Internal Audit is responsible for evaluating the internal controls environment for financial transactions, operational activities, and compliance objectives. Our engagements include vertical reviews of specific business units or specialized activities, as well as horizontal reviews for key business processes spanning multiple stakeholder entities and University-wide activities. Our goal is to provide objective, valuable, and respected service to each of our clients by identifying and communicating opportunities to increase business process efficiency and strengthen the internal control environment. Our service portfolio includes:
Financial & Operational Control Audits
We provide an objective and professional evaluation of an area, department, or functional operation. We evaluate the design and operating effectiveness of the internal control environment. We advise on risks, internal control weaknesses, and opportunities for improvement to ensure organizational goals and objectives are being met, and the efficiency and effectiveness of operations, transaction processing, and financial reporting.
Our compliance audits evaluate the degree to which a business process supports adherence to applicable laws, regulations, or guidelines issued by government agencies. These audits also assess adherence to contractual terms and conditions between Emory and a third party. We advise process owners on risks, risk tolerance, oversight, monitoring, and procedures that can affect compliance obligations or expectations.
Financial Fraud Investigations
Internal Audit supports management’s efforts to establish a culture that embraces ethics, honesty, and integrity in accordance with Emory’s Statement of Guiding Ethical Principles . Investigative audits identify the facts and circumstances of possible financial fraud or misappropriation of the organization’s assets. We assist management with the evaluation of internal controls used to detect or mitigate fraud.
Internal Audit provides routine consultation and advisory services to University management. This may include, but is not limited to, interpreting policies and procedures, participating on standing committees, analyzing risk and control of new processes and related system implementations, providing internal control and fraud awareness training and education, and facilitating information exchange across the enterprise.
Internal Audit supports various enterprise-wide initiatives, such as the administration of the Financial Attestation Process (FAP), co-chairing of the Enterprise Risk Management (ERM) initiative, and responding to reports received via the Emory Trust Line (whistleblower hotline).
Continuous Auditing/Data Analytics
The continuous auditing program (CAP) provides for a daily, technology-enabled, detective audit of transactions. Transaction and master file data from multiple systems (PeopleSoft, Kronos, Chase Corporate Card, etc.) is passed daily to the audit data analytics server. Logical scripts are run against the transactional data to identify potential policy violations, control failures, or fraud. Business Officers receive email alerts to notify them of potential exceptions requiring their review and resolution.
Historical data is retained in the data analytics server, enabling Internal Audit to perform ad hoc analysis and reporting. This information is made available to Business Officers upon request.