Frequently Asked Questions
- Who is the Office of Audit Services?
As a service unit, we provide independent, objective assurance and consulting activities. We work with other University units to identify and manage risks and improve processes. We report directly to the Board of Regents and the University President.
- Who gives Audit Services the authority to audit?
Our authority is granted by the Board of Regents and defined in our charter (link to the SPG).
- What information is Audit Services allowed to access?
We have the authority to audit all parts of the University and have full and complete access to any of the organization’s records, physical properties, information systems, and personnel relevant to the performance of an audit or investigation. (Link to SPG)
- Why is my unit being audited?
Units and processes are selected for an audit based on many factors, including risk analysis, management request, and time elapsed since the last audit. (Link to How do we decide what to audit? [Audit Selection])
- What happens at the start of an audit?
We will meet with unit management to discuss the audit scope and objectives and the audit process. This information is used to perform a risk assessment and create an audit program, which is the blueprint for conducting the audit. (Link to What happens during an audit. [Audit Process])
- How long does it usually take to complete an audit?
Depending on the complexity, audit duration can vary from a few weeks to several months. During the opening meeting, the estimated length of the audit will be discussed.
- Who will receive the audit report?
Unit leadership, the President, University Executive Officers, and the Board of Regents receive audit reports (link to Reporting).
- Who is responsible for responding to audit recommendations?
Unit management is responsible for developing and implementing a plan for corrective action. (Link to What happens during an audit? [Audit Process])
- What are the most common audit Findings?
- P-Cards (link to Procurement Services website – guidance on P-Card use)
- Lack of documentation
- Approved at the wrong level
- Unclear business purpose
- Shared P-Cards
- Segregation of Duties (link to brochure)
- Cash handling
- Lack of required training
- Cash handling (link to cash handling training on Treasurer’s website)
- Concur approver training (link to Concur approver training on Procurement Services website)
- Deposits (link to depositor training on Treasurer’s website)
- Credit Card certification (link to credit card merchant training on Treasurer’s website)
- Budget and financial oversight (link to Fiscal Responsibilities SPG 500.01)
- Lack of review of Statements of Activity
- Pre-approvals of travel, hosting, and procurement
- Budget variance analysis
- Gross Pay Register review
- What is segregation of duties?
Segregation of duties is the concept of having more than one person required to complete a task. Segregated duties help protect the University from fraud and error and shield employees from unwarranted suspicion.
- What are internal controls?Internal controls are methods, tools, or safeguards designed to manage or mitigate risk and assist the institution with achievement of goals and objectives.
- How do I report suspected improper or illegal acts affecting the University?
Check the Compliance Resource Center (link to website) for reporting options. You may report anonymously through the Compliance Hotline (link).
- Who audits Audit Services?Every five years, Audit Services is the subject of a quality assessment review. The objective of the review is to assess conformity to The Institute of Internal Auditors’ Standards for the Professional Practice of Internal Auditing. During this review, a team of internal audit directors from peer institutions perform an independent validation of Audit Services’ self-assessment and provide a written report summarizing their conclusions.
- Why would I want an audit? An audit can help you identify ways to increase efficiency, segregate duties, and augment security.
- Who should I contact if I want an audit?Contact Audit Services at 734.647.7500 or email@example.com.
- What are we not?