In order to meet the responsibilities and objectives as set forth in the Audit Charter, it is necessary for internal audit to perform reviews and audits of varying types and scopes depending on the circumstances and requests from management.

Each fiscal year an annual audit plan is developed and submitted to the president and Board of Governors’ Committee on Audit, Risk Management, and Compliance for review and approval. The audit plan is developed using a risk assessment methodology, as well as requests from management. Audit services can be requested by members of the UNC System Office community through memos, email, , or via the System Office Hotline.

The types of audit services provided by the internal audit unit are listed below.


Operational audits review the effectiveness and efficiency of operational units within the UNC System Office. Effectiveness measures how successfully an organization achieves its goals and objectives. Efficiency measures how well an entity uses its resources to achieve its goals.

Compliance audits measure the compliance with established University, Federal or State laws, regulations, and/or policies.

Information technology (IT) audits are conducted to evaluate the quality of the controls and safeguards over the information technology resources and critical data of the organization. These audits normally consist of reviewing the effective use of information technology resources, adherence to management’s policies, and assessing the design and implementation of internal controls over computer applications and the computing environments in which they are used.

financial audit is a review intended to serve as a basis for expressing an opinion on the fairness, consistency, and conformity of financial information with generally accepted accounting principles. Financial audits can be full or limited in scope, depending on the objectives.

Follow-up Review

For internal or external audit work that results in recommended improvements, internal audit conducts follow-up reviews to assess if management’s planned corrective actions have been implemented.

Consulting / Advisory

Internal audit often provides routine consultation and advisory services to all levels of management. These engagements may include but are not limited to interpreting policies, reviewing specific processes and controls, and offering feedback on how internal controls and/or operations might be strengthened. These are frequently undertaken when a significant process change is being planned. We strongly encourage departments to contact us for advice when starting a new business process or making significant changes to the way day-to-day activities are conducted. We believe that it is easier to “get it right” from the beginning rather than having to “fix it” later!


These engagements are normally requested on an as-needed basis by management or by anonymous tips and/or requests. Investigative audits typically focus on specific topics and may include alleged irregular conduct, non-compliance with established policies or laws, misuse of State/university resources, false time reporting, internal theft, and/or conflicts of interest.

Fraud, Waste, and Abuse

Any dishonest or improper act by an employee such as those that violate the law, waste money, or endanger public health and safety, are a concern. In addition, North Carolina General Statute § 143B-920 requires all state employees, including employees of the UNC System Office, to report theft or misuse of state property. Under UNC System Office finance policies and procedures, such information should be reported to internal audit or legal. When potential violations are reported, internal audit will investigate as promptly and discreetly as possible.

To report suspected fraud, waste, or abuse, please visit the System Office Hotline to submit a concern.