Why does the university need internal auditors?
Auditors help units achieve their objectives, and in turn help the university achieve its goals. By helping leadership provide the maximum benefits while making the most efficient use of resources, auditors identify areas to increase efficiency and effectiveness of operations and minimize occurrences of fraud, waste, and abuse.
Auditors also serve the UO by protecting it from external and internal threats. This is done by assessing risks, advising on internal controls, investigating instances lacking internal controls, and advising on corrective action plans.
What is the difference between the audit services provided through the Oregon University System and the UO Office of Internal Audit?
The UO Office of Internal Audit is part of the university and works specifically to help the university achieve its mission. Auditors at the UO are dedicated to helping our colleagues by providing assessments specific to UO's needs, and also offer services and trainings to improve manager skill sets.
The internal audits conducted by the OUS were focused on the needs of the system as a whole, rather than of an individual university.
Why are other auditors on campus?
The university hires other firms to conduct audits for the following reasons:
- Organizations cannot audit their own financial statements.
- Organizations that receive federal funds are required to meet audit requirements which can’t be performed in-house.
- NCAA rules require external firms conduct assurance procedures.
- Some types of audits require competencies that internal audit does not have.
The university is also audited by the Secretary of State audit division and inspected by agencies in relation to animal welfare, safety, health, and environment.
What authority does the UO Office of Internal Audit have?
The Internal Audit Charter is approved by the UO Board of Trustees and defines the purpose, authority, and responsibility of the audit function. The charter also establishes its position within the university, authorizes access to records, personnel, and physical properties relevant to the performance of engagements, and defines the scope of work.
In practice, auditors work in collaboration with managers and leadership to develop audit plans and timelines that are then approved by the president and the board. Auditors submit annual progress reports to the president and board about audits, recording management success—and deliquency—in plan implementation.
Why was my department selected for an audit?
Internal audit selects areas of the university to audit based on results of risk assessments, concerns reported through the hotline, or at the request of leadership and management. Employees are encouraged to contact the auditors with any questions, concerns, or feedback.
How should departments respond to an audit's observations and recommendations?
An internal audit is a collaborative process among auditors and management designed find agreement on a plan of action to address identified risks and implement controls. This is an important part of the audit process. Management’s agreement and response are essential to ensuring risks to a unit or department are addressed. Auditors follow up on the corrective action plans developed in collaboration with management in response to the audit, and delinquent implementations are reported annually to the president and board.
Does the department have an opportunity to respond to audit findings?
Yes, an audit observation memo is provided to management after the exit meeting, and management is encouraged to respond and include a corrective action plan and timeline for implementation.
What is a risk assessment?
Formal risk assessments serve as a mechanism for management and the board to share concerns about factors that may prevent the university from meeting its objectives. Auditors gather information that targets high-risk areas, consider internal and external factors, and work with Enterprise Risk Services to collaborate on next steps. The results are used to develop an annual audit plan which is vetted through leadership and approved by the president and the board.
What is an audit announcement letter?
Prior to beginning an audit, the chief auditor prepares an announcement letter informing relevant leadership and management the audit is going to begin.The announcement includes audit staff assignment, expected start date and the purpose of the audit.
What is an entrance meeting?
After the announcement letter is sent, an entrance meeting is scheduled to introduce the audit team to the unit, discuss background, scope, objectives, risks, audit timeline, proposed approach, and other logistics.It is important for management to include key employees who are knowledgeable in the systems and processes being audited. Preparation is usually not necessary.
What is a planning and scoping memo?
Based on preliminary planning and discussions with leadership and management at the entrance meeting, a memo is prepared and issued to the department for feedback and agreement.
What is an exit meeting?
Auditors meet periodically throughout the audit process to keep management informed of progress, challenges, and preliminary observations. At the conclusion of fieldwork, a meeting is conducted to formally document and discuss audit observations and potential recommendations.
What is an audit observation memo?
Auditors provide a memo to management that discusses the observation, criteria of the observation, associated risks, and recommendations. Management is encouraged to respond and include a corrective action plan and timeline for implementation. The information contained within the observation memo is summarized in the final audit report, including management’s response.
What standards do internal auditors follow?
- International Standards for the Professional Practice of Internal Auditing Standards
- Institute of Internal Auditors Code of Ethics
- Generally Accepted Government Auditing Standards
- Committee of Sponsoring Organizations of the Treadway Commission