1 (Mandatory) (Cyclical) Athletics NCAA Compliance (Year 2 of 3) 400 Compliance Reputational Per NCAA Division I Manual 22.2.1.2(e), at least once every four years Athletics rulescompliance program must be evaluated by an authority outside Athletics. The following areas must be reviewed: (1) Governance and organization (2) Initial-eligibility certification (3) Continuing-eligibility certification (4) Transfer-eligibility certification (5) Academic Performance Program (6) Financial aid administration (7) Recruiting (8) Camps and clinics (9) Investigations and selfreporting of rules violations (10) Rules education (11) Extra benefits (12) Playing and practice seasons (13) Student-athlete employment (14) Amateurism (15) Commitment of personnel to rules-compliance activities To determine, over the course of three years, if Athletics is in compliance with the NCAA Division I Manual. About a third of the rules-compliance areas will be reviewed during each of the three years. Page 1 of 6 : AC Audit Committee, Internal Audit, RA Risk Assessment
2 Facility Services 400 Compliance 3 RA 4 Facility Services Research Construction Contract Audit of Aquatic and Tennis Center Construction Contract Audit of International Pavilion Institutional Review Board (IRB) Determine compliance by NAU and construction manager with the construction contract. Determine compliance by NAU and construction manager with the construction contract. The Institutional Review Board for the Protection of Human Subjects in Research oversees all research conducted by faculty, staff, and students that involves living human beings as participants in a study. Financial 400 Compliance Financial 250 Compliance To determine if all cost amounts paid to the CMAR are defined as reimbursable, have actually been incurred, and are billed in accordance with the construction contract. To determine if all cost amounts paid to the CMAR are defined as reimbursable, have actually been incurred, and are billed in accordance with the construction contract. To determine if the Institutional Review Board reviews and approval of human subject protocols complies with federal requirements and NAU rules and regulations. Page 2 of 6 : AC Audit Committee, Internal Audit, RA Risk Assessment
5 (Cyclical) Information Technology 320 Compliance Reputational 6 (Cyclical) Enrollment Management and Student Affairs Information Technology General Controls Residence Life Audit of controls which relate to the environment within which computer based application systems are developed, maintained and operated, and which are therefore applicable to all applications. The objectives of general controls are to ensure the proper development and implementation of applications, the integrity of program and data files and of computer operations. Residence Life administers 21 living styles on the Flagstaff campus. 300 Compliance Financial Determine if general controls ensure the proper development and implementation of applications Assess the integrity of program files, data files, and computer operations To determine whether: there is effective control over Residence Life s revenues and expenditures, and Residence Life is in compliance with NAU and ABOR policies and procedures. Page 3 of 6 : AC Audit Committee, Internal Audit, RA Risk Assessment
Campus Campus Audit of internal controls 300 Compliance Determine if: 7 Health Health over administrative systems the Pharmacy and its Services Pharmacy and policy compliance. Financial employees are properly licensed and compliant with applicable requirements inventory management and controls are adequate If computer access controls related to Pharmacy operations are adequate If physical security controls within the Pharmacy are adequate 8 Various Student Employment 250 Compliance Administration of student employment is fragmented at NAU. To determine if internal controls over the employment of students is adequate. Page 4 of 6 : AC Audit Committee, Internal Audit, RA Risk Assessment
Information Project Audit of ITS project 120 To determine if: 9 Technology Services (ITS) Management management procedures. procedures exist to ensure that IT projects are aligned with university objectives senior management has reliable information on IT projects for decision-making purposes ITS NAU has an effective project 10 11 12 Enrollment Management and Student Affairs Human Resources Human Resources Summer Camps and Conferences CERT: Conduct, Ethics, Reporting, and Transparency Leave Procedures NAU s facilities, housing, and dining are used to host summer conferences. Audit of administration of requirement that employees annually certify their NAU requirements for ethical behavior. Audit of compliance by employees with NAU procedures for sick, holiday, and other types of leaves. 240 Financial 200 Compliance Reputational management approach To determine if summer camps and conferences held at NAU are adequately planned, administered, and accounted for. To assess the adequacy of compliance with CERT and follow-up exception situations. 240 Compliance To determine if faculty and staff comply with NAU requirements governing leave. Page 5 of 6 : AC Audit Committee, Internal Audit, RA Risk Assessment
13 Extended Campuses Personalized Learning 200 Financial NAU s new Personalized Learning is an online bachelor s degree completion program that is: To determine if internal controls over enrollment are adequate self-paced enables classes to be accessed anytime has a six-month subscription rate Total Hours 3,620 Page 6 of 6 : AC Audit Committee, Internal Audit, RA Risk Assessment