There is an abundance of information on the web that we use for research in our audits.  On this page, we've identified a number of websites that you may find useful in your own research.  Information regarding the Board of Regents, Iowa Code, other Big 10 Universities and various internal audit sites can all be accessed through clicking on the menu items below.

Useful Links


Debra Johnston, Chief Audit Executive
2100-1 University Capitol Centre      Phone: 319-467-0150



Chad Sharp, Assistant Director of Internal Audit
2100-1 University Capitol Centre             Phone: 319-335-2726

There are many definitions of internal control, as it affects the various constituencies of an organization in various ways and at different levels of aggregation.  Everyone in an organization has responsibility for internal control to some extent.  Virtually all employees produce information used in the internal control system or take other actions needed to effect control.  Also, all personnel should be responsible for communicating upward problems in operations, noncompliance with the code of conduct, or other policy violations or illegal actions.

In accounting and auditing, internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives.  It is a means by which an organization's resources are directed, monitored, and measured.  It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks).  At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations.  At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization's payments to third parties are for valid services rendered). Internal control procedures reduce process variation, leading to more predictable outcomes. Internal control is a key element of the Foreign Corrupt Practices Act (FCPA) of 1977 and the Sarbanes–Oxley Act of 2002, which required improvements in internal control in United States public corporations. Internal controls within business entities are also referred to as operational controls.

Internal Control - COSO

Internal Control - COBIT



Global Technology Audit Guides (GTAG) are written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security. The GTAG guides reside on the Institute of Internal Audit website.

A fundamental element of internal control is the segregation of certain key duties.  The basic idea underlying SOD is that no employee or group of employees should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties.  In general, the principal incompatible duties to be segregated are:

Custody of assets.
Authorization or approval of related transactions affecting those assets.
Recording or reporting of related transactions.

Traditional systems of internal control rely on assigning certain responsibilities to different individuals or segregating incompatible functions.   The general premise of SOD is to prevent one person from having both access to assets and responsibility for maintaining the accountability of those assets. 

The Director of Internal Audit conducts a training class for new managers as part of UI Learning and Development's "UI Business Processes Series"

We also do presentations to senior leaders across campus to help our clients understand what we do.  Our goal is to partner with management to ensure that risks identified on campus are being addressed.  If you would like us to present to your group, please contact our department.