How Audits are Decided Upon

The internal audit department develops an audit plan utilizing risk analysis to identify the major areas and units needing audit attention. This involves periodic assessments of the university operating units and control functions to identify areas of potential institutional risk. The assessment of risk is based on factors such as:

  • The size and make up of the budget
  • Any known weaknesses/problems
  • Significant changes in personnel, operations, and policies
  • The degree of risk or exposure to loss
  • The results of audits by other auditors (ABOR, Auditor General, Federal)
  • The extent of compliance with standard university policies and procedures as reported by processing departments (i.e., accounts payable, purchasing, payroll)
  • Input from the fiscal representatives for the vice presidents/provost and departments' business managers
  • Historical data and prior audit results
  • New or changed laws/regulations

Based on these assessments and discussions with administrators, an annual audit plan is recommended by the internal audit department. This plan is submitted to the Vice President for Administration & Finance for approval. The plan is continually subject to modification depending on the urgency of projects/issues that may arise during the year. The audit plan is intended to focus work where it would be most productive, address the highest-risk areas identified and provide the most payback.

Contact Info

P.O. Box 4115

Flagstaff, AZ 86011


928-523-6630 fax

University Services Building (Building 90)

1296 S Knoles Dr



2007 Arizona Board of Regents, Northern Arizona University
South San Francisco Street, Flagstaff, Arizona 86011