Frequently Asked Questions
- To Whom Does Internal Audit report?
- What does an Internal Control Assessment or Review of Internal Controls and Risk Management report look like?
- How are departments selected for internal audit?
- What are business risks?
- What are internal auditors looking for?
- What happens if areas of non-compliance are noted within an audit?
- How long does an audit take?
- What are internal controls?
- What internal controls should my department have in place?
- Who can provide training on internal controls?
- What steps are involved in the audit process?
- Can I request an audit?
- Is it Internal Audit’s job to identify fraud?
- How long must my office retain records?
- Where can I find university policies?
To whom does Internal Audit report?
Internal Audit reports directly to the Chancellor and to the Audit Committee.
What does an Internal Control Assessment or Review of Internal Controls and Risk Management report look like?
These reports can be found on the Internal Audit website at ICA and ICRM
How are departments selected for an internal audit?
The audit of most areas (other than special requests) is based on the periodic Risk Assessment. This assessment includes input from management and staff in identifying risks.
What are business risks?
Business risks are circumstances, events, or activities that can adversely affect the achievement of the university’s objectives.
What are internal auditors looking for?
Primarily, we are reviewing internal controls and compliance with university policies.
What happens if areas of non-compliance are noted within the audit?
We will make recommendations for improvement.
How long does an audit take?
Audits can take from several days to several months depending on the type and complexity of the audit.
What are internal controls?
What internal controls should my department have in place?
To help identify internal control deficiencies in your area, an Internal Control Self-Assessment is available on our website (Self Assessment). The self-assessment questions address key areas such as cash receipting, departmental payroll processes, confidentiality, and IT, to name a few. Relevant policies are included, as well as suggestions for any “no” answers. Completion of this assessment should provide a clear picture of needed controls in your area. If you have any questions, you can always call us at (662)915-7692.
Who can provide training on internal controls?
Internal Audit staff members are available to provide training on internal controls. Please contact the Internal Audit Office at email@example.com or firstname.lastname@example.org discuss your training needs.
What steps are involved in the audit process?
See Audit Process.
Can I request an audit?
Yes. Internal Audit will try and meet all audit requests.Audits can be requested on the Internal Audit Website at Request an Audit. Please keep in mind, however, that these requests will be weighed against our current audit plans to determine if and when they can be performed.
Is it Internal Audit’s job to identify fraud?
No. Internal Audit attempts to minimize the risk of fraud by identifying potential deficiencies in controls, which might enable fraud to be perpetuated. This process sometimes results in fraud being identified, in which case an investigation is performed.
Internal Audit is the main point of contact for concerns regarding fiscal misconduct (such as fraud), as outlined in the University Fiscal Misconduct Policy. Reports of fiscal misconduct can be made anonymously on the Internal Audit website at Reporting Fiscal Misconduct.
How long must my office retain records?
For guidance on maintaining records, please refer to the University Records Retention policy.
Where can I find university policies?
Policies are maintained on the university’s policy website.The website is located at UM Policies.