Taking into consideration the risks identified externally as well as internally, and balancing all of the above with our available resources, the audit plan for FY 2026 includes the following:
We approach the audit plan in two tiers to provide the Committee with an understanding of our current priorities and enable flexibility. The audits in bold are Tier 1 audits and are considered higher-priority projects. The remaining audits are Tier 2 audits. Both tiers are expected to be completed based on the expected complement of 15.0 FTE auditors. However, Tier 2 audits may be replaced/substituted if there are staffing constraints or higher priority needs for audit coverage arise during the year. Any changes to Tier 1 audits will be considered a “material change” to the audit plan per Board Policy, which will require Committee and Board Approval.
Changes made to the Tier 2 projects due to variances in staffing or priority changes will be communicated to the Audit & Compliance Committee as part of regular Internal Audit Updates. In addition to these listed audits, OIA has reserved time to undertake planned special projects. This will include conducting an RFP for a potential new automated workpaper tool and undergoing a comprehensive internal technology toolset review. Special projects will also include: 1) annual gift testing in alignment with the memorandums of understandings with University foundations; 2) periodic meetings to evaluate the June 2026 Special Olympics administrative preparedness, focusing on risk management and operational readiness; and 3) senior leader transition reviews as they occur including for the: Executive Vice President and Provost and Vice President and CIO. We will also continue to plan to perform audit work associated with: any changes to the University’s healthcare partnerships, the PEAK implementation, responses to changes in government funding or regulations, or other audit requests made by the Board or senior leaders if the need arises.
The proposed audit plan includes coverage of selected risks included on the Institutional Risk Profile as outlined in the table below.
FY 2026 Audit Coverage by University Components
The Fiscal Year 2026 plan continues to provide well-balanced coverage across the University. The following chart shows the distribution of audit coverage by University component for Fiscal Year 2026, based on the number of hours allocated to each component (e.g., 27% of OIA’s efforts will be spent on audits that provide visibility into the control environment of the Provost / Health Sciences organization). While the graph below outlines the organizational alignment that an audit focuses on, it’s important to note that OIA often looks at many of these areas when auditing units as well (e.g., IT, HR, research).
FY 2026 Audit Coverage by University Components
- Provost / Health Sciences 27%
- Finance & Operations 14%
- President / OGC / Athletics 13%
- System Campuses 12%
- Research 12%
- University Services 6%
- Clinical Affairs 7%
- IT / CIO 4%
- Human Resources / Payroll 3%
- BOR 2%
Summary
The proposed Fiscal Year 2026 internal audit plan optimally allocates the University’s finite audit resources to a well-balanced portfolio of audits that address areas identified as being of significant risk, provides coverage across the breadth of the institution, and will provide information to help inform leadership and governance discussions. The plan also provides for additional flexibility to enable us to respond to fluctuations in staffing and potential emerging needs throughout the year, including potential changes to the University’s healthcare partnerships.