Who We Are

Role of Internal Audit

The Office of Internal Audit works in support of the Board of Trustees and in collaboration with management and external auditors to assess risks within the University and evaluates the effectiveness of the internal controls in place which mitigate risks.  Risks can be classified as financial, operational, compliance, strategic and reputational.


Our audits are designed to ensure that the University is operating effectively and efficiently, through a robust system of internal controls. Our audits include a Board approved risk-based audit plan, as well as other requests from the Board, University Management, Deans, and Department Heads.


Internal Audit is also responsible for auditing information systems and the controls embedded within technology operations and those systems to support organizational processes and goals.


Internal Audit also conducts investigations of Compliance Hotline, and internal or external reports of theft or misappropriation of University assets. We work in collaboration with the Office of General Counsel and the Department of Public Safety on all investigative matters.


What is the Internal Audit structure?

The department is comprised of three areas: Finance/Operations/Compliance,, Information Technology and Investigations. The areas can function both independently or collaboratively depending on the specific project need.


Who is responsible for risk management?


Risk management is the responsibility of all employees of the University. Senior managers, deans, and department heads are responsible more directly for  risk management within their areas of business. < link to Training > Risk >


Internal Audit, is responsible for an independent and collaborative assessment of risks, the yearly risk assessment.<link to Risk Assessment>, which helps develop a risk-based audit plan that is presented and approved by the Audit Committee of the Borad of TursteesThe assessment is conducted in partnership with management, in order to ensure that all areas of risks are identified and relevant to the University.


Separately, the University Risk Management group <include link> is responsible for providing assistance to procure mitigating mechanisms such as insurance for those  activities that can be insured.


Contact Us

Email: internalaudit@columbia.edu

Telephone: 212-851-7234

Compliance Hotline


Read our Charter

Load in http://finance.columbia.edu/internal_audit/ia_charter.pdf>