May 21, 2026
What an internal audit actually looks like
The second in a series from the SIU System Office of Internal Audit, Compliance and Ethics provides more information about internal audits and how they benefit SIU.
People may imagine inconvenience — findings and reports. The reality, however, is a lot more collaborative and a lot less dramatic.
An internal audit typically starts with a planning phase where we learn about a department's goals, processes, and the risks that could get in the way. We talk to people. We review documentation. We ask, “what could go wrong here, and what’s in place to prevent it?” Then we test whether those safeguards work in practice.
“Controls on paper don't protect anyone. We’re interested in what actually happens.”
When we find gaps, we work with the department to understand why they exist and what a realistic fix looks like. We’re not writing up violations. We’re writing recommendations. The department gets a chance to respond, and we follow up to see how things have improved.
Our internal audit plan covers the entire university over a multi-year cycle, and it’s risk-based, which means we focus our attention where the stakes are highest. That includes financial processes, IT systems, research compliance, procurement, and more.
The end goal is always the same: that the university can demonstrate it’s being a responsible steward of the resources entrusted to it by students, donors, and the public.