Skip to body

Internal Audit

Audit FAQs

Frequently Asked Questions (FAQ's)

1) What is the authority of the Department of Internal Audit?

Members of Internal Audit, or their designee, are authorized to have free, full, and unrestricted access as necessary to all and any University information, activities, records, property, manual and automated systems, and personnel for the purpose of carrying out their responsibilities.

Administratively, Internal Audit reports to the Vice President of Business & Financial Affairs, and functionally to the Board of Trustees Audit Committee.

2) How are audits selected?
Audits are selected through a risk assessment process. There are several factors affecting the activities, departments, functions or units selected to be audited. For example, Internal Audit assesses the risk or exposure to loss that any given activity, department, function or unit represents to the University. This assessment is used to weigh the order in which they are selected. Audit requests may also come from departments, functions and units or external sources, such as our external auditors. All organizations directly or indirectly managed by the University can be subject to review by the Department of Internal Audit. 


3) How long does an audit typically take?
The length of time it takes to complete an audit varies significantly. Generally, the time required for the audit will vary depending on the size, complexity and strength of the organization's internal controls. Some take as little as a couple of weeks and others can take several months. The audit is a dynamic process, the scope of which can be expanded or reduced at any time depending on the issues.


4) How much of my time will the audit require?
For each audit, there will generally be an individual within your organization who will act as our main contact for the duration of the audit. The main contact will be responsible for meeting with us to help determine the scope of the audit, gathering requested documentation, discussing our audit issues and recommendations, and reviewing the final audit report. We will also need to meet with other key personnel during planning and fieldwork to complete our understanding of business processes. Length of meetings can vary depending on the subject matter.


5) What does the basic audit process involve?
An audit is broken down into four main parts. They are as follows:

  • Planning:During this phase we gather various types of information from interviews with department, unit or function personnel and members of other offices with which the audited department, unit or function regularly interacts with, as well as from financial analyses we perform. This information helps us get a clear understanding of the various functions of the audited department, unit or function and establish the preliminary scope for the engagement.
  • Fieldwork:This phase is where we begin spending a good deal of time "on site" in the department, unit or function. Since each is unique in its size, purpose, staffing, procedures and issues, audit fieldwork can also be unique. We perform tests of various department, unit or function transactions. The number of transactions tested varies from audit to audit depending on our scope. The transactions to be tested will be provided in advance so that department, unit or function personnel have ample time to gather the information before our arrival.
  • Reporting:This is the compilation phase. During this part of the audit, we assemble any audit issues and/or suggestions in draft form for discussion with department, unit or function management. As a result, some issues are resolved and some remain to be included as part of the "official" audit report.
  • Follow-up:It is anticipated that all audit recommendations will be followed up with the department, unit or function within a reasonable timeframe after the report is issued.

6) What are the benefits of the audit process to my department, unit or function?
The overall goal of our audit is to provide the department, unit or function being reviewed with an assessment of their control environment and compliance with appropriate policies, procedures, laws, and regulations.


A secondary goal of our review is to make recommendations, if necessary, that are aimed to improve the efficiency and/or effectiveness by which certain procedures are performed. Internal Audit is uniquely qualified in this respect because it has broad exposure to the University and can therefore relate its experiences to the department, function and unit being reviewed.

7) May I request an audit?
You may contact the Department of Internal Audit if you want to request an audit. At this time, we will discuss the request to determine a mutually convenient time.


8) What information will I need to provide the auditors?
Prior to our review, we may submit an initial request for information to the department. This request may include general department information, which aids us in gaining an understanding of the department, unit and function being reviewed. When we begin the fieldwork segment of our review, the department, unit or function will need to provide us with various details supporting the transactions we are testing.


9) How can I prepare for an audit?
For scheduled audits, Internal Audit will communicate in advance to the department, unit or function and senior management about an upcoming audit. After being notified, the department can prepare for an audit by doing the following (not a comprehensive list):

  • Make ready for release to the audit team, the department's organization chart, list of key personnel and their job descriptions, process flowcharts, operating policies and procedures.
  • If applicable, make available the copies of recent external audit reports completed on your department within the audit period.
  • Inform the department staff about the upcoming audit and encourage full cooperation with the audit team.
  • If applicable, assign areas of the audit scope to key employees so they can effectively plan and prepare to respond to audit requests.
  • Contact the audit team, in a timely manner, if you have questions or comments about the upcoming audit.


10) Will the audit interfere with normal workflow within my department?
Inevitably there will be some disruption within the department's daily schedule. However, we try to keep this disruption to a minimum and schedule our meetings with department, unit or function personnel at a mutually convenient time.


11) How confidential will the information I provide to you and my audit report be?
All information received and managed by Internal Audit is held at the appropriate level of confidentiality. Please see the Code of Ethics for additional information on confidentiality.


12) Who gets copies of audit reports?
In general, an audit report is issued to those in a position to see that corrective actions are taken and those with a need to know, generally, the VP of BFA, Senior Officials and key management personnel on a need to know basis, including members of the Audit Committee.


The distribution of reports to others that may request a copy must be approved by Internal Audit. This restriction prevents an indiscriminate broadcasting of reported information to people without a need to know.

13) Who audits the Department of Internal Audit?
Internal Audit adheres to the International Standards for the Professional Practice of Internal Auditing, which requires an external assessment once every five years by a qualified, independent review team.


14) What is the difference between internal auditors and external auditors?
Internal auditors work in the Department of Internal Audit and are employees of the University. They support management and the University by performing audit activities that address risks and controls at all levels across the University.

External auditors are non-employees of the University and they include the University appointed audit firm and external auditors from government / regulatory agencies (for example, State Auditor’s Office).

Take the Next Step to Becoming a Wildcat.