University at Buffalo - The State University of New York
Skip to Content
Serving all your human resources, business and financial needs

Policy Information

Date Established: 11/13/2009
Date Last Revised:
Category:

Administration and Governance
Responsible Office:
Associate Vice President and Controller
Responsible Executive:
Vice President for Finance and Administration

Policy Contents

Printing Tip

Be sure to disable the "shrink to fit" feature on your Internet browser's print dialog box.

External Audit Policy

Summary

The University at Buffalo fully cooperates with and assists external auditors and/or investigators. To ensure consistency, the Associate Vice President and Controller must be informed of, and will determine the appropriate coordinator of the activity.

Policy Statement

The University at Buffalo (UB, university) fully cooperates with and assists external auditors whose responsibilities involve examination and confirmation of university transactions.

To help ensure that external audit activity is appropriately coordinated, the Associate Vice President and Controller must be informed of and will determine the coordinator of the external audit activity. This coordination assures an understanding of the objectives and scope of the audit and assists the auditors in achieving legitimate objectives with the least impact on university operations.

On a timely basis, the university will provide external auditors with access to all records that are relevant to the audit, except those deemed by the university to be legally privileged or protected. Availability of records is subject to the State University of New York (SUNY), Research Foundation (RF), or New York State record retention policies, which allow destruction of records within prescribed limits.

Applicability

This policy applies to all audits and reviews performed by external auditors for all university entities (e.g., State operations, RF, UB Foundation, Campus Dining and Shops, clinical practice plans, student organizations, and other related entities).

Definitions

Audit

Independent and objective appraisal to examine or review the fair presentation of financial statements, economy and efficiency of operations, effectiveness of achieving program results, compliance with laws and regulations and/or the detection of fraudulent activities. Audits include reviews, site visits, desk audits, and fraud investigations.

External Audit

Independent and objective appraisal, performed by a non-UB audit entity (including SUNY Internal Audit and RF Internal Audit) of the university’s financial and administrative performance as a custodian of public and private funds.

External Auditor

An auditor not employed by UB; external auditors may represent SUNY, Office of the State Comptroller, RF, federal agencies, certified public accounting firms, legal firms, and grant sponsors.

Responsibility

Associate Vice President and Controller or Designee

  • Monitor all campus external audit activity.
  • Determine an appropriate liaison with external auditors to facilitate cooperation in the performance of their duties and to avoid duplication of effort.
  • Notify UB Internal Audit of all external audits.
  • Review and approve the response to audit reports prior to submission to the external audit entity.
  • Coordinate the distribution of all audit reports.
  • Monitor the implementation status of audit recommendations.

UB Internal Audit Department

  • Assist the Associate Vice President and Controller with:
    • coordinating external audit activity
    • following-up on the implementation of audit recommendations.

Department Heads / Principal Investigators

  • Notify the Associate Vice President and Controller when an external agency wishes to commence an audit, review, site visit, desk audit, fraud investigation, or conduct field work on campus.
  • Coordinate requests for specific information or interviews with employees.
  • Forward all draft and final audit responses to the Associate Vice President and Controller for review.
  • Implement agreed-upon audit recommendations.

University Employees

  • Be courteous, cooperative, and professional when dealing with the auditors.
  • Assist the auditors with specific requests and answer only the questions asked by the auditors.
  • Refrain from providing extraneous, unrequested information. If you are unsure about how certain information may relate to the audit, consult with the Associate Vice President and Controller and a decision will be made on how to proceed.
  • Notify the Associate Vice President and Controller if an auditor’s work appears to be beyond the defined scope of the audit. 

Procedure

Audit Process

Although every audit is unique, the audit process is similar for most engagements and normally consists of the following phases:

  • Notification – Managers will receive a letter or some type of communication informing them of an upcoming audit, review, site visit, desk audit, or fraud investigation and requesting documentation (e.g., organization charts, system documentation, flow charts, financial statements). The Associate Vice President and Controller should be notified immediately upon receipt of such a request.
  • Entrance Conference – The opening meeting includes management and administrative staff involved in the audit and is an opportunity to discuss the scope of the audit, available resources, and other concerns. The Associate Vice President and Controller or a designee may attend the entrance/opening conference to facilitate full communication of audit objectives, schedule, and protocol.
  • Fieldwork – The auditor interviews staff, reviews procedure manuals and business processes, tests compliance, and assesses the adequacy of internal controls.
  • Draft Report – After all fieldwork is completed, the auditor may prepare a draft report that documents objectives, procedures, conclusions, and recommendations.
  • Responses to Audit Reports – The Associate Vice President and Controller reviews and approves all responses to draft and final audit reports prior to submission to the audit agency.
  • Exit Conference – Management and the auditor review and discuss the draft report, provide feedback on implementing recommendations, discuss any other issues related to the audit, and comment on the audit process.
  • Final Audit Report – The Associate Vice President and Controller coordinates the distribution of the final audit report.  
  • Audit Recommendation Follow-up – Every effort should be made to implement recommendations within six months of the issue date of the report. 

Contact Information

Internal Audit
148 Parker Hall
Buffalo, NY  14214
Phone:  716-829-6950

Related Documents

University Documents:

Presidential Approval

Signed by President John B. Simpson

John B. Simpson, President

11/13/2009

Date