Frequently Asked Questions
How Can We Assist You
The Internal Auditing Department has a mission: "...to assist
all levels of management in their effective discharge of their responsibilities..."
Internal Auditing is a service unit, designed to help and consult
with deans, department heads, senior management, and the Board of
Trustees. When most people think of auditing, its purpose is believed
to be solely "financial." While the financial aspect of
auditing is significant, at Illinois State, it has a broader meaning.
What is an audit?
An audit can be defined as:
A formal or official examination and verification of the activities
of an organizational unit, system, function, or other aspect of
the University's operations which will result in a written report.
It may include a review of:
Economy and efficiency of operations Effectiveness in achieving program results Compliance with laws, regulations, and policies
One of Internal Auditing's primary concerns is to reduce the University's
risk or exposure to a loss. As a result, some audits are mandated.
We also have the capability and desire to help you improve your
operations through non-mandated audits. Internal Auditing can help
you answer such diverse questions as the following:
Are we using our resources productively? Are our computer files secure? How can we find out whether someone is misusing our department's
resources through expenditure control? What controls should we have to ensure that our new departmental
cash control system is sound?
In the following sections, let's examine the specific ways Internal
Auditing can help you.
How We Can Help you Manage More Effectively
As an essential member of Illinois State University management,
you want to be sure that your decisions are supported by accurate
information from reliable systems, whether manual or computerized.
Evaluating internal controls
Internal Auditing can help you to evaluate the effectiveness of
a system's "internal controls" and show you how to improve
them. What are internal controls? They are the processes you and
your staff, as well as Illinois State University's administration,
have developed to assure that your unit is effectively managed.
Internal controls may include rules or procedures. For example,
certain steps must be followed in producing an invoice voucher and
payment. Internal controls may also be informal. For instance, you
may control access to important records by locking them in a file
drawer.
Providing broad experience and technical know-how
Illinois State University's Internal Auditing staff incorporates
broad and diverse experiences. We can propose alternative ways to
approach a problem because we have probably seen similar situations.
With your help, we can differentiate between good and poor records,
effective and inadequate controls, and workable and untenable solutions.
Thus, we can help you identify strengths and weaknesses, and we
strive to make practical recommendations, many of which can save
you time and money, on a variety of matters ranging from accounting
to microcomputer security techniques. We can help you understand
the maze of technical information and help you find the right procedures
for your organizational unit.
Assisting in system development
Internal Auditing can help you when planning new manual or computerized
systems. We can detail the specific internal control specifications
that must be incorporated. By including Internal Auditing, you can
help to prevent common startup problems, to ensure the system will
meet your established goals, and to provide assurance that the system
will adhere to various Federal, State, or University Laws, Policies,
or Procedures.
Providing business perspective
The Internal Auditing staff has a broad University business background
that can be helpful in improving operations. For example, if you
are a new department chair, we can help you define the information
you need to make key decisions. We consult regularly with senior
management on a broad range of issues affecting administrative and
financial systems. This experience gives us a larger perspective
than any one department may possess on its own.
Serving as a resource clearinghouse
Internal Auditing understands Illinois State University's resources
and recognizes how they can be helpful to you. For example, if your
department is implementing a new computer system, we may be able
to refer you to someone in another department where similar systems
are working successfully. Using that department's experience can
help you avoid pitfalls and make progress more quickly.
Once we understand your mission and objectives, we can help you
identify the relevant information you need from the University's
central administrative systems.
Internal auditing: Orientated toward the future
Illinois State University's internal auditing professionals play
many roles: auditor, consultant, accountant, advisor, systems analyst,
student, listener, teacher, network coordinator, and administrator.
In these roles, all of our activities are directed toward helping
you, our clients, achieve your goals. Our focus is on the future.
Although we look at how you have done things in the past and how
you are doing things today, we use this information to help you
make enhancements, so you can manage even more effectively.
We understand that you may have concerns about working with us.
The word "auditor" sometimes conjures up unwarranted fears
in people's minds. However, most clients discover that we welcome
client participation in the audit process and we are more interested
in helping a department operate better in the future than we are
in investigating past mistakes.
The audit process is most effective when you, our client, are actively
involved in helping us understand the goals you want to achieve
to succeed.
How We Work With You During The Audit Process
The most successful audit projects are those in which the client
and our auditors have a constructive working relationship. Our objective
is to have your continuing involvement as well as constant communication
at every stage, so that you, our client, understand what we are
doing and why we are doing it.
Every audit project is unique. However, the processes that every
auditor uses are similar. In most audits, the process consists of
four stages: Planning, Field Work, Audit Report, and Follow-up.
Planning
To illustrate the audit planning process, we will use the operational
audit, the one we perform most frequently. In an operational audit,
the auditors are evaluating whether the client's resources are appropriate
for its mission and objectives, and whether those resources are
being used efficiently and effectively. During the planning process
we seek to determine:
The goals of the unit or system being reviewed The objective of the audit The approach the auditor will use to meet these objectives
The planning stage begins with an entrance conference and a preliminary
survey.
Entrance conference
Before any work begins, the client needs to describe to the auditor
the unit or system to be reviewed, the organization, and the available
resources, including personnel, facilities, equipment, funds, and
other relevant information.
It is important that the client identify, at this initial meeting,
issues that should be addressed or areas of special concern.
Preliminary survey
In the survey phase, the auditors gather relevant information about
the unit in order to obtain an overview. They interview people involved
in the unit and review reports, files, and other sources of information.
