the office are intended to add value to the university. These services may include recommendations made to mitigate potential risk, providing guidance to management based on management’s self-assessment of controls in place, communicating best practices, and delivering training in areas like fraud awareness, risk management, internal controls, and other related topics.
University Audit also provides advisory services for administrators, faculty, and staff. Advisory services are less formal than audits, ranging from brief advice over the phone to in-depth analyses. Recommendations resulting from advisory services are addressed to the management of the area and do not require a formal response. These services include:
- Analysis of specific issues or problems
- Review of internal controls in existing systems
- Analysis of specific issues or problems
- Assistance in increasing efficiency of operations
- Advice on how to implement audit recommendations
To request a service by University Audit or to report suspected fraud, the office can be reached by phone at 407-823-2889 or by email to audit@ucf.edu. Reports of fraud or other wrongdoing can also be made anonymously through the UCF IntegrityLine.