Scope of Work
The scope of IAS work is to determine whether UCI's network of risk management, control, and governance processes, as designed and represented by management at all levels, is adequate and functioning in a manner to ensure:
- Risk management processes are effective and significant risks are appropriately identified and managed.
- Ethics and values are promoted within the organization.
- Financial and operational information is accurate, reliable, and timely.
- Employee's actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
- Resources are acquired economically, used efficiently, and adequately protected.
- Programs, plans, and objectives are achieved.
- Quality and continuous improvement are fostered in the organization's risk management and control processes.
- Significant legislative or regulatory compliance issues impacting the organization are recognized and addressed properly.
- Effective organizational performance management and accountability is fostered.
- Coordination of activities and communication of information among the various governance groups occur as needed.
- The potential occurrence of fraud is evaluated and fraud risk is managed.
- Information technology governance supports UC strategies, objectives, and the organization's privacy framework.
- Information technology security practices adequately protect information assets and are in compliance with applicable policies, rules, and regulations.
Opportunities for improving management control, quality and effectiveness of services, and the organization's image identified during audits are communicated by IAS to the appropriate levels of management.
Nature of Assurance and Consulting Services
IAS performs three types of projects:
- Audits - are assurance services defined as examinations of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples include financial, performance, compliance, systems security, and due diligence engagements.
- Advisory Services - the nature and scope of which are agreed with the client, are intended to add value and improve an organization, governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include reviews, advice, facilitation/training and participation on campus committee's and work groups.
- Investigations - are independent evaluations of allegations generally focused on improper governmental activities including misuse of university resources, fraud, financial irregularities, significant control weaknesses, and unethical behavior or actions.