As part of our series on Internal Audit Month, Stinnett Oklahoma City Manager Toan Nguyen puts the spotlight on Higher Education Operational Audits. Toan currently serves as the President of the Oklahoma City Chapter of the Institute of Internal Auditors and has more than 10 years of internal audit experience managing and performing financial, operational and compliance audits.

Operational audits in higher education can take place in a business or functional unit such as accounts payable, payroll, human resources, facilities and construction. However, a university or college may have operations that are unique to higher education—these unique operations are known as auxiliary units.

A university usually has a bookstore on campus, dining services for students and staff, on-campus housing, parking garages and an athletic events concession. With the decrease in higher education funding, universities are increasingly outsourcing these auxiliary functions to third-party service providers. As internal auditors, we need to pay close attention to the service agreements to ensure compliance with contract terms and that the school’s mission is not compromised.

Financial aid, student records, student safety, PCI compliance, fundraising/development, and cybersecurity are also at the top of the list as areas of concern for higher education. Performing risk assessments to assess these risk areas and aligning them with potential audit projects is something a university or college should consider, at least every three years. Annually, it could be a refresher of the risk assessment on a smaller scale.

Internal auditors should work with university leadership as well as directors, managers, and process owners to get different perspectives affecting their business units. There’s never a dull moment in higher education as there is always something new to learn as we work to help the business units improve their operations!