1. Who are internal auditors?
As defined by the Institute of Internal Auditors (IIA), "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Internal Audit' roles at Queen’s are to monitor, assess, and analyze the University’s risks and controls; and to review and confirm information and compliance with policies, procedures, and laws. Working in partnership with management, Internal Audit provides the Board of Trustees, the Audit and Risk Committee, and executive management of the University reasonable assurance that risks are adequately mitigated and that the University's governance process is effective. Recommendations for improvement to processes, policies, and procedures are provided by Internal Audit where needed.
2. Why does Queen’s have an internal audit function?
The Internal Audit Department assist the University administration and the Audit and Risk Committee of the Board of Trustees in effectively fulfilling their responsibilities. We are charged with examining and evaluating the policies, procedures, and systems that are in place at the University to ensure: the reliability and integrity of information; compliance with policies, plans, laws, and regulations; the safeguarding of assets; and, the economical and efficient use of resources.
3. Where does the audit function fit in the organization?
The Internal Audit Department reports functionally to the Chair of the Audit and Risk Committee of the Board of Trustees and administratively to the Vice-Principal (Finance & Administration).
4. Why was my unit chosen to be audited?
Audits are selected through a risk assessment process. Internal Audit develops an annual audit plan that outlines the areas within the University where Internal Audit will be focusing its efforts for the upcoming year. The Plan is risk-based and is designed to support the allocation of audit resources to those areas that represent the most significant priorities for the University.
5. What should I expect during the audit?
There are four phases to an audit at Queen's University:
6. What is internal control and why is it important?
Internal control is a process in which all University employees participate. It is designed to provide reasonable assurance to unit management that:
Internal control is intended to:
7. What are Some Examples of Internal Controls?
Examples of common internal controls include:
8. What if something isn't handled correctly?
Internal Audit works closely with management to provide recommendations for improvement. It is the responsibility of management to assess the cost/benefits of implementing our recommendations relative to the risks involved and determine whether the residual risk is acceptable to the University.
9. Can a department request an audit?
Yes. We consider requests for audit and to provide advisory services. Our ability to perform the audit or advisory service will be dependent the availability of our staffing resources, the risk level of the areas in question, our progress on our annual plan and other deadlines. If you are concerned about an area in your department, we can work with you to determine the most appropriate course of actions to address the risks.
10. Does the Board of Trustees see what is in the audit reports?
The Full Report containing detailed findings, recommendations and action plans and the Summary Report is issued to the Chair of the Audit and Risk Committee and the Summary Report, which highlights only the significant findings from the audit/review and the general management response, is issued to the Audit and Risk Committee.
Each type of auditor has a different scope, perspective and objectives.