Case In Point: Lessons for the Proactive Manager
Volume 18 Issue 05 | May 2026
Many of our readers know that my career background is in the internal audit profession. Technically, I still hold the Chief Audit Executive (CAE) role at AU, though recently my focus has been more on campus security related issues. You may not know that May is Internal Audit Awareness Month. There are many misconceptions about internal audit which is by definition:
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
For Internal Audit Awareness Month, I thought I’d interview Traci McGill, AU’s Director of Internal Audit, to help educate our readers about this important and often misunderstood function.
• What should people know about internal auditing in higher education?
Internal Audit takes a risk-based, university-wide perspective to help leadership anticipate challenges, improve processes, and operate effectively in a complex regulatory environment. Our work is aligned with university priorities and emphasizes internal controls, accountability, and practical solutions.
• What is the most common misconception about internal audit?
A common misconception is that Internal Audit’s role is to “find fault” or act as an enforcer. In reality, Internal Audit serves as a collaborative partner, focused on identifying risks, strengthening processes, and supporting continuous improvement. The goal is not to assign fault, but to help the institution strengthen operations.
• What types of projects does internal audit perform?
Internal Audit conducts a wide range of projects, including operational, financial, and IT audits; compliance reviews; advisory projects; and fraud, waste, and abuse investigations. Project selection is guided by a risk-based approach aligned with the university’s strategic priorities.
Thank you, Traci, for giving us a better understanding of internal auditing and its important role within the institution. I’d also like to note that effective June 1, 2026, I’m taking off that CAE hat and handing it to Traci, who will serve in that role and administratively report to me.
Whether you are in an internal audit role or another administrative function in higher education, you have plenty of risks to manage, so we again invite you to review the events occurring across our industry with a view toward proactively managing risk.
Kevin Robinson
Vice President
Institutional Compliance & Security
