The Cornell University Audit Office (UAO) provides a range of services to university leadership and the Board of Trustees related to the governance, risk and control functions of Cornell. These services are delivered both to central administrative functions and the university’s various decentralized operating/academic units. Each fiscal year the UAO prepares an Annual Work Plan that is approved by the Audit Committee of the Board of Trustees and outlines planned projects for the year. UAO also performs certain “ad-hoc” assurance and advisory services for management as needed/requested.
Assurance: Audit and Review engagements, Risk Assessments
Auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, function, process, system or other subject matter. Assurance may be with respect to various objectives: Financial, Operational, Strategic, Regulatory/Legal.
Advisory / Consulting
Nature and scope of procedures are subject to agreement with client management, where auditor remains objective and does not assume management responsibility.
Investigations – Financial Irregularities, Whistleblower Claims
Critical examination of available evidence to substantiate claims of fraud, policy violations, or other similar matters, including all matters reported through the Cornell Hotline.
Data Analytics and Continuous (Timely) Assurance
Data-driven audit and analytical services including data mining, visualizations and dashboards. Incorporated throughout all other UAO engagements as applicable/appropriate.
IT Risk Assurance
Services designed around the IT Risk environment including application, cloud contract, cyber-security and vendor risk assessments; integrated audit support including IT general controls testing; IT advisory services; and IT application steering committee participation and pre-/post-implementation reviews.
Steering Committees, Working Groups
Participation on key oversight groups and committees designed to provide additional awareness, UAO perspectives/input, and limited assurance throughout project life-cycles.
Training, Education and Awareness
Presentations, communications and other activities designed to increase client management’s awareness and understanding of relevant information.