The Institute of Internal Auditors (IIA) defines internal auditing as:
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes." - Institute of Internal Auditors
Internal control is a process, effected by an entity’s board of directors, management and other personnel. This process is designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. Internal control consists of five major components: control environment, risk assessment, control activities, information and communication, and monitoring.
Therefore, it is important to note the following:
Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Generally, there are two types of controls: 1) Preventive 2) Detective. Preventative Controls are designed to discourage errors or irregularities from occurring. (Example: Process vouchers only after approvals have been obtained from appropriate personnel.) Detective Controls are designed to find errors or irregularities after they have occurred. (Example: Reconciling Banner Monthly Detail Reports to departmental records).
Audits can produce many benefits and the timing of an audit can be an important factor. Consider the situation where you assume new or additional supervisory responsibilities. An audit can review administrative procedures to determine whether internal controls in your new area are adequate. An audit is also helpful in assessing system controls and changed office procedures for newly installed computer systems or procedures changed as a result of restructuring.
A periodic review of your unit's administrative activity can benefit you. It will help you to be sure that your procedures adhere to university and state policies. An audit may also include an evaluation of the effectiveness and efficiency of your unit's administrative activities.
Anyone within the university can request an audit. You may submit a request for an audit directly to the Office of Audit and Advisory Services. However, it is usually best to coordinate the request with your vice president.
The final audit report is distributed to the Business Affairs & Audit Committee of the Board of Visitors, the president of the university, and the vice president to whom you report. Those within the university who have a need to know also receive the report.