The Financial and Organizational Performance Audit Branch is responsible for auditing NCDOT’s financial statements and reporting information, organizational performance operations, and informational technology systems.
The branch consists of three units:
- Internal Audit
- Information Systems Audit
- Performance Audit
Each unit’s objective will be to ensure that employees, units, divisions, and business operations within NCDOT are reporting and complying with federal and state laws and regulations, along with NCDOT policies and procedures. Their work will consist of testing controls over financial and IT processes, and conducting performance audits in order to determine efficiency and effectiveness of NCDOT programs. The units also identify areas of improvement required in its business practices.
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Internal Audit’s mission is to provide comprehensive audit and review of all divisions within NCDOT. It’s objectives are to assist members of the Department efficiently fulfill their responsibilities by furnishing them with audits, analyses, appraisals, information, reviews, and recommendations concerning the operational activities and promoting effective control at a reasonable cost.
Information Systems Audit
The Information Systems (IS) Audit unit is designed to provide an independent examination of the NCDOT Information Technology (IT) infrastructure. The unit obtains and evaluates evidence of NCDOT information systems practices, and operations to ensure information systems are safeguarding assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization’s goals and objectives. These audits may be performed in conjunction with a financial audit, internal audit, performance audit or other form of analysis of the NCDOT computer operations.
The IS Audit unit is responsible for conducting various categories of IT audits:
- Systems and Applications: An audit to verify that NCDOT systems and applications are appropriate, efficient, and adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.
- Information Processing Facilities: An audit to verify that the NCDOT processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
- Systems Development: An audit to verify that the NCDOT systems under development meet the objectives of the organization. Also, the systems are developed in accordance with generally accepted standards for systems development.
- Management of IT and Enterprise Architecture: An audit to verify that NCDOT IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.
- Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.
IT audits typically fall in two types of controls, “general controls” audit or “application controls” audit:
- IT General Controls: Includes controls over IT environment, computer operations, access to programs and data, program development and programs changes.
- IT Application Controls: Includes controls refer to transaction processing controls, sometimes called “input-processing-output” controls. IT application or program controls are fully automated designed to ensure the complete and accurate processing of data, form input through output. These controls vary based on the business purpose of the specific application. Also, help to ensure the privacy and security data transmitted between applications.
The Performance Audit unit provides assurance or conclusions based on an evaluation of sufficient, appropriate evidence against stated criteria, such as specific requirements, measures, or defined business practices. Performance audits provide objective analysis so officials can use the information to improve program performance and operations, reduce costs, facilitate decision making by parties with responsibility to oversee or initiate corrective action, and contribute to public accountability. Reporting information without following the Government Auditing Standards-Yellow Book is not a performance audit but a nonaudit service provided by an audit organization.
The purpose of NCDOT’s performance audit unit is to:
- Determine the degree to which federal and state funded programs and activities are accomplishing their goals and objectives.
- Provide measurements of program results and effectiveness.
- Identify other means of achieving the goals and objectives.
- Evaluate efficiency in the allocation of resources (i.e., cost and resources used to achieve program results).
- Assess compliance with laws and regulations.
Each audit has unique specific objectives encompassing one or more of these general objectives. The results of the audits are recommendations directed at improvements in NCDOT’s operations. It is important to note that these audits are not done on a recurring (annual) basis, although a program or activity may be audited more than once.