Home
> FAQs (Frequently Asked Questions)
FAQs (Frequently Asked Questions)
1. What is Internal Audit?
Internal Auditing is defined as an independent, objective, assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
2. What management responsibilities does Internal Audit have?
None. Internal Audit is independent of management to provide independence from activities that it audits.
3. Why is it important for Internal Audit to be independent?
This ensures that Internal Audit is impartial in the work that it carries out. It has no vested interests.
4. Is it Internal Audit’s job to identify fraud?
No. Internal Audit attempts to minimize the risk of fraud by identifying potential weaknesses in control, which might enable fraud to be perpetuated. This work sometimes results in fraud being detected and reported in which case a full investigation will be carried out. However, Internal Audit Services is the main point of contact for concerns regarding fraud or financial non-compliance as outlined in the Fraud Policy - Reporting & Response to Incidents of Fraud or Irregularity.
5. How does Internal Audit decide what work to do?
Audit projects are selected based on a formal risk-based planning process aligned with the University’s enterprise-wide risk management process. An assessment is performed to identify the areas/systems/processes within the University have higher relative inherent risk to the achievement of institutional objectives. This is a consultative process and opinions are sought from senior administrators and others in the University. The Board Audit Committee approves the projects. The process is designed to ensure audit resources are allocated to areas where a review would benefit the University.
6. Can I request an audit?
Internal Audit will endeavour to meet requests made for ad hoc audits. However, before undertaking an additional audit, commitments already made in the risk based audit plan must be considered. IAS will also evaluate whether the internal audit team has the ability to perform the work. Considerations will include: the knowledge, skills and disciplines of auditors; expected resource commitments; and the risk of activities to the University (Internal Audit focuses resources on the areas of greatest risk). Requests for internal audit services are normally made through the Vice President, Dean, Director, Chair, or other senior administrator. Notwithstanding, requests for investigations pursuant to the Fraud Policy are accepted for consideration from all members of the University community as outlined in the policy and the related procedures.
7. Are auditors only interested in increasing controls?
No, all controls cost money and the cost of achieving control must be balanced against the impact if things go wrong and the likelihood of that happening. Internal Audit will identify and report unnecessary or uneconomic controls as part of its review and may suggest alternatives if appropriate.
8. Does Internal Audit assess the ability of managers?
No. Internal Audit reviews processes not people.
9. Who is responsible for deciding what action is taken on audit reports?
Normally, the senior manager to whom the report is directed decides the most appropriate action to take with respect to recommendations. Internal Audit will facilitate the process if requested. However, if Internal Audit believes the University remains overly exposed to risk as a result of the actions proposed/taken, and agreement cannot be reached on the issue, it is referred to the Board Audit Committee.
10. What is External Audit?
The external auditor, the Auditor General of Alberta, or his agent, verify the financial information provided to stakeholders. The primary focus of the annual external audit is the accuracy of the University’s financial statements. The Auditor General also carries out “systems” audits of programs and activities to improve the efficiency, effectiveness, and performance reporting in the public sector.
11. Do Internal Audit and External Audit work together?
Generally the auditors do not work on projects together, as their responsibilities and approaches are different. However, Internal Audit Services works closely with the Office of the Auditor General. Both offices have an interest in knowing what auditing activity is underway within the University to help ensure that efforts are not duplicated.
12. An external agency wishes to audit my unit, what should I do?
Inform Financial Services, the Research Services Office or other relevant department dependent on the audit activity. If you require assistance, contact Internal Audit, we can help in this.The University Auditor should be informed of audit activity as we try to ensure proper coverage and minimize duplication of efforts.