Skip to main content


The Cornell University Audit Office (UAO) provides a range of services to university leadership and the Board of Trustees related to the governance, risk and control functions of Cornell.  These services are delivered both to central administrative functions and the university’s various decentralized operating/academic units.  Each fiscal year the UAO prepares an Annual Work Plan that is approved by the Audit Committee of the Board of Trustees and outlines planned projects for the year.  UAO also performs certain “ad-hoc” assurance and advisory services for management as needed/requested.

Assurance: Audit and Review engagements, Risk Assessments

Auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, function, process, system or other subject matter.  Assurance may be with respect to various objectives: Financial, Operational, Strategic, Regulatory/Legal.

Advisory / Consulting

Nature and scope of procedures are subject to agreement with client management, where auditor remains objective and does not assume management responsibility.

Investigations – Financial Irregularities, Whistleblower Claims

Critical examination of available evidence to substantiate claims of fraud, policy violations, or other similar matters, including all matters reported through the Cornell Hotline.

Data Analytics and Continuous (Timely) Assurance

Data-driven audit and analytical services including data mining, visualizations and dashboards.  Incorporated throughout all other UAO engagements as applicable/appropriate.

IT Risk Assurance

Services designed around the IT Risk environment including application, cloud contract, cyber-security and vendor risk assessments; integrated audit support including IT general controls testing; IT advisory services; and IT application steering committee participation and pre-/post-implementation reviews.

Steering Committees, Working Groups

Participation on key oversight groups and committees designed to provide additional awareness, UAO perspectives/input, and limited assurance throughout project life-cycles.

Training, Education and Awareness

Presentations, communications and other activities designed to increase client management’s awareness and understanding of relevant information.