Services

The Cornell University Audit Office (UAO) provides a range of services to university leadership and the Board of Trustees related to the governance, risk and control functions of Cornell.  These services are delivered both to central administrative functions and the university’s various decentralized operating/academic units.  Each fiscal year the UAO prepares an Annual Work Plan that is approved by the Audit, Risk, and Compliance Committee (ARCC) of the Board of Trustees and outlines planned projects for the year.  UAO also performs certain “ad-hoc” assurance and advisory services for management as needed/requested.

Assurance: Audit and Review engagements, Risk Assessments

Auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, function, process, system or other subject matter.  Assurance may be with respect to various objectives: Financial, Operational, Strategic, Regulatory/Legal.

Advisory / Consulting

Nature and scope of procedures are subject to agreement with client management, where auditor remains objective and does not assume management responsibility.

Investigations – Financial Irregularities, Whistleblower Claims

Critical examination of available evidence to substantiate claims of fraud, policy violations, or other similar matters, including all matters reported through the Cornell Ethical Conduct and Compliance Hotline (aka Cornell Hotline).

Analytics and Data Strategy

Data-driven services (e.g., data analysis, data visualization, outlier detection, process automation, process mining) designed to enhance and inform audit activities, including the Annual Audit Risk Assessment, Audit Engagements (Information Gathering, Planning, Fieldwork, Reporting, Follow-ups), Continuous / Timely Assurance, Fraud Detection and promote institutional analytic advancement and knowledge sharing all of Cornell University (e.g., Ithaca Campus, Weill Cornell Medicine Campus).

IT Audit

Services designed around the IT Risk environment including application, cloud contract, cyber-security and vendor risk assessments; integrated audit support including IT general controls testing; IT advisory services; and IT application steering committee participation and pre-/post-implementation reviews.

Steering Committees, Working Groups

Participation on key oversight groups and committees designed to provide additional awareness, UAO perspectives/input, and limited assurance throughout project life-cycles.

Training, Education and Awareness

Presentations, communications and other activities designed to increase client management’s awareness and understanding of relevant information.