Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objective bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
A basic overview of the Office of Internal Audit
The purpose of Western Carolina University’s (University) Office of Internal Audit (OIA) is to provide independent, objective assurance and consulting services designed to add value and improve University’s operations. The mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. The OIA helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.
Review Audit Statutes & Policies
At the end of each audit, we issue an audit report. The report contains our unbiased assessment of the effectiveness of your unit’s processes, internal controls, compliance, etc. The report includes an overall audit rating, audit issue ratings (if any), and recommendations when applicable.
Audit findings
We report on those risks that are rated medium or high.
High Risk indicates:
Medium Risk indicates:
Low Risk indicates less significant issues, not included in the final report. The issues are discussed with management.
Audit ratings
Based on the aggregate level of risk, one of three ratings is issued.
Note: Needs improvement is not a negative audit rating. It just means that management needs to respond with an action plan to improve processes.
These audit ratings are effective as of July 1, 2024.
Improper governmental conduct includes alleged fraud, misappropriation, mismanagement
or waste of state resources. It also includes alleged violations of state or federal
law, rule or regulation in administering state or federal programs, and substantial
and specific danger to the public health and safety.
Report Fraud, Waste, and Abuse
The University is subject to external audits, program reviews, and similar activities by various agencies and other organizations. It is the responsibility of the primary contact person for the program or activity being reviewed to notify the Internal Audit Office.
Submit a notification of External Audit
The Office of the State Controller of North Carolina has adopted a Code of Ethics. The Code establishes the standard for the minimum levels of expected behavior and is also intended to serve as a guide for making ethical decisions.
The chief audit executive is responsible for developing a risk-based plan. The chief audit executive takes into account the organization's risk management framework, including using risk appetite levels set by management for the different activities or parts of the organization. If a framework does not exist, the chief audit executive uses his/her own judgment of risks after consideration of input from senior management and the board. The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organization's business, risks, operations, programs, systems, and controls.