There are two primary schools of thought in developing an audit approach:
- One viewpoint is to assume that everyone is looking for ways to “beat the system”; therefore, the auditors devise audit steps that focus on finding evidence of wrongdoing.
- The other approach is to assume that most people take pride in their work and want to do the right thing—they just need to know what is expected of them and have the information and tools available to allow them to successfully carry out their responsibilities. In this case, the auditor’s approach is to examine areas of high risk and focus on ways these risks can be most effectively and efficiently mitigated.
We are pleased to say that the latter is the vision, philosophy, and progressive approach we have adopted in the Department of Internal Auditing at Georgia Institute of Technology.
As we have canvassed the campus conducting audits and collaborated with colleagues throughout higher education, we have compiled perspectives and observations of “best practices” in handling many of the areas of risk that most units (departments, schools, etc.) encounter. This is not a policies and procedures manual – there are already many valuable policies and procedures which outline business rules. Our goal with this document, instead, was to compile our observations and recommendations on best practices in managing business risks and creating effective and efficient systems of internal control.
In establishing solid risk mitigation procedures and strong systems of internal control, faculty and staff are then free to advance their units’ missions towards achieving their strategic goals.
This will be a living document and will be updated frequently so we encourage visits to our web site to check for updates and revisions. We welcome questions and feedback regarding the information contained herein, particularly comments regarding how this may be more useful.
We express our appreciation for the support from the Office of the President, the Executive Staff, and the many subject matter experts around campus who have provided input and feedback on this document. This collaborative approach with senior management demonstrates the Institute’s commitment to ensuring its administrative processes are on par with the high standards of excellence Georgia Tech is known for in its academic and research initiatives.
- Full ICG Document with all sections
- Section 1: Areas of Fiscal Risk
- Section 2: Areas of Human Resources Risk
- Section 3: Areas of Legal & Regulatory Risk
- Section 4: Areas of Health & Safety Risk
- Section 5: Areas of Information Systems Risk
- Section 6: Areas of Public Relations Risk
- Section 7: Areas of Risk Dealing with Students
- Section 8: Areas of General Risk