Audit Plan
Every year, Internal Audit performs an annual risk assessment to determine the annual audit plan. The primary goal of the annual risk assessment is to identify audit topics that will provide value and assurance on operating effectiveness of key operations at SOU. The annual risk assessment and audit plan are presented to the Board of Trustees for approval.
Internal Audit Plan
July 1, 2026 through June 30, 2027
| Audit # | Engagement Title | Timeframe* | Comments | |
| Annual Risk Assessment | FY28 Annual Risk Assessment | June 2027 | Required annually by IIA auditing Standards. | |
| Planned Audits | ||||
| 2026-2 | Human Resources Background Checks/Fair Credit Reporting Act Compliance | Carried over from FY26 | ||
| 2027-1 | Business Services – Purchase Cards | July 2026 – January 2027 | ||
| 2027-2 | Enrollment – Fraud Risk Management | January 2027 – June 2027 | ||
| Other Services | ||||
| Investigatory Services | Special Reviews | Fiscal Year 2026 | Investigative reviews as requested by management | |
| Advisory Services | Purchasing/Contracting
Enterprise Risk Management PCI Compliance/Sensitive Data Financial Policy Review |
Fiscal Year 2026 | Advisory services as requested by management subject to contract and staffing capacity | |
* Dates may be adjusted as needed to avoid a negative impact on SOU projects, available staff and resources.
