Internal Audit

Mission of the Internal Audit

The mission of the Internal Audit Department is to provide independent, objective assurance designed to add value and improve NYU Langone Medical Center’s operations.  Internal Audit helps the institution accomplish its objective/ mission to become a World Class Academic Medical Center by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal control, and the governance processes.  

Internal Audit is responsible for providing the Audit and Compliance Committee of the Board of Trustees and senior management with objective and timely audits and reviews of the organization’s operations. This includes testing whether the systems of internal control, which are designed to protect the NYU Langone Medical Center (Medical Center) assets, are meeting their objectives. 

Internal Audit is responsible for developing and maintaining an efficient and effective program of internal auditing to enhance the Medical Center's capacity to manage risk, verify problems or issues identified by management, and investigate emerging issues and trends, and detect deviations from established internal controls.

Internal Audit Department Objectives

The objective of the Internal Audit Department is to assist members of the organization in the effective discharge of their responsibilities by providing the organization with analyses, appraisals and information concerning the activities reviewed.  The attainment of this overall objective includes but is not limited to the following activities:

  • Reviewing and appraising the soundness, adequacy and application of the accounting, financial and operating controls that comprise the internal control system of the Medical Center;
  • Ascertaining the extent of compliance with established policies, procedures and applicable laws and regulations;
  • Determining the extent to which the Medical Center's assets are accounted for and safeguarded from losses of any kind;
  • Reviewing the adequacy of information technology security and internal controls;
  • Ascertaining the reliability of management data developed and reported within the Medical Center;
  • Reporting the results of audits in a timely manner;
  • Appraising the effectiveness and timeliness of management’s corrective action plans.

Audit Process Overview

In conducting audits we follow a systematic approach consisting of a series of well-defined phases that are designed to achieve specific objectives and each phase is dependent upon results of the preceding phase:

Risk Assessment and Audit Plan: The assessment will evaluate the impact and likelihood of risk occurrence and selecting areas to be audited accordingly.

Planning & Work Program: Gain an understanding of the activity, process, or function under review and identify objectives, risks, and audit steps to be performed during the audit engagement.

Fieldwork: Activities include detailed testing, analysis and gathering of adequate evidence to support or refute preliminary findings or conclusions drawn during the audit.

Audit Report and Communicating Results: Consist of presenting preliminary findings in the early stages of the audit, to a more formal listing of observations and recommendations in a Draft Audit Report; prior to a Final Audit Report for  the Audit and Compliance Committee of the Board of Trustees of NYU Hospitals Center.

Audit Follow-up and Resolution: Provide an effective means to ensure recommendations and corrective action plans are implemented and the desired results are achieved.