Internal Audit
Frequently Asked Questions
What is internal auditing?
The Institute of Internal Auditors defines internal auditing in this way: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Who audits the internal audit department?
The Legislative Auditors audit the Office of Internal Audit. They review the internal audit reports and workpapers as part of their standard audit of the University.
Also, the Office of Internal Audit follows the Institute of Internal Auditors Standard 1300 – Quality Assurance and Improvement Program. “The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. The program should be designed to help the internal auditing activity add value and improve the organization’s operations and to provide assurance that the internal audit activity is in conformity with the Standards and the Code of Ethics.”
What does a typical internal audit include?
See the process by clicking here.
What is internal control?
In the broadest possible sense, internal controls are the methods and procedures used to provide reasonable assurance that the University’s objectives and goals will be met efficiently and economically. More specifically, an overall system of internal control is an integrated collection of control systems used by the University. It is all the methods and measures adopted to accomplish the five major objectives of a system of internal controls. These objectives are to ensure:
- the reliability and integrity of information;
- compliance with policies, procedures, plans, laws, and regulations;
- the safeguarding of assets;
- the economical and efficient use of resources; and
- the accomplishment of established objectives and goals.
However, internal controls are usually broken down into accounting controls and administrative controls. Accounting controls refer to the actual policies and procedures which must be followed. Administrative controls comprise the plan of the institution and the methods that are concerned with operational efficiency and adherence to management policies and applicable laws.
Internal controls are also either detective, corrective, or preventive by nature. Detective controls are designed to detect errors or irregularities that may have occurred. Corrective controls are designed to correct errors or irregularities that have been detected. Preventive controls, on the other hand, are designed to keep errors and irregularities from occurring in the first place.
Who is responsible for internal controls?
Evaluating internal controls is one of the Office of Internal Audit’s primary responsibilities. However, everyone plays a part in the internal control system. It is management’s responsibility to ensure that controls are in place. Every employee has some responsibility for making this internal control system function. Therefore, all Tech employees need to be aware of the concept and purpose of internal controls.
What about independence and objectivity?
Independence and objectivity are essential to the effectiveness of internal auditing. Audits are performed using impartial and unbiased judgments. Internal auditors maintain an objective mental attitude when performing audits. We are highly conscious that independence is vital to preserve the standards of the profession. Accordingly, Internal Audit does not make University operating or financial decisions.