Our auditors use a variety of resources during audit planning to ensure we are researching current information for risk identification, risk mitigation, opportunities for fraudulent activity, authoritative guidance and internal control best practices. This is a list of agency and business resources that we find to be very helpful and, in most situations, they make access to their information available to the public.
The resources listed here are excellent for researching or implementing a new process or system, or to measure an existing process or system for assessing the possibility of internal control issues or ways to increase efficiency.
Institute of Internal Auditors (IIA)
Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession's global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.
The mission of The Institute of Internal Auditors is to provide dynamic leadership for the global profession of internal auditing. Activities in support of this mission will include, but will not be limited to:
• Advocating and promoting the value internal audit professionals add to their organizations.
• Providing comprehensive professional educational and development opportunities, standards and other professional practice guidance, and certification programs.
• Researching, disseminating, and promoting knowledge concerning internal auditing and its appropriate role in control, risk management, and governance to practitioners and stakeholders.
• Educating practitioners and other relevant audiences on best practices in internal auditing.
• Bringing together internal auditors from all countries to share information and experiences.
Government Accountability Office (GAO)
The U.S. Government Accountability Office (GAO) is an independent, nonpartisan agency that works for Congress. Often called the "congressional watchdog," GAO investigates how the federal government spends taxpayer dollars. The head of GAO, the Comptroller General of the United States, is appointed to a 15-year term by the President from a slate of candidates Congress proposes.
There are two publications commonly used by Audit and Compliance Services:
1. Government Auditing Standards (Yellow Book)
2. GAO Federal Information System Controls Audit Manual (FISCAM)
Government Accounting Standards Board (GASB)
The Government Accounting Standards Board’s (GASB) mission is to establish and improve standards of state and local governmental accounting and financial reporting that will: Result in useful information for users of financial reports, and Guide and educate the public, including issuers, auditors, and users of those financial reports. GASB helps government officials demonstrate to their constituents their accountability and stewardship over public resources.
The website offers industry news, educational articles and webcasts, industry analysis and summaries, and accounting standards publications.
Board of Regents Policy and University Regulation
Regent policies are intended to be broad and flexible with details of administration and implementation expressed in the related regulations that are promulgated by the university president.
Statewide Accounting and Administrative Manual
The purpose of the University of Alaska Accounting and Administrative Manual is:
• To develop consistency within the University System in the application of accounting principles and major administrative processes,
• To aid in the preparation and processing of accounting transactions,
• To accumulate a summary of accounting and administrative procedures for reference purposes, and
• To provide rules and processes to comply with various regulations and external requirements.
This manual is issued under the authority of the Vice President for Finance and Administration in accordance with Regents' Policy P05.02.010.
UA in Review
UA in Review is developed by the UA Institutional Research and Analysis Department using data stored in the UA Decision Support Database (DSD). This system-wide publication containing graphical and analytical information combines information from UA administrative information systems such as the historical university database, SIS and the BANNER enterprise management system.
Association of College and University Auditors (ACUA)
The Association of College and University Auditors (ACUA) is a professional organization comprised of audit professionals from all over the globe. ACUA strives to continually improve the internal operations and processes of the individual institutions we serve, through continued professional development and the dissemination of individual internal audit experiences in an open forum with friends and colleagues.
National Association of College and University Business Officers (NACUBO)
The National Association of College and University Business Officers is an organization founded in 1962 to build a common professional framework between different professionals nationwide. Its main goal is to “define excellence in higher education, business, and financial management.” The organization offers a flagship magazine, “Business Officer” that addresses current and emerging issues in various areas as they relate to higher education administration. The NACUBO website also offers access to online and CDROM based training as well as a government relations area where important government rules and new regulations pertaining to the industry are promptly displayed.
University Risk Management and Insurance Association (URMIA)
The mission of the University Risk Management and Insurance Association is to advance the discipline of risk management in higher education. URMIA is the preeminent source of innovative and effective risk management ideas and solutions to the challenges facing institutions of higher education in the pursuit of their academic, social, and economic goals.
• To protect the reputation and resources, both human and financial, of institutions of higher education through the incorporation of sound risk management practices into all aspects of their operations.
• To make available the best and most complete risk management information for institutions of higher education.
• To provide excellent professional development opportunities for risk management professionals in higher education.
National Council of University Research Administrators (NCURA)
The National Council of University Research Administrators serves its members and advances the field of research administration through education and professional development programs, the sharing of knowledge and experience, and by fostering a professional, collegial, and respected community.
Higher Education Compliance Alliance
The Higher Education Compliance Alliance was created to provide the higher education community with a centralized repository of information and resources for compliance with federal laws and regulations. Spearheaded by the National Association of College and University Attorneys (NACUA), the Compliance Alliance is now comprised of 26 participating associations representing a broad cross-section of higher education interests. These associations share a joint commitment to providing high quality resources on a diverse range of compliance topics as a service to the higher education community at large. Many of the resources on this website are freely available.
EDUCAUSE helps those who lead, manage, and use information technology to shape strategic IT decisions at every level within higher education. EDUCAUSE programs and services focus on analysis, advocacy, community building, professional development, and knowledge creation to support the transformative role that IT can play in higher education. The website provides a library, topic-specific series of briefs called 7 Things You Should Know About, research information, industry news, and survey information.
