Internal Audit Department

What does the Internal Audit Department do?

The Internal Audit Department examines how University units operate. Generally, an audit includes an evaluation of the adequacy of accounting, financial, and operating procedures and internal controls and a determination of compliance with policies, procedures, and applicable regulations.

What are internal controls?

Too often internal controls are perceived as being "red tape." Internal controls are implemented at several levels and are designed to provide reasonable assurance that University operations are conducted in the manner intended. Generally, internal controls can be clasified into two categories:

Accounting Controls are designed to safeguard assets and ensure the accuracy of financial records.
Administrative Controls are designed to promote operational efficiency, effectiveness, and compliance with University policies and procedures and applicable regulations.

Internal Audit tests the adequacy of both accounting and administrative controls.

Who is responsible for internal controls?

Everyone is responsible for internal controls. While the Board of Trustees provides governance, guidance, and oversight, the University President is ultimately responsible for maintaining an adequate system of financial and administrative controls. Department heads and managers are responsible for internal controls in departments and should take "ownership" of the internal control system. The department head or manager sets the "tone" for the department by influencing the control consciousness of staff members and by communicating an administrative philosophy that includes integrity, ethical values, and competence. Everybody must understand that internal controls must be taken seriously.

Why was my operation selected for an internal audit?

Annually, the Director of Internal Audit prepares an audit plan for the University. There are several factors that go into determining what areas should be included in the audit plan. The Director of Internal Audit will consider risk factors when assessing the audit universe. Examples of risk factors include:

Dollar Materiality

Transaction Volume

Internal Accounting Controls

Loss Susceptibility/Experience

Other Factors such as new or changed information systems, regulations, or programs

Consideration is also given to whether the operation has been audited before, how long it has been since the previous audit, and whether past audit observations warrant a follow-up audit. Due to external factors, some operations receive an annual internal audit. Other operations may be audited less frequently. Eventually, we want to visit as many departments as possible.

Can I seek advice from the Internal Audit Department outside of a formal audit?

Yes. The Internal Audit Department will be pleased to assist you on internal control and accounting questions. Many of the calls we receive are from managers whose operations have been audited.

Return to Internal Audit Department Home Page