Office of Internal Audit

SBCC Office of Internal Audit (OIA) employees are SBCC employees and the OIA works specifically with SBCC to achieve its mission and objectives.  Internal audit at SBCC is dedicated to helping colleagues by providing independent assessments specific to SBCC’s needs, and consulting services to improve internal controls and risk mitigation processes at SBCC.

Periodically, SBCC has external auditors that conduct a variety of audits at the institutions.  External auditors are not SBCC employees but are granted access to review records and interact with personnel within the scope and objectives of their engagement. Examples of typical audit activities include the annual audit of the SBCC District Financial Statements, review of the Parking Fees Program, and audits of past bond measure funds.

A risk assessment is a systematic process of identifying, analyzing, and prioritizing potential risks – strategic, operational, financial, compliance, and reputational – that could prevent an organization from achieving its objectives.  The risk assessment process serves as the foundation for developing a risk-based audit plan and ensures that audit resources are focused on high-risk areas.

A risk assessment provides a tool for management to share concerns about factors impacting the institution's ability to meet its objectives. Auditors gather information that helps to assess risks to the institution, classify the information as high, medium or low risk to the institution, and rank the results from highest to lowest risk exposure to the institution.  Information considered includes:

• internal and external factors,
• likelihood of an event occurring,
• impact of an event on SBCC should it occur,
• multi-year financial trends, and
• time elapsed since an area was last audited.

The results are used to develop an annual internal audit plan which is vetted through leadership and approved by the Superintendent/President of SBCC and the Board of Trustees.

The SBCC Internal Audit Charter, as approved by the SBCC Board of Trustees, defines the purpose, authority, responsibility, and scope of the SBCC Office of Internal Audit (OIA). The charter grants the OIA unrestricted access to any of the institution’s functions, records, property, and personnel.

Although the Charter provides the OIA with unrestricted access to the institution’s functions, records, property, and personnel, the OIA conducts its work in accordance with the 2024 IIA Global Internal Audit Standards. These standards require internal auditors to apply due professional care, maintain confidentiality, and exercise sound professional judgment.  Accordingly, the OIA limits its access to information relevant to the engagement’s scope and objectives, thereby protecting sensitive information and upholding the integrity of the audit function.

No, the SBCC Foundation is a separate entity from SBCC and the Office of Internal Audit does not have audit authority for the foundation.

Yes, updates are provided throughout the audit process.  Management has the opportunity to provide feedback during these updates and again at the end of the engagement in response to the draft audit report.  

Management must provide a response to all recommendations made during the Exit Conference.  Management’s response is included in the final audit report that is provided to relevant management, the Superintendent/President of SBCC, and members of the Finance and Audit Committee of the Board of Trustees.

For further information on what to expect from an audit, please review the Audit Process section of the OIA website.