Virginia Tech®home


Insert your title here

Internal Audit 

Helping the university assess and improve its risk management and internal control structures.

Internal Audit’s primary mission is to contribute to the improvement of risk management and controls systems deployed across the university to mitigate the exposures to risk.  We do that through a disciplined and collaborative approach to our reviews.  To be effective in our approach, we strive to remain independent and objective throughout the review.  Through this we can provide multiple stakeholders such as unit management, university leadership, and the Board of Visitors an unbiased look at a particular area or process.

Most people land on this page after receiving a notice of a future audit.  First, realize that we are here to help you prepare.  If you have questions, please reach out.  We’d love to hear from you.  Next, review the ‘Top 5 steps to prepare for an Audit’ and Helpful Resources below.  If you’d like more information on exactly ‘How Audits Work’, feel free to navigate over to this page.  Or finally, review our ‘Common Audit Topics’.  While each audit is different, it can help you gain some insight into the questions we might ask.

You might also be here wondering if you are even selected for an audit.  We publish our Annual Audit Plan at the start of the fiscal year, which can partially answer that question.  However, your area might also be included as part of a broader process audit which will not be explicitly called out on the plan.  One of our goals is to provide advance notice of all audits, to the extent possible.  

Regardless of how or why you landed here, we hope you will reach out if we can be of assistance!

Top 5 steps to prepare for an Audit

Take a look at the policies and procedures you used internally and make sure they are up to date and reflect what your current processes.

Review your prior audits or reviews and make sure your practices haven’t drifted back to old practices.  If you need your old reports, if any exist, just ask!  We are happy to provide them for internal use.

Make a list of the most important IT resources you manage.  These could contain or process financial, student, or research data.

Stop and create a listing of the strategic initiatives or activities you are doing to meet your unit's goals.  What are the critical things going on right now that you need help with?  Be prepared to discuss this with the audit team.

Be prepared to bring forward ways the audit team can provide insight into your operations.  What are some critical areas in your area that you need assurance are working as designed, effectively, or efficiently?  Think broadly, not just financially.  


Helpful Resources

University Policies - Take a minute and ensure you are up-to-speed on what university policies require. A listing of common policies can be found in the 'Common Audit Topics' section of this website.

Statement of Business Conduct Standards - Review this statement to be sure you understand what we expect of you as an employee. If you are a supervisor, ensure you have communicated these standards to your employees. 

Department Business Management Guide - This reference document is for department heads and other administrative personnel and outlines the basic duties and responsibilities.

IT Minimum Security Standards - Ensure your IT systems are meeting the Minimum Security Standards based upon their risk classification. Pay attention to the references at the end of the document on surplus property and IT logging.