In this section:
IT Audit Services
Risk and Control Services
The Office for Audit and Advisory Services (A&AS) is dedicated to improving University operations by providing independent, objective assurance and consulting services with respect to evaluating risk management, control, and governance processes. A&AS assists all members of the University community to comply with policies and procedures and uphold the highest standards of business conduct by utilizing a risk-based approach and pursuing preventive measures.
A&AS serves as an independent and objective resource to examine and evaluate University activities as a service to the Board of Trustees and management of Northwestern University. Audit Services provides assurance and consulting services, while Advisory Services provides enterprise risk management and compliance services.
A&AS is responsible for providing internal audits, consulting, and advisory services in the evaluation of the University’s risk management, control, and governance processes. These services include assessments of the reliability of departmental financial information, compliance with University policies and procedures, compliance with laws and regulations, safeguarding assets, effectiveness and efficiency of operations, and enterprise risk management.
All Audit Services activity is governed by the mandatory guidance of the Institute of Internal Auditor’s (IIA) definition of Internal Auditing, the IIA Code of Ethics, and the IIA’s International Standards for Professional Practice of Internal Auditing. All Advisory Services activity is governed by the guidance offered in the IIA’s Practice Guides.
A&AS has no direct operating responsibility or authority for management processes, internal controls, and any of the activities or operations they review; thereby, maintaining their independence and objectivity.
The Chief Audit Executive (CAE) has a direct reporting relationship to the Audit, Risk and Compliance Committee of the Board of Trustees (Committee) and the President; and reports administratively to the Executive Vice President of Business and Finance. The CAE meets privately with the Committee on a quarterly basis.
The CAE is authorized by the Committee and senior management to:
Ensure that A&AS personnel and contracted resources have unrestricted access to all functions, records, property, and personnel.
- Have full and free access to the Committee.
- Allocate resources, set frequencies, select subjects, determine scope of work, and apply the techniques required to accomplish A&AS objectives.
- Obtain the necessary assistance of personnel in units of the University or those contracting with the University where they perform audits, as well as other specialized services from within or outside the University.
- Provide consulting services to management as deemed appropriate.
Approved by the Chief Audit Executive, the President, and the Audit, Risk, and Compliance Committee Chair on September 1st, 2015.