An Audit is an independent objective review of operating policies and procedures. The audit process executes a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
UMD is audited by the Office of Legislative Audits (OLA) and USM's Office of Internal Audits (OIA). OLA audits for fiscal compliance every three years. OIA audits various areas annually.
The audit process involves the client from start to finish. Learn more about the audit process, including what you can expect, why you are being audited and the audit steps.
Internal audits are generally initiated as part of UMD’s annual audit plan. Audits can also be requested by senior administrators or department/unit or as a result of complaint.
The Internal Auditor will gather information to analyze and assess a process, department/unit, and/or function to ensure compliance with UMD policy and procedures and state and federal policies and laws. See typical audit areas are:
Revenue/Cash
- Segregation of duties
- A separate individual should be responsible for creation (e.g. invoice), receipt of monies, deposit, record keeping and reconciliation.
- Reconciliations between two systems are performed timely and documented
- Working Fund transactions are authorized, monitored and tracked
Expense
- Purchasing Card/Travel Card
- Purchases are appropriate for business
- Supported by a detailed receipt which matches Level 3 data from bank
- Recorded on the card log
- Log signed by supervisor within 30 days from end of cycle
- Travel
- Pre-approval, receipts, per diems
- AP Invoices, Disbursement Vouchers
- Appropriate business expense
- Authorized
- Timely (Requisition, PO, Invoice, Payment)
- Procurement rules were not circumvented
Payroll
- Time reporting - un-signed and un-approved time sheets
- Payroll/HR
- Pay Adjustments are correct, approved and supported
- Agreements for Professional Faculty signed by all parties prior to start date
- Payroll adjustments reviewed for authorization and accuracy
- Verify credentials
IT/Security
- Vulnerability measures implemented routinely
- Critical/sensitive information restricted based on job duties
- Procedures and technology implemented to secure PII/confidential data from exposure or data breach
- Network access to application and database servers adequately restricted
Other
- Inventory- records are complete and accurate, disposal
- Background checks for those who work with youth (e.g. camps)
- Center & Institutes are formed, approved, reviewed and reported about in accordance with policy
- Scholarships awarded appropriately
There are different phases of the internal audit process. The amount of time required to conduct and complete each phase depends on the cooperation and availability of the client, and the complexity of the audit. An overall audit process may take approximately three to 12 months.
The auditor will typically request the following information:
- Mission and key objectives of the entity or process
- Results of prior internal and external reviews
- Action plans for significant management initiatives
- Organizational charts
- Process flowcharts
- Summary of contracts and grants
- Department/unit-specific policies and procedures
- Budgetary, financial, management, and exception reports
- Source documents such as payroll records, travel vouchers, recharges and cost transfers
See description of the Audit Steps here.