Office Org Chart
Executive Vice President
& Treasurer
& Treasurer
Board of Trustees
Madina Sabirova,
Chief Audit and Enterprise Risk Officer
Chief Audit and Enterprise Risk Officer
Internal Audit
- Risk-based Operations / IT / Compliance Audits
- University Hotline and Investigations
- Fraud Risk Management Program
- IT General Controls Program
Enterprise Risk Management (ERM)
- Enterprise Risk Management Program
Operational Resilience
- International standards Organization (ISO) Program
- Business Continuity Management Program
Risk-Based Operational / IT / Compliance Audits
- Internal Audit delivers point-in-time audit assessments of how well key controls and processes are functioning. It evaluates operations, systems, and activities to ensure they are efficient, effective, and aligned with the University’s objectives. Through risk-based audit planning, data-driven analysis, and collaborative engagement with departments, Internal Audit not only detects issues but also recommends actionable improvements that strengthen the University’s overall control environment.
University Hotline and Investigations
- Purdue utilizes EthicsPoint, a third-party hotline provider, to assist us by documenting your concerns or reports of potential unethical or illegal misconduct. With EthicsPoint, you can file a confidential, anonymous report via the telephone (1-866-818-2620) or the Internet. Internal Audit will either conduct an investigation or forward the information to the appropriate office for action. Investigations are also performed for issues referred directly by other offices.
Fraud Risk Management Program
- Purdue’s Fraud Risk Management (FRM) Program is a structured approach designed to identify, assess, and mitigate fraud risks within the broader organization. It recognizes the evolving landscape of fraud, characterized by increasingly sophisticated tactics employed by fraudsters, and aims to protect the University’s reputation and operational standards. By focusing on education, proactive risk management, and rigorous enforcement of ethical standards, the program aims to create a resilient culture against fraud.
IT General Controls Program
- IT General Controls (ITGCs) are overarching controls that govern how technology systems are accessed, developed, maintained, and secured. The ITGC program includes annual risk assessments of University systems to prioritize ITGC audits for the next audit plan. A standardized risk and control matrix is utilized to ensure consistency in audit processes. Annual communications are provided to stakeholders on the status of the IT control environment.
- ERM is a continuous, structured, and enterprise-wide process designed to identify and assess risks and evaluate risk mitigation activities that may impact the University’s ability to achieve its mission and strategic goals. ERM uses a centralized framework to identify, evaluate, and monitor risks across academic, administrative, research, financial, and operational areas. The ERM function works closely with stakeholders across the institution to assess risk likelihood and impact, evaluate mitigation strategies, and provide relevant information for consideration into strategic planning and decision making.
International Standards Organization (ISO) Program
- The ISO program assists departments with attaining and maintaining certifications such as ISO 9001, ISO/IEC 27001, and ISO/ IEC 20000-1. Guidance includes audit preparation, documentation, internal reviews, and strategic alignment – enabling units to meet sponsor requirements, unlock funding opportunities, and elevate their reputational standing.
Business Continuity Management Program
- Business Continuity Planning (BCP) efforts equip university units with the tools and training needed to develop, test and refine continuity and recovery plans. Use of Business Impact Analysis, Functional Impact Analysis, and tabletop exercises help departments define critical functions, assess risks, and build actionable recovery strategies.
