With the exception of audits that require no prior notification to be effective, such as cash counts, the units are contacted shortly before the start of any audit. An entrance conference is held to discuss the audit and address any concerns management may have.
Audits may last from several days to several months and will vary in length depending on an area's size, complexity, availability of resources, and the specific audit objectives. Not all the time devoted to the audit will be evident to you because of the amount of preparation, analysis, and related work needed to document the effort. The auditor assigned to your unit will give you an estimate of the time needed to complete the audit at the entrance conference.
Yes, while Internal Audit's mission is principally accomplished through formal audits, there is no need for you to rely solely on audits to utilize the resources of our department. Internal Audit acts as an in-house consultant on internal control matters, and will be happy to provide you with information and suggestions on controls in specific areas.
Auditors are not specifically searching for the existence of fraud when performing audits. We are more concerned with ensuring that adequate systems of internal control exist to reduce the risk of fraud. In situations where internal controls are weak, our testing is designed to determine if indications of fraud exist.
If you suspect fraud or other questionable acts in your department you are required to report it. Do not try to question anyone or otherwise investigate the matter yourself.
Internal controls encompass a unit's entire set of methods and procedures that are used in the day-to-day activities of the unit. These methods and procedures safeguard the unit's assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed policies. Effective internal control systems are designed to ensure that resource use is consistent with laws, regulations, and policies, and that resources are safeguarded against waste, loss, and misuse.
The Institute of Internal Auditors suggests that an external review be performed of Internal Audit Department operations at least once every five years. These reviews must be performed by qualified individuals who are independent of the University, usually an independent public accounting firm. The Office of the New York State Comptroller will also periodically audit the operations of the State's Internal Audit units. These audits cover compliance with professional standards, independence and objectivity, audit coverage and documentation, and staff training.
In addition to this external review, the University's Internal Audit Department periodically completes a formal self-evaluation of its operations using a program developed by the Institute of Internal Auditors. As part of this self-evaluation program, we may ask individuals who have recently been audited to comment on Internal Audit's performance during the process. This feedback has been very beneficial to us, and has led to changes in our procedures.
The University is visited by several external auditors during any given year, including independent certified public accounting firms, the Office of the New York State Comptroller, and SUNY System Administration auditors. The University's Internal Audit Department may work with these auditors by arranging interviews with University staff, coordinating access to the records the external auditors may require, and allowing them to review relevant work of our Department. The primary purpose of this is to expedite the external auditors stay at the University.
In addition, one of our objectives is to reduce the risk to the University’s reputation. External auditor reports are a risk because they can end up with newspapers, politicians, and other State and Federal agencies. To help prevent this, our audit plans try to anticipate areas that external auditors will review so that we can look at them first and resolve any problems internally.
Please feel free to call or write at any time.