What is internal auditing? What are the types of internal audits?plus or minus
As defined1 by the Institute of Internal Auditors, "internal auditing is and independent, objective assurance and consulting activity designed to add value and improve an organization's operations."
There are five general types2 of internal audits:
1. Financial Audits - these audits relate to accounting, recording, and reporting of financial transactions. Testing the adequacy of internal controls over financial reporting also falls within the scope of financial audits.
2. Compliance Audits - these audits seek to determine if departments are adhering to federal, state, and University rules, regulations, policies, and procedures.
3. Operational Audits - these audits examine the use of department/university resources to evaluate whether those resources are being utilized in the most efficient and effective way to fulfill the department's/University's mission and objectives. An operational audit may include elements of a compliance audit, a financial audit, and an information systems audit.
4. Investigative Audits are performed when appropriate. These audits focus on alleged violations of federal and state laws and of University policies and regulations and may focus on internal theft, misuse of University assets, and conflicts of interest are examples of investigative audits.
5. Information Systems (IS) Audits - these audits address the internal control environment of automated information processing systems and how these systems are used. IS audits typically evaluate system input, output and processing controls, backup and recovery plans, and system security, as well as computer facility reviews.
IA’s scope of work is comprehensive and considers all aspects of the organization - both financial and non-financial - with an emphasis on constructive improvement.
1Source: IIA, "All In A Days Work", <https://na.theiia.org/about-ia/PublicDocuments/06262_All_In_A_Days_Work-Rev.pdf>
2Source: Carnegie Mellon University, Audit Services, <https://www.cmu.edu/finance/audit-services/internal/types-of-audits.html>
How are areas selected for an audit?plus or minus
Each fiscal year the Internal Auditor prepares a draft audit plan of proposed internal audits and other projects for the upcoming year. The results of a periodic comprehensive University risk assessment are considered in selecting the frequency and scope of areas to select. The Senior Vice President for Finance/Treasurer reviews the draft audit plan with the Internal Auditor before it is presented to the University's Finance Committee for final approval.
The audit plan is flexible to allow for an investigation of possible irregularities as they arise. Special management requests for an audit review are also given consideration.
In the past few years the annual audit plan included the following work categories and estimated percentage of time devoted to each.
New internal audits:
External audit assignments:
Monitoring control procedures:
Special projects and training:
Post audit implementation reviews:
New internal audits may be conducted on any University department or process. The scope may focus on internal controls, operational efficiency, compliance with laws and policies, or sound management practices.
External audit assignments relate to the University's mandatory annual financial audit, OMB Circular A-133 audit, and retirement plans audit.
Monitoring control procedures relate to periodic monitoring of the University's purchasing card transactions, federally funded labor cost allocations, student credits, room and board billing, and physical inventory of fixed assets. Information technology controls, such as employee access rights, are also monitored.
Special projects and training relate to the Internal Auditor's participation in University task forces and committees, international student tax reporting, professional training, and other special projects.
Post audit implementation reviews relate to revisiting an audited area to report on the status of audit recommendations and to provide implementation assistance wherever possible.
What is the authority of the Office of Internal Audit?plus or minus
The Office of Internal Audit has been authorized by the University of Scranton's Finance Committee of the Board of Trustees and the University President to have unrestricted access to all University records, property and personnel. The Internal Auditor will make every effort to ensure that the security of assets and privacy of records are not compromised and services are not unnecessarily disrupted.
The Internal Auditor reports to the Senior Vice President for Finance/Treasurer. The Internal Auditor may also report a finding directly to the University's Finance Committee if a conflict of interest condition exists.
What can be expected when an audit is scheduled?plus or minus
The department head/director or senior management of the area to be audited will be notified when an audit is scheduled. The Internal Auditor will contact the appropriate personnel to schedule a meeting to discuss the audit. At this meeting, the scope and objectives of the audit will be discussed. The audit process will be explained and any concerns or questions regarding the audit will also be discussed.
Who will receive the audit report?plus or minus
The department head/director and the Vice President of the area audited, as well as the Senior Vice President for Finance/Treasurer, receive a full copy of the audit report. Other personnel who will be instrumental in implementing one or more audit recommendations will receive either a full copy of the audit report or selected findings and recommendations, as appropriate.
Management of the area being audited will receive one or more draft audit reports and have an opportunity to prepare a written response to each finding and recommendation as described under the audit process.
The University's Finance Committee of the Board of Trustees receives findings considered to be "major" as defined in the rating of audit findings. The Internal Auditor also summarizes all significant audit findings, recommendations and improvements made each year for presentation to the Finance Committee.
How long does it usually take to do an audit?plus or minus
Audits can take from a few days to several weeks depending upon the complexity of the operation and the condition of the records. During the entrance interview, the estimated length of the audit will be discussed. As the Internal Auditor becomes more familiar with the operation and the records, it becomes easier to estimate the length of time an audit will take. The Internal Auditor will keep you informed about the progress of the audit throughout the audit.
Is there ever a surprise audit?plus or minus
Usually the area to be audited will be notified. However, surprise audits are conducted.
May I request an audit?plus or minus
Yes. An internal audit can be very beneficial especially if there has been a change in either the management of the area or in key personnel. An audit can provide an assessment of the current internal controls and assist in the modification of procedures. An audit will provide an independent appraisal of the effectiveness and efficiency of an area's activities. Audit recommendations typically result in improvement to operations.
Do personnel of the audited area have a chance to rate the audit service?plus or minus
Yes. Personnel of the audited area are requested to complete a feedback questionnaire that is returned directly to the Vice President for Finance/Treasurer.