- What is internal auditing?
- What happens during an audit?
- Who receives Internal Audit reports?
- What are the benefits of being audited?
- How often do we audit departments /selection of areas to be audited?
- Is the Internal Audit Office part of the Bursary?
- What is the difference between Internal and External Audit?
- What kind of audits do we do?
- How long do audits take?
- I have a question, can internal audit help me?
- How far back do we look during an audit?
What is internal auditing?
The Institute of Internal Auditors offers the following definition of internal auditing:
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps the organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes”.
The above definition might appear lengthy and a bit technical; but in simple terms the role of internal audit includes the following:
- To ensure that policies and procedures, external laws and regulations are complied with.
- To ensure that University resources are used effectively and economically.
- To ensure that University assets are adequately safeguarded
- Information given to management is accurate and reliable.
The aim of internal audit is to assist management and departments with information about the establishment and maintenance of internal control and ensure that these activities can be carried out efficiently and effectively. This is achieved by evaluating financial, managerial and operating information; making recommendations for improvement of controls. This description shows that internal audit is more about improving internal control, reducing risk exposures, ensuring compliance to laid down policies and procedures, economic and efficient use of resources etc. Contrary to common perception, fraud is not the main focus of internal audit. Fraud can be reduced with good and effective controls and positive attitudes of staff and management towards controls.
What happens during the audit?
The audit will generally start with an entrance interview with the department head and other key members of the staff. Additional in-depth interviews will likely follow. Then an examination of departmental records, equipment, and compliance with UNESWA policies and procedures will be performed. The scope of the work performed will be controlled to a great degree by the auditor’s perceived risks of the audited area. A successful audit requires active participation between internal audit and the department being audited. As in any special project, an audit results in a certain amount of time being diverted from the department’s usual routine. All attempts are made by the auditors to be unobtrusive and not to interfere with department operations.
Each audit has a defined scope and objectives. An auditor requesting information from a department will explain where necessary the audit’s purpose and objectives so the department’s representative can understand the reasons for the questions being asked or requests being made.
Department heads responsible for areas under review have the opportunity to discuss the report with the Internal Auditor and the Internal Audit Officer. The Internal Audit Office aims to develop and issue factual and accurate final reports, however there may be instances where department heads do not agree with the assessment or recommendations the Internal Audit Office has made. Each report will be discussed at a draft stage with the process owner and then the department head/dean/director to ensure its accuracy and that the recommendations, language and tone are appropriate to achieve the University’s objectives. This does not mean that recommendations must always be agreed upon and it is important that the Internal Audit Office delivers an independent view of the process or area being audited. In some cases this will contain a different perspective from that of the department. This is both appropriate and healthy. Each report provides a section for a response to allow department heads to articulate their consideration of the recommendations and findings of the report and state what action will be taken as a result. All recommendations are then agreed with department heads and a timetable for implementing recommendations is then agreed.
Who receives the Internal Audit reports?
The Internal Audit reports, including the auditee’s responses to any recommendations that are made, are routinely routed to the responsible Department Head or Director, the Dean (if appropriate), the Vice Chancellor, Administrative Management Committee and the University Audit Committee.
We perform follow-up audits after approximately six months of each audit to discuss auditee’s success at implementing the recommendations. Results of follow-up audits are submitted to the Vice Chancellor, Administrative Management Committee and the Audit Committee. The above shows that the department staff has the responsibility to implement agreed upon recommendations while management has the overall responsibility to ensure that all audit findings have been addressed.
What are the benefits of being audited?
An audit of each area/ department will bring the following benefits:
- Help to identify potential areas of weaknesses or inefficiency within the system, process or department.
- Provide an independent review of risks and issues facing the department heads and directors.
- Help to maximize the overall effectiveness of the system, process or department’s activities.
- Provide practical, imaginative and challenging observations and recommendations for consideration.
- The audit report provides an action plan so that any program of improvements can be effectively monitored and managed.
- Helps department heads to demonstrate confident and open leadership and commitment to process improvement in their areas.
How often do we audit departments/selection of areas to be audited?
There is no hard and fast answer to this question because the Internal Audit Office uses a risk-based approach to develop an annual audit work plan. The result is that some departments are audited more frequently than others. This risk-based approach includes an annual, University-wide risk assessment that considers such factors as the time since the last audit and significance of findings that resulted, size of the annual budget and revenue streams, complexity of operations, emphasis on internal controls, and external compliance requirements. In general, the higher the degree of identified risks, the more often a department will be audited. Occasionally, departments may also be selected for an audit by special request of the department head or a senior University official.
In addition to planned audits, the Internal Audit Office responds to reports on fraudulent activities, irregularities, or mishandling of University funds.
Is the Internal Audit office part of the Bursary?
No. The Internal Audit Office is a separate department from the Bursary Department and Accounts with direct reporting to the Vice Chancellor and the Audit Committee.
What is the difference between Internal Audit and External Audit at UNESWA?
The Internal Audit Office is the University’s independent assurance function that reports to the Audit Committee and the Vice Chancellor on the systems of control and governance, risk management and the value for money. The work of the Internal Audit covers both financial and non-financial aspect of the University’s operations. The role of the external auditors on the other hand is to provide an independent opinion on the truth and fairness of the University’s financial statements. The External Auditors report to the University Council. KPMG are the current external auditors of the University.
What kinds of audits do you do?
The Internal Audit Department offers the following services to the University:
- Regular audits – these are scheduled as part of an annual audit schedule, but may come up during the year.
- Follow up audits – these are also scheduled as part of an annual schedule. They are performed to ensure that reported concerns are adequately addressed by management within reasonable time.
- Consultations reviews – these are requests from interested parties. Requests can be schedule as part of an annual audit schedule or come up during the year. Reviews will depend on the magnitude of risk exposure.
- Special investigations – these come up during the year when interested parties contact the Internal Auditor where irregularities or inappropriate conduct is identified.
- Requests for advice – these also come up during the year when interested parties contact the Internal Auditor with questions or for advice on internal control and risk management issues.
- Policies and procedures – the department assists in the drafting and evaluating financial and operational policies and procedures of all activities of the University.
How long do audits take?
There is no easy answer to this question as each audit’s length will depend on the nature and scope of the review. Small audits might last 20 hours while more complex reviews can last several months.
I have a policy question, can Internal Audit help me?
Absolutely, if you have questions on policies, procedures, or best practices we will be glad to help. In some cases we will know the answer to your question, but if we don’t we will be glad to research the answer to your question.
How far back do we look during an audit?
The general scope period for departmental reviews includes account activity during the most recent six to twelve months. The scope period is determined with the objective of providing results that are relevant and timely. However, it is often necessary to extend the scope period for specific accounts or transactions to facilitate a reasonable and objective examination of activities and provide results that are informed and accurate. This is done where appropriate to review infrequent but recurring transactions assess annual budgeting practices, identify patterns, etc.
The scope period for special reviews is flexible and depends on the objectives of a given review and the depth of examination required satisfying these objectives.