Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
What are the Internal Audit Office’s responsibilities?
Our first responsibility is to help the Board of Governors to fulfill its legal and fiduciary obligations in matters involving the University's legal-compliance functions for accounting, auditing, financial reporting, internal control and other financial matters.
Who receives the Internal Audit Reports?
Final Management Summaries are reviewed by Senior Management and by Audit Committee members; detailed reports (Audit Results Sheets) are reviewed by auditees.
What happens during an audit?
In general, the audit may include a review of financial and administrative management practices or processes within faculties and services to ensure the efficient and effective management of resources and compliance with University policies and procedures.
Why were we selected to be audited?
After an annual assessment, areas of potential risk to the University are identified and are subject to be audited.
Can Internal Audit provide advisory services?
Yes, we can provide recommendations or advice on management issues or concerns. Generally, however, we don't comment on the state of internal control when providing advisory services.
What is the difference between External Audit and Internal Audit?
Internal auditing differs from external auditing in the following ways: internal auditors are employees of the organization; they assist management and, for the most part, perform operational audits; external auditors represent third-party users and most often perform financial audits.
What are Internal Controls?
Internal controls are processes designed by an organization's board, management and other personnel to provide a reasonable assurance that objectives in the following areas are being achieved:
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations
Safeguarding of assets
Internal control is affected by people at every level of a faculty or service. That said, internal control is, to some degree, everyone's responsibility. At the University, managers at the department or service level are primarily responsible and accountable for internal control in their academic unit or their service.
What is Continuous Auditing?
Continuous auditing is any method used to perform audit-related activities on a more continual basis. A continuous auditing approach allows internal auditors to fully understand critical control points, rules and exceptions. With automated, frequent analyses of data, they are able to perform control and risk assessments in real time or near real time. They can also analyze key business systems from both anomalies at the transaction level and for data-driven indicators of control deficiencies and emerging risk.
What are the possible outcomes of Continuous Auditing?
The outcomes of continuous auditing involve notifications or alerts indicating control deficiencies or higher risk levels. The notifications or alerts can be prioritized and, depending on the seriousness of the risk or control deficiency, communicated to the owner of the business process or application system. The audit response to these notifications may range from an immediate audit of the identified control system to flagging an area for a future audit.
Why does Internal Audit use Continuous Auditing?
Continuous auditing is used jointly with traditional auditing. While traditional auditing focuses more on a sampling approach and includes activities such as reviews of policies, procedures, approvals and reconciliations, continuous auditing is used to perform assessments automatically on a more frequent basis. Continuous auditing can help auditors to evaluate the adequacy of management’s monitoring function. Additionally, it supports risk identification and assessment for the entire audit universe and can be used when developing the annual audit plan by focusing audit attention and resources on areas of higher risk as well as the objectives of a specific audit.