Internal Audit at York University is an independent, objective assurance function. Reporting directly to the President and to the Board of Governors through the Finance & Audit Committee and the Vice-President, Finance and Administration, Internal Audit’s overarching mission is to act as a catalyst for continuous improvement by assessing University processes and operations, while protecting and safeguarding assets, in line with key priorities expressed in the 2015-2020 University Academic Plan.
To deliver on its mandate, Internal Audit maintains a comprehensive, up-to-date audit risk universe, from which audits are selected to create an Annual Audit Plan. Audits are selected on a risk basis through consultation with the President, Vice-Presidents and the Finance & Audit Committee. The objective of each audit may be somewhat different, though they share a common fundamental purpose – to assess the adequacy of internal controls, systems and processes, and to evaluate whether the University is operating effectively, efficiently and within the established laws and regulations.
The Annual Audit Plan includes a broad range of audits including:
- Regulatory Audits: required by the government and other funding agencies in respect of the funding envelopes they provide to the University. The main purpose of these audits is to validate that funds are being expended in accordance with set requirements.
- Operations Audits: to assess the effectiveness of operations and make recommendations for improvement.
- Financial Management Audits: to validate financial transactions across the University, identify gaps in internal controls, and make recommendations.
- Contract Audits: to validate compliance with contractual terms and conditions and evaluate whether the University is obtaining value from its larger contracts.
- IT Security Audits: to assess the information security controls of individual University systems, identify potential vulnerabilities, and make recommendations.
- Reviews of Resource Utilization: to evaluate the distribution and utilization of valuable University resources including finances, people, and space.
- Risk Management: to facilitate the University’s Enterprise Risk Management (ERM) initiative by providing the Board of Governors and senior management with a regular assessment of the University’s top strategic risks and risk trends, along with the mitigating actions underway to manage risk.
- Special Investigations: to investigate allegations or suspicions of potential fraud and misappropriation of University assets.