Internal Audit Internal Audit


Internal Audit provides independent, objective assurance and consulting services designed to add value and improve University operations. The department enhances and protects organizational value by providing risk-based and objective assurance, advice and insight.

The internal auditor assesses compliance with regulations, and measures and evaluates the University's system of internal controls.


What is Internal Control?

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as "a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance."

Internal controls are important because they help individuals, offices, departments, divisions, campuses or universities reduce the possibility that something will go wrong. It's not that an organization doesn't have trust in its employees, but internal controls exist to prevent bad things from happening. In addition, security is provided for those that follow them.


Types of Internal Controls

There are three types of controls: 


Designed to keep errors or irregularities from occurring. Two common examples of this are regulations and segregation of duties.


Designed to detect errors or irregularities that have already occurred. One of the most common examples of this is review processes.


Designed to correct errors or irregularities that have been detected. An example of this is the procedure or procedures in place to handle detected situations. In addition, a corrective control in place may be to add a preventive or detective control so the irregularity or error doesn't reoccur. 


In general, internal controls are considered to be a good thing for an organization, however, it is possible to have too many controls to the point where operations become inefficient. Examples could include the creation of redundant procedures or having too many approvals. These types of issues should be reported to Internal Audit using the "Other" category as described in Reporting Issues to Internal Audit


How You Can Help

If you are a member of the University community, we've put together a helpful set of tips to understand how you can support ENMU excellence.

Even if you are not a member of the University community, you can still help ENMU by reporting issues that don't seem to support the high standard of learning and excellence that ENMU should exemplify.


Reporting Issues to Internal Audit

There are several types of issues to report to Internal Audit and some to report to other areas within the University.

Reporting Issues to Internal Audit


I've been selected for an audit. What does it mean?

Audits are determined based on a variety of reasons:

Specific RiskSomething specific has been identified either by the internal auditor, or another individual has reported a concern to Internal Audit that may warrant a more thorough review.
General RiskCertain areas are generally considered risky to an auditor, and new areas arise every year. These can include: internal controls over processes, compliance with policies and procedures, segregation of duties, and cash handling. 
Follow-upWhen audit findings have been issued, follow-up audits are necessary to determine if they have been corrected or if further action is required.
Time BasedThese audits are determined based on the last time they were audited, if they ever have been. It provides an opportunity to look into internal controls as well as compliance with laws and regulations to ensure operations are running effectively and efficiently.


Once an audit has been approved, the audit process begins. 

For More Information For More Information


Internal Audit

ENMU Station 9
1500 S Ave K
Portales, NM 88130

Quay Hall, Room 115

Phone: 575.562.2218

Staging Enabled