1. What is risk management?
Essentially, risk management is the process of identifying and analyzing risk exposure and determining how to best handle the University's risks.
2. Who manages risk at the University?
Most departments or units are responsible for managing certain risk areas. For example, Environmental Health and Safety consults on environmental risks. However, everyone at Queen's University is a risk manager, to a certain extent, based on what we deal with in our everyday responsibilities.
What you do in your job can either create or mitigate risk.
3. Why was my unit chosen to be audited?
University audits are selected through a risk assessment process. Internal Audit communicates with various University stakeholders to identify and prioritize operational, financial and compliance risks to the University. From this process, the audit plan for the year is developed.
4. What should I expect during the audit?
There are four phases to an audit at Queen's University:
5. What is internal control and why is it important?
Internal control is a process in which all University employees participate. It is designed to provide reasonable assurance to unit management that:
Internal control is intended to:
6. How long should I keep accounting records on file?
The general answer is seven (7) years in accordance with Canada Revenue Agency (CRA) requirements. More specifically, the answer may vary.
In general, the University must retain documentation that supports all transactions. In most cases, the documents are retained by Financial Services and there is no need for individual units or departments to duplicate this retention. However, most departments and units like to keep at least one year of documentation to aid in budget planning and other events.
Expectations to this policy to meet granting agency requirements may occur. For example, CFI records may need to be maintained for five (5) years after the project closes. It is recommended that the department or unit ensure the guidelines of granting agencies have been met before destroying any documents.
7. What is the difference between an internal auditor, an external auditor and a federal or other governmental auditor?
Each type of auditor has a different scope, perspective and objectives.
Internal audit is concerned with anything in the University and is designed to add value and improve the University's operations.
External auditors are independent of the University and are hired to provide an opinion on the information being audited. Federal and other governmental auditors audit the specific grants and awards provided by their respective agencies.
8. What are Some Examples of Internal Controls?
Examples of common internal controls include: