Frequently Asked Questions
- What is internal auditing?
- Why was my department selected to be audited?
- What is the authority of the internal audit office?
- How long will the audit take?
- Will the audit disrupt my department's everyday activities?
- Why might I request an audit?
- What can I do if I want my office/department audited?
- My department has been audited, and I want to know who has access to the audit report. Is it just the Office of Internal Auditors?
- What are the key factors that distinguish between the internal and external auditing process?
The Institute of Internal Auditors defines internal auditing as, "an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes."
The decision of what areas to be audited is based in part on the audit plan prepared after the chief internal auditor discusses the risk assessment process with the president, vice president for finance and the Audit Committee of the Board of Trustees.The audit may also be performed based on special management requests.
Factors that are considered in selecting units to be audited as part of the annual audit plan include:
- Large dollar amounts or transactions with major impact on University’s operations.
- Areas with weak control environment. Efficiency of controls systems can be measured in a number of ways including considerable rate of errors, weak authorization control, non-existence of either internal controls or written procedures, weak communication processes, weak coordination processes, lack of training inefficiency of reporting processes.
- Changes in regulatory or operating environment.
- Frequent employee turnover or procedures changes.
- Operational Complexity that affects the potential for error or misappropriation to go undetected. It could be characterized by factors including the degree and the extent of automation.
- Negative publicity or legal liability associated with the audit area.
- Number of employees in each area.
The Office of Internal Auditors has been authorized by the president and the Audit Committee of the Board of Trustees to have unrestricted access to all The American University in Cairo's records, property and personnel. The internal audit staff shall make every effort to ensure that security of assets and privacy of records are not compromised and services are not unnecessarily disrupted.
The chief internal auditor reports to the vice president for finance, with direct access at any time to the President and the Audit Committee of the Board of Trustees. The office has no direct responsibility for any day-to-day University activities or operations. The internal audit charter defines the purpose, authority and responsibilities of the office.
Audits can last from several days to several months. The auditor in charge shall give you a reasonable estimate of the time they need to complete the audit. However, sometimes it is impractical to give an estimate of the duration of an audit. This is particularly in cases of special audits and investigations. Because of the need to consider the nature of required evidence and the environment in which the audit or investigation is conducted, accurate time estimates may not be possible.
Like any special project, an audit affects the department's routine to some extent. The University's Office of Internal Auditors shall make every effort to minimize this disruption and cooperate with you to ensure a smooth process.
If, as a director, you suspect fraud or mismanagement or have recently assumed new or supervisory responsibilities and need assurance whether internal controls in your function are adequate, if you want a periodic "check-up" to determine your unit's effectiveness or productivity, or if you want to ensure that your procedures continue to comply with university policy, you should contact the chief internal auditor to discuss your requirements.
You may approach the chief internal auditor to discuss your concerns and objectives. The chief internal auditor will assist you in this process and will determine, based on the level of perceived risk and resource availability, whether the audit should be included in the current or a future audit plan. If circumstances are such that an immediate audit or investigation is required. The chief internal auditor may engage the services of external specialists to carry out these audits with the cost charged to your function.
The audit report will be distributed to you and other concerned administrators whose areas were part of the audit. Summaries of these reports shall be distributed to the members of the audit committee of the Board of Trustees. The president, vice president for finance and the University's external auditor. Depending on the nature of the audit, reports may have wider distribution inside and outside the University.
|With Regard to:||Internal Auditing:||External Auditing:|
|1. Focus||Provides financial, operational, assurance, consultative, governance, computer and fraud related services||Primarily attests to financial statements and internal control|
|2. Management||Reports to executive management administratively. Builds relationships throughout the University to ensure concerns are identified and resolved in a timely manner||Primarily reports to the audit committee on financials and internal control|
|3. Audit Committee||Reports directly to the audit committee. Provides opinions on the university’s business risks, financial statements, system of internal control, and level of compliance with laws, regulations, and policies||Attests to the audit committee the accuracy of the financial reports and attests to management’s assessment of internal controls over financial reporting. Provides updates on pending accounting pronouncements and their potential impact on the organization|
|4. Standards||Follows The IIA’s International Standards for the Professional Practice of Internal Auditing||Is governed by appropriate accounting and audit standards|
|5. Approach||Customizes approaches to best meet individual assignment objectives||Customizes financial audit approaches to best meet individual assignment objectives|
|6. Independence||Demonstrates organizational independence and objectivity in work approach, but is not independent of the University. (Is independent of the activity audited, but is integral to the University)||Is independent of the University|
|7. Results||Identifies problems, makes recommendations, and helps facilitate resolutions||Meets statutory requirements and provides necessary adjustments to meet financial accuracy|
|8. Risk||Identifies and assesses key business risks to estimate probability of occurrence and impact on business. Makes appropriate recommendations as a result of the risk assessment||Identifies key transactions and exposures for financial statements|
|9. Recommendations||Communicates recommendations for corrective action to management in the audit reports||Communicates recommendations for corrective action.|
|10. Follow-up||Follows up to ensure that agreed upon recommendation is timely implemented||Limits follow-up primarily to financial areas.|