INDEX A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Office of Internal Audit

 

Frequently Asked Questions

What is the difference between an internal auditor, an external auditor, and a state or other government auditor?

At ISU, you may encounter internal, external, and government auditors. Each type of auditor has a different scope, perspective, and objectives.

As ISU internal auditors, our responsibilities lie within the University and may extend to entities that interact with the University. External auditors include public accounting firms and the Auditor of State. Public accounting firms are engaged to provide audit services to clients in many businesses and institutions. State auditors have audit responsibilities related to state agencies, including the Regent institutions. Auditors from federal government agencies audit federally funded programs.

What is the authority of Internal Audit?

We have been authorized by the Board of Regents and the President to have unrestricted access to all University functions, records, properties, and personnel. However, we will make every effort to ensure that security of assets and privacy of records are not compromised, and that services are not unnecessarily disrupted.

Why was my unit selected for an audit?

The decision of what audits to include in the annual audit plan is based on a risk assessment performed by Internal Audit and on input from University administration, Board of Regents, and State Auditors. We also make provisions for management requests and to investigate possible irregularities.

Factors that are considered in selecting units to be audited include:

·        The size and complexity of the operation

·        Highly regulated operations or operations subject to a high level of public scrutiny

·        Major changes in operations, program, systems, controls, or management

·        Potential risk of financial loss

·        The date and results of the last audit of the area

How will the audit observations be reported?

You and your staff will be made aware of the auditor's observations throughout the course of the audit. When the auditor's testing and review is complete, a meeting will be held at which the auditor will describe the audit observations, if any, and offer recommendations for action plans. You and the auditor will then brainstorm to identify the most effective and realistic solutions. By combining your expertise in the operations of your unit, and the expertise of the auditors in operational procedures and controls, a truly effective and realistic action plan can be designed. Next, target dates are set for implementation of each of the action plans.

After the discussion, the auditor will prepare a draft report summarizing the audit observations and your action plans. You will be able to review a draft of the report before the final version is issued. Final audit reports are distributed to the President, the Provost, the Vice Presidents, the Board of Regents Office, and to your management staff, as appropriate. The final report is a public document.

Why would I request an audit?

An audit is an opportunity to receive an independent appraisal of the effectiveness and efficiency of your unit's activities. For example, if you have recently assumed new or additional supervisory responsibilities, an audit of your operations can help you assess whether internal controls in your unit are adequate. Also, Internal Audit participation during development of new computer systems can provide insights regarding necessary controls and security procedures. A periodic "checkup" to review your unit's processes can aid in your efforts to comply with University policies.

Anyone within the University can request an audit. We are also available for consultation without having to perform an audit. You may submit a request for our services directly to the Office of Internal Audit, or you may wish to coordinate your request with the Provost's Office or appropriate Vice President's Office.

What are internal controls?

Internal control is an integrated system of policies, procedures, and activities put in place to –

·        Keep your unit on course to achieve the unit's and the University's mission.

·        Promote compliance with laws and regulations.

·        Promote efficiency, reduce risk of asset loss, and help ensure the reliability of financial data.

Control activities include –

·        Approving transactions

·        Authorizing transactions

·        Verifying transaction validity and accuracy

·        Reconciling statements

·        Segregating duties

·        Reviewing operating performance

·        Securing assets

·        Monitoring accounts

·        Analyzing

·        Comparing

·        Reporting

·        Observing

·        Communicating

Who is responsible for internal controls?

Everyone in your unit is responsible for internal controls. The dean, department chair, or director is ultimately responsible for internal controls of the department or unit and should take "ownership" of the internal control system. The dean, department chair, or director sets the "tone" for the unit by influencing the control consciousness of his/her staff and communicating an administrative philosophy that includes integrity, ethical values, and competence.