Skip to Local Navigation
Skip to Content
California State University, Long BeachCalifornia State University, Long Beach

Types of Audits and Reviews

The Audit Process

In general, a typical audit includes the following sequential steps:

  • Scheduling an opening conference to discuss the audit objectives, timing, and report format and distribution.
  • Assessing the soundness of the internal controls or business systems and operations.
  • Testing the internal controls to ensure proper operation.
  • Discussing with management all preliminary observations.
  • Discussing with management the draft audit report and their responses, if available, prior to release of the final audit report.
  • Following up on critical issues raised in audit reports to determine if they have been successfully resolved.

Internal Controls Educational Seminar

Any department or organization that would like a session on Internal Controls in the University Environment should contact the Director of Internal Auditing Services at Ext. 5-4818 to schedule it. The seminars are typically 1-2 hours in length and include a 20-minute video on internal controls at colleges and universities. The presentation includes time for questions and answers and can be tailored to address a department's specific needs or requests.

Audits

Types of Audits and Reviews:

  1. Financial Audits or Reviews
  2. Operational Audits
  3. Department Reviews
  4. Information Systems Audits
  5. Integrated Audits
  6. Investigative Audits or Reviews
  7. Follow-up Audits

Financial Audit

A historically oriented, independent evaluation performed for the purpose of attesting to the fairness, accuracy, and reliability of financial data. CSULB's external auditors, KPMG, perform this type of review. CSULB's Director of Financial Reporting coordinates the work of these auditors on our campus.

Operational Audit

A future-oriented, systematic, and independent evaluation of organizational activities. Financial data may be used, but the primary sources of evidence are the operational policies and achievements related to organizational objectives. Internal controls and efficiencies may be evaluated during this type of review.

Department Review

A current period analysis of administrative functions, to evaluate the adequacy of controls, safeguarding of assets, efficient use of resources, compliance with related laws, regulations and University policy and integrity of financial information.

Information Systems (IS) Audit

There are three basic kinds of IS Audits that may be performed:

  1. General Controls Review

    A review of the controls which govern the development, operation, maintenance, and security of application systems in a particular environment. This type of audit might involve reviewing a data center, an operating system, a security software tool, or processes and procedures (such as the procedure for controlling production program changes), etc.

  2. Application Controls Review

    A review of controls for a specific application system. This would involve an examination of the controls over the input, processing, and output of system data. Data communications issues, program and data security, system change control, and data quality issues are also considered.

  3. System Development Review

    A review of the development of a new application system. This involves an evaluation of the development process as well as the product. Consideration is also given to the general controls over a new application, particularly if a new operating environment or technical platform will be used.

Integrated Audit

This is a combination of an operational audit, department review, and IS audit application controls review. This type of review allows for a very comprehensive examination of a functional operation within the University.

Investigative Audit

This is an audit that takes place as a result of a report of unusual or suspicious activity on the part of an individual or a department. It is usually focused on specific aspects of the work of a department or individual. All members of the campus community are invited to report suspicions of improper activity to the Director of Internal Auditing Services on a confidential basis. Her direct number is 562-985-4818.

Follow-up Audit

These are audits conducted approximately six months after an internal or external audit report has been issued. They are designed to evaluate corrective action that has been taken on the audit issues reported in the original report. When these follow-up audits are done on external auditors' reports, the results of the follow-up may be reported to those external auditors.