Frequently Asked Questions

What is internal auditing?

The Institute of Internal Auditors (IIA) defines internal auditing as:

"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."  - Institute of Internal Auditors

What is internal control?

Internal control is a process, effected by an entity’s board of directors, management and other personnel. This process is designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. Internal control consists of five major components: control environment, risk assessment, control activities, information and communication, and monitoring.

Therefore, it is important to note the following:

  1. Internal control is a process. It is a means to an end, not an end in itself.
  2. Internal control is not merely documented by policy manuals and forms. Rather, it is put in by people at every level of an organization.
  3. Internal control can provide only reasonable assurance, not absolute assurance, to an entity’s management and board.
  4. Internal control is geared to the achievement of objectives in one or more separate but overlapping categories. 

- Committee of Sponsoring Organizations of the Treadway Commission (COSO)

Generally, there are two types of controls: 1) Preventive 2) Detective.  Preventative Controls are designed to discourage errors or irregularities from occurring.  (Example:  Process vouchers only after approvals have been obtained from appropriate personnel.)  Detective Controls are designed to find errors or irregularities after they have occurred.  (Example: Reconciling Banner Monthly Detail Reports to departmental records).  

Why might I request an audit?

Audits can produce many benefits and the timing of an audit can be an important factor. Consider the situation where you assume new or additional supervisory responsibilities. An audit can review administrative procedures to determine whether internal controls in your new area are adequate. An audit is also helpful in assessing system controls and changed office procedures for newly installed computer systems or procedures changed as a result of restructuring.

A periodic review of your unit's administrative activity can benefit you. It will help you to be sure that your procedures adhere to university and state policies. An audit may also include an evaluation of the effectiveness and efficiency of your unit's administrative activities.

Anyone within the university can request an audit. You may submit a request for an audit directly to the Office of Audit and Advisory Services. However, it is usually best to coordinate the request with your vice president.

Who will receive the audit report?

The final audit report is distributed to the Business Affairs & Audit Committee of the Board of Visitors, the president of the university, and the vice president to whom you report. Those within the university who have a need to know also receive the report.