Compliance Audits are conducted to ensure that the University is compliant with:

• policies,
• plans,
• procedures,
• laws, and
• regulations

Compliance audits review both controls and transactions to assess compliance with laws and regulations that are external to the University and/or plans, policies, and procedures that are internal to the University.

Management provides the auditors with documentation on the controls that are supposed to be in place. The auditors then set out to verify that these controls are operating as intended.

Examples include:

• Reviewing research account activity for compliance with Tri-Council agency policies and procedures
• Review of how cash is handled in various locations on campus with respect to the policies for managing and controlling monies

The Division of Audit Services currently uses the risk-based audit approach in carrying out compliance audits. Characteristics of this approach include:

• Identification of significant risks to the University if University policies/guidelines and granting agencies’ regulations are not being adhered to;
• Examination of a sample of transactions covering revenues and expenditures; and,
• Assurance that the University is in compliance with policies, guidelines and regulations.