Audit Annual Plan
Caltech's Audit Services conducts all audits in conformance with The Institute of Internal Auditors' Global Internal Audit Standards.
2026 Campus Audits
Attorney Client Privilege (ACP) Audit
Evaluate the adequacy and effectiveness of controls implemented over the Form I-9 process to ensure the timely completion and accuracy of forms and supporting documents, and to comply with the retention requirements following employment termination. A Form I-9 is required to ensure that an individual is eligible to work in the USA.
Evaluate the adequacy and effectiveness of controls implemented to ensure compliance with NDAA 889 requirements which prohibit the purchase and use of covered telecommunications and video surveillance services or equipment from prohibited international companies and their subsidiaries. We will audit controls related to covered entities and training Campus personnel.
Evaluate the adequacy and effectiveness of controls implemented for key data repositories to ensure encryption at rest and in transit. This audit will include data maintained by key cloud providers.
Evaluate the adequacy and effectiveness of IT controls, including penetration and vulnerability tests, for selected systems. We will use a consultant to perform these tests.
2026 JPL Audits
ACP Audit
Evaluate the adequacy and effectiveness of controls implemented to ensure compliance with ADA requirements specific to external websites.
Evaluate the adequacy and effectiveness of controls implemented over the Form I-9 process to ensure the timely completion and accuracy of forms and supporting documents, and to comply with the retention requirements following employment termination. A Form I-9 is required to ensure that an individual is eligible to work in the USA.
Evaluate the adequacy and effectiveness of controls implemented in compliance with state and federal payroll regulations including payroll taxation.
Evaluate the adequacy and effectiveness of controls over the P-card processes including cost allowability, support documentation, and the reporting relationship of the P-card owner and the approver.
Evaluate the adequacy and effectiveness of controls implemented as part of the Radiation Safety Program to ensure safe operating practices during research activities.
Evaluate the adequacy and effectiveness of controls implemented as part of the Systems Safety Program to ensure personnel and hardware safety for flight projects.
Evaluate the adequacy and effectiveness of controls implemented for key data repositories to ensure encryption at rest and in transit. This audit will include data maintained by key cloud providers.
Evaluate the adequacy and effectiveness of processes and procedures implemented to grant internal and external users' access to JPL's Flight Mission Network.