index

Wake Forest University

Office of Internal Audit

Piedmont Plaza II, Suite 305

(336) 716-5764

Hotline 1-877-880-7888

MISSION
The mission of the Office of Internal Audit Department is to assist University management and the Board of Trustees in identifying, avoiding and, where necessary, mitigating risks.

METHODOLOGY
The Office of Internal Audit conducts independent and objective reviews of University operations and procedures. Findings and recommendations are reported as appropriate. In order to accomplish our objectives, we perform the following on a continual basis:

Evaluate the adequacy of the internal control structure based on COSO criteria. (see below)
Assess compliance with written policies, procedures, laws and regulations.
Evaluate the reliability of accounting and reporting systems.
Verify the existence of assets and ensure proper safeguards for their protection.
Review the application of information technology for governance, control and assurance.
In performing these activities, the auditor is authorized to have full, free, and unrestricted access to all property, personnel and records (including medical) relevant to the subject under review. This authority is granted by the Wake Forest Board of Trustees.

COSO DEFINITION OF INTERNAL CONTROL
Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.

The three primary objectives of an internal control system are to ensure (1) efficient and effective operations, (2) accurate financial reporting, and (3) compliance with laws and regulations. The report also outlines five essential components of an effective internal control system.

The Control Environment, which establishes the foundation for the internal control system by providing fundamental discipline and structure.
Risk Assessment, which involves the identification and analysis by management - not the internal auditor - of relevant risks to achieving predetermined objectives.
Control Activities, or the policies, procedures, and practices that ensure management objectives are achieved and risk mitigation strategies are carried out.
Information and Communication, which support all other control components by communicating control responsibilities to employees and by providing information in a form and time frame that allows people to carry out their duties.
Monitoring, which covers the external oversight of internal controls by management or other parties outside the process; or the application of independent methodologies, like customized procedures or standards checklists, by employees within a process.

The Office of Internal Audit had developed an audit plan utilizing risk analysis to identify the major areas needing audit attention. Each year the audit department evaluates the top risk areas and determines which should be included in the annual plan. The plan is approved by the President and the Board of Trustees.

Auditing - It's a Risky Business
It's all about reducing risks and that helps you and WFU.

COSO and HHS OIG
COSO and the OIG seven rules go hand in hand. COSO's focus is on effective and efficient operations, reliable financial statements, and compliance with laws and regulations. HHS OIG guidelines stress a recurring theme of internal controls and internal audit

HIPAA - Health Insurance Portability and Accountability Act. (Internal link) HIPAA will have a significant impact on how we do business particularly as it relates to security and privacy of patient information.

A Guide to Departmental Recovery Planning.
A guide to help departments in their disaster recovery planning.

Glossary of Information Systems Auditing terms Terms and meanings to help you better understand the world of I.S. Auditing.

Glossary of Internal Audit Terms
Common auditing terms and what they mean to you.

Internal Control Review Questionnaire
Departments should use this questionnaire as a guide to manage important financial controls within their units. We encourage you to review this questionnaire periodically to assess your department's compliance with proper internal controls.