Learn about the Various Types of Audits

Learn about the various types of audits, assessments and process improvement methods conducted at Columbia University. 


Audit Advisory Services

Audits are identified as part of a risk assessment process and through requests from management, the board or in conjunction with the external auditors.

Process Review

Internal Audit provides consultative services to review a process and provide advice on the presence of risks and controls, the effectiveness of the controls to mitigate the risks, overall process improvement – streamlining the process through a discussion of recommended practices.

Process Improvement

Our process improvement assistance can help identify cost-savings opportunities for management and assists in communicating and implementing best practices within and between departments on campus.

Control Assessment

A control assessment is designed to assess the internal controls in key areas of a University department, unit or component.

Control assessments are conducted by going over a series of questions with the client and requesting basic documentation of their assertions regarding the department's internal controls. The basic documentation is then reviewed to assure that the department is in compliance with federal and state law, University policies and procedures, and good business practices.

Risk Assessment

Actions or events, called risks, can adversely affect an organization's ability to successfully achieve its objectives and execute its strategies. To be successful, our organization must be able to effectively monitor and control these risks. Risk assessment services entail helping clients identify, assess, and develop strategies to manage relevant risk exposures.

Types of Audits

Financial – Financial audits typically involve a focus on financial controls as they relate to reporting. These audits focus on accounting controls present in the general ledger or sub-ledger systems. Financial statement auditing is the focus of our external auditors. Internal Audit will complement the work they perform based on an agreed plan.

Operational – Operational audits focus on the review and assessment of a business process. The activities of the business process may result in a direct or indirect financial impact to the organization such as the collection of student tuitions or patient account balances. Internal Audit primarily focuses on operational audits but can extend the scope to include accounting procedures that can impact financial reporting.

Compliance – Compliance audits review the level of compliance with internal policies or external regulatory requirements.

Information Systems – Audits of Information Systems look at the overall infrastructure and network of the University and the controls that relate to the security of the network and the systems that are maintained in support of the goals of the University. They also include technical operations, data center operations, project management procedures, and application controls.

Integrated Audits – Integrated audits look at controls that address financial, operational, compliance and information systems risks. These audits are typically centered on a business cycle or a specific part of a cycle or process.

Still have questions?

Visit our Service Center.