University of Rochester

Office of University Audit

Types of Audits

Financial Audits:

During financial audits, we determine whether historical financial information fairly presents the financial position and results of operations. In order to form an opinion, we examine the internal control structure and test transactions surrounding economic events. Financial audits are not primarily intended to evaluate management's effectiveness or efficiency. As a result, comments and recommendations about operational matters are byproducts of a financial audit rather than the main objective. Financial audits are generally more limited in scope than operational audits and are concerned primarily in the review of specific financial transactions and the adequacy of controls.

Operational Audits:

Operational audits, also known as performance or managerial audits, are aimed at assessing an operation's administrative efficiency and effectiveness. An operational audit measures and evaluates administrative control against standards set by Management; including long range plans, budgets, and operating policies and procedures. Although financial data continues to be the base of reference, we look beyond the figures to provide assistance toward improving operations.

Compliance Audits:

Compliance audits seek to determine the degree of adherence to institutional policies and procedures, applicable statutory laws and regulations, and terms of contracts.

Investigative Audits:

These audits are done to investigate incidents of possible fraud or misappropriation of University Funds. Coordination of this audit type would be made with Senior Management, the Controller's Office and the University Security Department. Investigative audits differ from other audits because they are normally conducted without first notifying the personnel who may be affected by the findings.

Information Technology (IT) Audits:

For IT audits we identify areas of system related risk, assess the control environment, and perform IT audits to evaluate the adequacy of controls and integrity of data. We will appraise the economy and effective use of computer resources, and determine whether organizational units of Information Systems are conducting their operations or control activities in compliance with standard Electronic Data Processing practices and established policies/procedures.

Construction Audits:

Review of construction and renovation related costs and contracts.

Follow-up Audits:

These audits are done to follow up on the status of corrective actions taken by management in response to recommendations in a previous audit report. Follow-up audits are usually done between 6 to 12 months after the original audit.