Frequently Asked Questions
1. Why was my unit chosen to be audited?
University audits are selected through a risk assessment process. Internal Audit communicates with various University stakeholders to identify and prioritize operational, financial and compliance risks to the University. From this process, the audit plan for the year is developed.
2. What should I expect during the audit?
There are four phases to an audit at Queen's University:
- Planning (determining objectives and audit scope);
- Field Work (interviews are conducted and internal controls, systems, policies and procedures are tested for efficiency and adequacy);
- Communication of Results (the results of the audit are presented in draft form for discussion and then finalized to management and the Audit Committee); and
- Follow-Up (conducted within 18 - 24 months to ensure that corrective actions have been taken on any significant issues identified).
3. What is internal control and why is it important?
Internal control is a process in which all University employees participate. It is designed to provide reasonable assurance to unit management that:
- Management data used in decision making and reporting is reliable, accurate, and timely;
- Assets are accounted for and safeguarded from loss;
- Operations are effective and efficient; and
- Compliance with applicable laws and regulations is at an acceptable level.
Internal control is intended to:
- prevent, or lessen the risk of, errors or irregularities;
- identify problems; and
- ensure that corrective action is taken.
ments may occur. For example, CFI records may need to be maintained for five (5) years after the project closes. It is recommended that the department or unit ensure the guidelines of granting agencies have been met before destroying any documents.
4. What is the difference between an internal auditor, an external auditor and a federal or other governmental auditor?
Each type of auditor has a different scope, perspective and objectives.
Internal audit is concerned with anything in the University and is designed to add value and improve the University's operations.
External auditors are independent of the University and are hired to provide an opinion on the information being audited. Federal and other governmental auditors audit the specific grants and awards provided by their respective agencies.
What are Some Examples of Internal Controls?
Examples of common internal controls include:
- Policies and procedures (at the University, campus, and unit level) that are communicated and that establish what should be done, how, and by whom;
- Approvals and authorizations that include a thorough review of supporting information to verify the propriety and validity of transactions;
- Verifications and reconciliations (e.g., review and reconciliation of Banner statements, petty cash verifications, comparison of budgeted to actual amounts);
- Supervision including training, keeping employees informed of new policies and procedures, and performance reviews;
- Safeguarding of assets (including passwords and other restricted information) against theft, destruction, deterioration, or misuse (for example by locking your office, depositing cash receipts timely, and limiting access to procurement cards); and
- Segregation of duties (dividing authorization, custody, and record keeping duties among different people so that someone can't both perpetrate and conceal an error or irregularity).