As in any special project, an audit results in a certain amount
of time being diverted from your unit's usual activities. One of
our key objectives is to minimize this time and to avoid disruption
in your ongoing activities. We try to avoid interfering with your
busy periods and need your assistance in setting up proper meeting
times.
Field work
Field work begins with systems analysis, followed by transaction
testing, and includes continuing advice and informal communications.
The field work stage ends with the exit conference, an important
meeting for both the client and the auditor.
Systems analysis
An operational auditor works primarily in systems analysis. The
auditor reviews the system's documentation and capabilities, a process
which may be very time-consuming; in many audits, systems analysis
takes 50% or more of the field work time. In systems analysis, the
auditor uses a variety of tools and techniques, including flow charts,
interviews, data gathering and analysis, and techniques for documenting
findings.
Transaction testing
After completing the systems analysis, the auditor tests important
controls. Only the critical aspects--for example, authorization
or documentation--are tested. The purpose of testing is to determine
if:
Advice and informal communications
As field work progresses, the auditor discusses any significant
findings with the client. Usually these communications are oral.
However, in more complex situations, memos are written in order
to ensure full understanding by the client and avoid mistakes by
the auditor.
In particular cases, we may also provide drafts of proposed forms
or modifications to forms, financial data or other statistics, or
drafts of findings and recommendations that later may be incorporated
into the formal audit report. These are all considered informal
communications between the auditor and the client. Their purpose
is to promote constructive communication and avoid misunderstandings.
Our goal: no surprises.
Exit conference
At the conclusion of field work, we meet with your unit's management
team to discuss proposed findings and recommendations. For larger,
complex projects, this exit conference may be held in two stages;
the first meeting provides time for extended discussion of findings;
and recommendations are the focus of a second meeting.
For most audits, the exit conference is held after the development
of the formal draft report. In these cases, the exit conference
may be used to discuss the text of the draft in addition to the
findings and recommendations.
Audit reports
A principal product of an audit project is the final report in
which recommendations for improvement are made and the client's
plans for implementation are described. To facilitate communications
and to ensure that recommendations presented in the final report
are practical, Internal Auditing prepares the formal draft.
Formal draft report
At the exit conference, the auditor presents a formal draft report.
Unless any major revisions occur from the exit conference, the draft
report will be distributed to line management. Accompanying the
draft, a memorandum will request the client's written response within
a specified time (usually 10 business days).
Final report
After the client responds to the formal draft, a final report is
issued by Internal Auditing. It includes:
The formal draft Client management's written responses, if any, regarding the
findings and management's plans for implementing the recommendations
or otherwise dealing with a particular recommendation Any additional comments considered necessary by the Director
of Internal Auditing
The package is then distributed, confidentially, to all interested
parties, including the University President and appropriate members
of University management.
Audit follow-up
The specified response date usually will not be sufficient time
for management to implement any recommendations. In this situation,
the client should explain when implementation will be accomplished
with a timetable of important milestones, in the written response
made on the formal draft. At a later date, Internal Auditing will
follow-up with client management to ascertain what improvements
have been made. Our clients report that these improvements represent
one of the most significant benefits they obtain in working with
Internal Auditing.
The audit process: A collaborative effort
As we have pointed out, during each stage in the audit process--planning,
field work, audit report, and follow-up--clients have the opportunity
to participate. There is no doubt that the process works best when
your unit's management and Internal Auditing have a solid working
relationship based on clear and continuing communication.
Many clients extend this working relationship beyond the particular
audit. Once we have worked with you on a project, we have an understanding
of your unit's unique operations. As a result, we can provide advise
about the feasibility of future changes or modifications to your
operations.
How We Schedule your Audit
Internal Auditing's scheduling process begins with requests for
audit services. Requests, or suggestions, may come from several
sources. One obvious source is our own Internal Auditing management
group. Our in-depth knowledge of the University gives us a unique
perspective on the types of projects in which we can reduce the
University's risk. Hence some of our projects originate in our own
group or as a result of the annual University external audit, which
is conducted by an outside firm of certified public accountants.
University and departmental management represent other sources
of requests. Members of senior management regularly call on Internal
Auditing for assistance. Since our objective is to serve all levels
of University management, we also give full consideration to departmental
requests in our planning process. If your unit has a request, contact
the Director of Internal Auditing as soon as you identify a need
for our assistance.
Several factors influence the selection and scheduling of projects:
The degree of risk or exposure to loss Type of audit Current and planned work in other major audit projects requiring
substantial time commitments of Internal Auditing staff The availability of staff in client units selected for review The availability of Internal Auditing staff with the appropriate
skills
In view of staff and time limitations, all requests for audits
cannot be honored.
Risk Assessment
To direct the efforts of our auditors to the most productive projects,
we use a technique to identify projects or activities that represent
considerable risk or exposure to loss. The results of risk assessments
conducted by Internal Auditing are discussed with senior management.
Projects considered to be high-risk receive priority in Internal
Auditing's annual audit plan.
Types of Audits
An audit project usually can be classified into one of five categories:
Most of our audit projects are operational or EDP audits. Some
overlap does exist between audit types. For example, an operational
audit usually includes some elements of compliance, EDP, and financial
audits.
The investigative audit deserves special mention. Some people believe
that Internal Auditing's primary function is to uncover employee
fraud or theft. Obviously this is one aspect of our work, but we
hope that the information at this site shows that our responsibilities
are much broader than the detection of irregularities, and that
a service orientation pervades our working relationships.
In case of suspected financial irregularities, misuse of systems,
or other complex situations, the Internal Auditing Department does
conduct a specialized audit, tailored to the circumstances. When
investigative audits are emergency situations, they will receive
priority in scheduling.
|
