What are internal controls and why are they important?
Internal controls are the procedures used to ensure reliability and integrity of information, compliance with University policies, compliance with applicable laws, regulations, etc., assets are properly safeguarded, resources are utilized economically and efficiently, and goals and objectives are met.
University management is responsible for maintaining an adequate system of internal control. Internal auditors independently evaluate this system of internal control and provide management recommendations for improving internal controls.
How is an area selected to be audited?
Risk Analysis - The Office of Internal Audits has developed a risk measurement process for use in constructing annual audit plans. University departments and functional areas are selected for review based on several risk factors such as financial loss potential, regulatory compliance, size and complexity of operations, prior audit recommendations, time since last audit, etc... The annual audit plan is approved by the Finance and Audit Committee of the Board of Regents.
Special Projects - These projects are audits or investigations that are conducted upon request. These include specific requests by administration, departmental request, and investigations based on information obtained from various sources.
What happens during an audit?
Notification Letter - With a few exceptions, auditees are notified in writing when their area is selected for an audit. These letters are sent to the Vice President of the area being audited as well as to the appropriate Dean, Chairperson, or Director. The notification letter states the objectives of the audit and estimated start date. Due to the nature of some audit work, we may give little or no advance notice.
Entrance Conference - An entrance conference is scheduled with the auditee to discuss the purpose and scope of the audit. This may also be accomplished via telephone if the auditee so desires. We encourage auditees to discuss any concerns or questions they may have about the audit at this time.
Together, the auditee and the auditors determine the departmental personnel and physical facilities needed to conduct the audit.
Audit Work - It will often be necessary for the auditors to be in the auditees area to review records and conduct interviews of appropriate personnel. The interviews are necessary for the auditor to become familiar with the auditees operations and procedures. Written policies and procedures may also be requested to aid the auditor in understanding the operations. We realize each person's time is valuable, so we attempt to arrange meetings in advance and to work around scheduling conflicts when possible.
The duration of the audit will vary depending upon its nature and scope. Limited scope audits may take only a week or two, while broad scope audits may take several months. The level of cooperation received from the auditee also has a bearing on the duration of the audit. Timely access to personnel and records is important for the prompt completion of our audit work.
Communicating Results - The results of the audit are communicated to the auditee via verbal communication, informal letters to the auditee, or a written audit report (in draft form). The purpose of the written audit report is to present the audit objective, scope, methodology, results, and recommendations of the audit. Audit recommendations are intended to improve the operations of the auditee and the University.
Exit Conference - An exit conference is held to discuss the written audit report (in draft form) and provides an opportunity to resolve any questions or concerns the auditee may have about the audit recommendations and to resolve any other issues before the final audit report is released. Those attending usually include the auditors and the Vice President, Dean, Chairperson, and/or Director, as well as anyone from the audited area that the auditee wishes to invite. After the exit conference, the auditee will be required to provide to the auditors their written management's responses to the audit recommendations to be included in the final audit report.
Final Audit Report - The final audit report will include the audit objective, scope, methodology, results, recommendations, and management's responses. Copies of the final report are distributed to the University Chancellor and President, TWU Board of Regents, and applicable Vice Presidents, Deans, Chairpersons, and/or Directors of the audited area.
Follow-up Review - There will be occasions when action to resolve a recommendation will not be accomplished until after the audit work is completed. Our professional standards require that we follow-up and report on previously reported audit recommendations to determine whether corrective action was taken as planned by the auditee.
Who audits the auditors?
The Office of Internal Audits is not immune to being audited. Members of the State Auditor's Office annually review internal audit activity. In addition, every three years, a team of auditors from outside the University performs a Quality Assurance Review as required by law.