- What is the authority of Internal Audit?
- Is the Internal Auditor a Nicholls State University employee?
- Who does the Office of Internal Audit report to?
- Why was I selected to be audited?
- Can I request an audit?
- What should I expect when an audit is scheduled for my unit?
- How long will an audit take?
- How will the findings be reported?
- What are the different types of audits or engagements?
- Whom should I contact if I have any questions?
What is the authority of Internal Audit?
The Internal Audit Department has been authorized to have unrestricted access to all Nicholls State University records, property and personnel. The Internal Audit Charter defines the purpose, authority and responsibilities of the office. The Internal Audit staff will make every effort to ensure that the security of assets and privacy of records are not compromised and services are not unnecessarily disrupted.
Is the Internal Auditor a Nicholls State University employee?
Yes, All of the Internal Audit staff are Nicholls State Unviersity employees.
Who does the Office of Internal Audit report to?
The Director of Internal Audit at the Nicholls State University reports administratively to the University President and functionally through the University of Louisiana System Director of Internal and External Audits to the Audit Committee of the Board of Supervisors. This reporting structure provides the office operates independently and has no direct authority over those departments reviewed.
Why was I selected to be audited?
If you are like many directors or department heads, you may not have requested an internal audit. The University conducts a regular, ongoing examination of its internal controls; and, as part of this process, the Office of Internal Audit conducts numerous audits annually. Regular audit reviews for many units are scheduled on a rotating cycle and are based on the overall risk associated with the unit. A small percentage of internal audits are initiated to investigate possible irregularities.
Can I request an audit?
Yes, an audit can produce many benefits, and timing can be an important factor. If you have recently assumed new or additional supervisory responsibilities, an audit can review administrative procedures to assess whether internal controls in that unit are adequate. It is also beneficial to assess system controls and modified office procedures when new computer systems are being installed.
A periodic “checkup” to review your unit’s administrative activity can help ensure that your procedures continue to comply with University policy. An audit is an opportunity to receive an independent appraisal of the effectiveness and efficiency of your unit’s administrative activities.
Anyone within the University community can request an audit. You should coordinate the request with your Dean or supervisor who should subsequently inform the appropriate Vice President. If you suspect someone is involved in something illegal, you may notify us directly. At your request, we will make every effort to maintain confidentiality.
What should I expect when an audit is scheduled for my unit?
The Office of Internal Audit will contact you to schedule a meeting to discuss the scope of the review and the logistics of conducting the audit. At this initial meeting, you should take the opportunity to discuss any concerns or questions you may have about the audit, and to determine how you can facilitate the review process. A typical audit has several stages, including preliminary research, data collection and analysis, review, preparation and distribution of a report, and follow-up.
How long will an audit take?
Audits can last from several days to several months. The auditor will give you a reasonable estimate of the time needed to complete the audit.
How will the audit findings be reported?
You and your staff will be kept apprised of the auditor’s findings throughout the course of the audit. At the conclusion of the audit, you will be able to review a draft of the report before the final version is issued. Except for special reports requested by a government agency, all audit information is treated as confidential and reported only to those within the institution who need to know.
Final audit reports are distributed to the University of Louisiana System Audit Committee, President, Provost, Vice Presidents, the Dean or your supervisor, and you. In addition, the State Legislative Auditor has access to all regular audit reports.
What are the different types of audits or engagements?
FINANCIAL AUDITS address questions of accounting and reporting of financial transactions, including authorizations, and cash receipts, cash disbursements, and commitments to purchase. The purpose is to verify that there are sufficient controls over cash and cash-like assets and that there are adequate process controls over the acquisition and use of resources.
COMPLIANCE AUDITS determine the degree of a unit’s adherence to laws, rules, regulations, policies, and procedures. Examples of external requirements include Federal and State laws, NCAA regulations, and Federal and State OSHA regulations. Recommendations often call for improvements in processes and controls intended to ensure compliance with regulations.
INFORMATION SYSTEM (IS) AUDITS address the internal control environment of automated information processing systems and how people use those systems. IS audits typically address general controls, focusing on input controls, output controls, processing controls, backup and recovery plans, system security (data & hardware), and computer facility reviews. IS auditing projects can focus on existing systems as well as systems in the development stage.
OPERATIONAL AUDITS, sometimes called program or performance audits, are the most common type of audit. Operational audits examine the use of unit resources to evaluate whether those resources are being used in the most efficient and effective ways to fulfill the unit’s mission and objectives. Operating procedures, document flow, and internal controls are reviewed in detail. An operational audit includes elements of a compliance audit, a financial audit, and an IS audit.
ADMINISTRATIVE INTERNAL CONTROL REVIEWS focus on the departmental level activities that are components of the University’s major business activities. Areas such as payroll and benefits, cash handling, inventory and equipment and their physical security, grants and contracts, and financial reporting are usually subject to review.
INVESTIGATIVE AUDITS are performed when appropriate. These audits focus on alleged civil or criminal violations of State or Federal laws or violations of University policies and procedures that may result in prosecution or disciplinary action. Internal theft, white-collar crime, misuse of University assets, and conflicts of interest are examples of reasons for investigative audits. Typically, Internal Audit works with other parties both internal and external to the University. Usually, the focus of Internal Audit’s review is on internal controls, with the goal of determining whether or not internal controls were comprised.
FOLLOW-UP AUDITS are conducted approximately six months after an internal or external audit report has been issued. They are designed to evaluate corrective action that has been taken on the audit issues reported in the original report. The purpose of a follow-up audit is to revisit a past audit’s recommendations and management’s action plan to determine if corrective actions were taken and are working, or if situations have changed to warrant different actions.
CONSULTING SERVICES are advisory in nature and are generally performed at the specific request of an engagement client. The nature and scope of the consulting engagement are subject to agreement with the engagement client. Consulting services generally involve two parties: (1) the person or group offering the advice – the internal auditor, and (2) the person or group seeking and receiving the advice – the engagement client. When performing consulting services the internal auditor should maintain objectivity and not assume management responsibility.
All of these different types of audits are performed in accordance with the Internal Standards for the Professional Practice of Internal Auditing (IPPF).
Whom should I contact if I have any questions?
Please direct questions to Paulette N. Mayon at 985-448-4053 or email your questions to (firstname.lastname@example.org), Office of Internal Audit.