Association of Certified Fraud Examiners (ACFE)
Association of Certified Fraud Examiners was established in 1988 as a professional fraud preventing organization. The Certified Fraud Examiner certification is offered through this organization as well as a comprehensive list of training material available in the areas of fraud prevention and fraud detection. The organization’s membership spans the globe. In the aftermath of Sarbanes Oxley and the corporate accounting scandals of the early 2000’s, this organization’s popularity in the profession has dramatically increased.
Society of Corporate Compliance and Ethics (SCCE)
The SCCE is dedicated to improving the quality of corporate governance, compliance and ethics. SCCE’s roles include:
• Facilitating the development and maintenance of compliance programs;
• Providing a forum for understanding the complicated compliance environment; and
• Offering tools, resources and educational opportunities for those involved with compliance.
Privacy Rights Clearinghouse
Privacy Rights Clearinghouse is a California nonprofit corporation with 501(c)(3) tax exempt status pending. It has a two-part mission -- consumer information and consumer advocacy. It was established in 1992 and is based in San Diego, California. The PRC is primarily grant-supported and serves individuals nationwide.
The PRC's goals are to:
• Raise consumers' awareness of how technology affects personal privacy.
• Empower consumers to take action to control their own personal information by providing practical tips on privacy protection.
• Respond to specific privacy-related complaints from consumers, and when appropriate, intercede on their behalf and/or refer them to the proper organizations for further assistance.
• Document the nature of consumers' complaints and questions about privacy in reports, testimony, and speeches and make them available to policy makers, industry representatives, consumer advocates, and the media.
• Advocate for consumers' privacy rights in local, state, and federal public policy proceedings, including legislative testimony, regulatory agency hearings, task forces, and study commissions as well as conferences and workshops.
ISACA provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its comprehensive guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide. The COBIT, Val IT and Risk IT governance frameworks and the CISA, CISM, CGEIT and CRISC certifications are ISACA brands respected and used by these professionals for the benefit of their enterprises.
COBIT 5 is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems. COBIT 5 builds and expands on COBIT 4.1 by integrating other major frameworks, standards and resources, including ISACA’s Val IT and Risk IT, Information Technology Infrastructure Library (ITIL») and related standards from the International Organization for Standardization (ISO).
National Institute for Standards and Technology (NIST)
The National Institute for Standards and Technology is a non-regulatory agency founded in 1901 within the U.S. Department of Commerce that, among many other services and activities, issues guidance on computer security. These are issued through special publications known as the NIST Special Publication 800 series. This series was established in 1990 to provide a separate identity for information technology security publications.
The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.
SANS makes available at no cost the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
Cloud Security Alliance (CSA)
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
Focus: Vendor Risk Assessment Process. Shared Assessments was created by leading financial institutions, the Big 4 accounting firms, and key service providers to inject standardization, consistency, speed, efficiency and cost savings into the vendor risk assessment process. Shared Assessments provides resource documents, news articles and training opportunities relevant to the industry.
Business Software Alliance (BSA)
BSA’s mission is to promote conditions in which the information technology (IT) industry can thrive and contribute to the prosperity, security, and quality of life of all people. BSA is interested in helping all software users ensure that fthey use only fully licensed software and are educated about the ethical and digital security risks associated with unlicensed software use. BSA provides free access to several in-depth documents on studies they perform under the heading Recent Research. Whitepapers are also available to non-members.
Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard is a standard developed by the major credit card companies to help organizations fight credit card fraud and other security threats related to the processing of credit card information on merchant systems. This is a well defined standard to which merchants must periodically report compliance. Small merchants conduct self-reporting while larger merchants utilize quality assessors. Misreported information or violations of the standard can lead to large penalties. In the case of data theft, which is determined to be the fault of the merchant, credit card companies could fine the card processing company who could then pass the fine to the individual merchant.
Council on Governmental Relations (COGR)
COGR provides advice and information to its membership and makes certain that federal agencies understand academic operations and the impact of proposed regulations on colleges and universities. The website provides Publications (under the Research heading) on areas such as Financial Management, Effective Management Practices, Intellectual Property, Export Controls, and Conflict of Interest.
Federal Demonstration Project (FDP)
The FDP is a program sponsored by the Government, University, Industry Research Roundtable of the National Academies. Its purpose is to reduce the administrative burdens associated with research grants and contracts. The webite offers a place to locate links to several federal agencies, affiliated members, and a grant management program.
Defense Contract Audit Agency (DCAA)
The DCAA, while serving the public interest as its primary customer, shall perform all necessary contract audits for the Department of Defense and provide accounting and financial advisory services regarding contracts and subcontracts to all DoD Components responsible for procurement and contract administration. These services are provided in connection with negotiation, administration, and settlement of contracts and subcontracts to ensure taxpayer dollars are spent on fair and reasonable contract prices. The DCAA shall provide contract audit services to other Federal agencies as appropriate.
For the University of Alaska, the DCAA conducts audits on behalf of the university’s cognizant agency Office of Naval Research.