A department review is limited to interviews with department personnel, completion of selected testing procedures, and observations. Its purpose is to evaluate the adequacy of controls, safeguarding of assets, efficient use of resources, and integrity of financial information, within the context of the above limitations. The department review addresses those administrative functions generic to any operating unit.
A functional review is similar to a department review except that only one of the administrative functions listed above is reviewed. Common functions that are the focus of a functional review include: cash receipts and revenues, purchasing and disbursements, or sponsored programs.
These types of services might include audits of University infrastructure such as the computing network, change management or how the University contracts with outside IT vendors to provide services. A general control review generally considers the configuration of the infrastructure appliance as well as access controls to the appliance.
These types of reviews are a type of audit that focus on an applications utilized by the University. Some examples include the Financial Management System, Student Enterprise System or Blackboard. An application review generally considers functions for segregation of duties and access control.
IT Audit can assist with the implementation of a new system or application. Work of this type might include review of functional and business requirements to assist in the creation of recommended security controls to be included to reduce the time frame and cost of implementing security once the new system or application has been implemented.
IT Outsourcing is a process where IT Audit acts as an independent and objective partner to assist with informed decision making with regards to the internal controls that a vendor offers for the Confidentiality, Integrity and Availability of University data prior to signing a contract with a new vendor.