AMAS Services

Definitions of Project Types

Audits – are assurance services defined as examinations of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples include financial, performance, compliance, and information technlogy. 

Advisory Consulting/Services – the nature and scope of which are agreed with the client, are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include consultations, reviews, advice, and participation on campus committee's and work groups. 

Investigations – are independent evaluations of allegations generally focused on improper governmental activities including misuse of university resources, fraud, financial irregularities, significant control weaknesses and unethical behavior or actions. 

Nature of Assurance & Consulting Services


Promoting appropriate ethics and values within the organization; Ensuring effective organizational performance management and accountability; Communicating risk and control information to appropriate areas of the organization; and Coordinating the activities of and communicating information among the board, external and internal auditors, and management. 

Risk Management

Determining whether risk management processes are effective is a judgment resulting from the internal auditor’s assessment that:

  • Organizational objectives support and align with the organization’s mission; 
  • Significant risks are identified and assessed; 
  • Appropriate risk responses are selected that align risks with the organization’s risk appetite;
  • and Relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities.
  • When assisting management in establishing or improving risk management processes, internal auditors must refrain from assuming any management responsibility by actually managing risks.


The internal audit activity assists the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. 

  •  The internal audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organization's governance, operations, and information systems regarding the:
    • Reliability and integrity of financial and operational information;
    • Effectiveness and efficiency of operations and programs;
    • Safeguarding of assets; and
    • Compliance with laws, regulations, policies, procedures, and contracts.