Audits are objective examinations of evidence for the purpose of providing an independent assessment. These services include assessing and reporting on the adequacy and effectiveness of internal controls, risk management, and governance processes. The audit is not intended to evaluate an individual’s performance; it is focused on department processes. The scope of audit coverage includes reviewing and evaluating:
- Internal controls established to ensure compliance with applicable policies, plans, procedures, laws, regulations, and contracts.
- The means with which assets are safeguarded.
- The reliability and integrity of financial and operating information.
- The economy, efficiency, and effectiveness with which resources are employed.
- IT systems to determine if they are appropriately managed, controlled, and protected.
Each fiscal year, Audit & Advisory Services develops an annual audit plan. The plan is developed based on available staff resources, the performance of a risk assessment, and includes significant input from UCLA management. The plan is submitted to and approved by the UCLA Oversight Committee on Audit, Information Technology, Governance, Compliance and Controls (UCLA Oversight Committee), the UCLA Chancellor, the UC Senior Vice President/Chief Compliance and Audit Officer, with final approval by the UC Regents.
The objective of developing the annual audit plan is to ensure that there is adequate audit coverage in the following functional areas within UCLA:
- UCLA Health Sciences
- Financial Management
- Academic Units and Programs
- Facilities, Construction & Maintenance
- Information Management and Technology
- Student Affairs
- Auxiliary, Business and Employee Support Services
- Human Resources and Benefits
- Development and External Relations
- Risk Management
- Environment and Safety
- Budget and Planning
Audit & Advisory Services meets with the UCLA Oversight Committee on a quarterly basis to review the status of the plan and evaluate audit priorities. A majority of Audit & Advisory Services staff resources are spent performing audit services. This includes the following types of activities:
Planned audits are a result of the annual risk assessment process. These audits can also be high priority systemwide audits as identified by the UC Office of Ethics, Compliance & Audit Services, in conjunction with the UC Audit Directors from each campus.
A portion of hours is set aside each year to recognize the dynamic nature of the University environment and provide flexibility in the annual audit plan. These types of projects can include special requests from management or may result from interim amendments to the risk assessment results. Projects undertaken as supplemental audits are at the discretion of the campus Audit Director. Additional approval from the Oversight Committee or UC Regents is not needed.
Follow-up is performed to assess the status of corrective actions taken to address recommendations in prior audit reports. Follow-up reviews are conducted approximately four months after the auditee’s response to the audit report. Follow-up work will continue until all recommendations have been appropriately addressed.
When an audit is completed, a written report is prepared to communicate the audit results and recommendations for enhanced controls to department management. Management is asked to respond with a corrective action plan and timeframe to address each recommendation. Once management’s responses have been received, they are incorporated into a final report. The final report is distributed to campus executive leadership and to the UC Office of the President. Final audit reports are also made available to the public, either via a UC website or, for confidential reports, through a public records request.