FAQs

 

These pages have been prepared as an aid to management, and aim to increase institutional staff’s understanding and awareness of the Internal Audit function. For simplicity, a question and answer format has been used, based on frequently asked questions.

 

Clearly, the list is not exhaustive. Should you require further clarification, please contact your line manager or a member of the Senior Management Team who will either be able to answer your questions or pass them on to the Internal Auditors.

What is Internal Audit?

 

Internal Audit is a service to management and the governing body via the Audit Committee, and supports the achievement of the institution’s strategic objectives. It evaluates the effectiveness of the systems and procedures within the institution and provides assurance that the institution is adequately protected against risk via the use of controls or other risk mitigation techniques. Internal Audit also provides assurance that processes are operating in an orderly and efficient manner.

 

HEFCE requires Internal Audit to be carried out, and has published a Code of Practice that we are required to follow (“Accountability and Audit: HEFCE Code of Practice”).

 

Does Internal Audit have responsibility for risk and control?

 

No, management and the governing body have responsibility for ensuring that all risks have been identified and that there are adequate controls over all activities and processes. Internal Audit is part of the management control system and is responsible for reviewing and assessing the adequacy of controls, providing an Audit Opinion, and recommending improvements where necessary.

 

What is the difference between Internal and External Audit?

 

External Audit is a statutory requirement which checks that the institution’s financial statements present a true and fair view of the financial position at the year end. The Internal Auditor's report to a nominated member of the Senior Management Team (usually the University Secretary, the Registrar and Secretary, or the Director of Finance) and the Audit Committee on the control systems used within the institution. Internal Audit should have a more detailed knowledge of systems and control than is required for External Audit.

 

So what is the scope of Internal Audit work?

 

The main purpose of Internal Audit is to provide a continuous review of the institution’s internal control system over all activities including operations, resources, staff, services and responsibilities for other bodies. The scope of Internal Audit work covers all activities and processes within the organisation and those outlined in any sector specific directives, e.g. GIAM, HEFCE Code of Practice, etc. This includes:

• Reviews of systems of internal control aimed at providing assurances that:
  • Controls in place are operating and effective.
  • The assets of the institution are adequately safeguarded.
  • Policies and procedures are adhered to.
  • The institution operates in an orderly and efficient manner.
• Value for Money reviews.
• IT assurance.
• Data quality and management reviews.
• Audits of capital projects.
• Special investigations, including response to instances of “whistle-blowing.”

• KCG Internal Audit also offers the following aids to management:
  • Advice on new systems procurement.
  • Assistance in preparing and developing business cases.
  • Facilitation of risk management and control risk self assessment exercises.
  • Advice on the prevention and detection of fraud/corruption.

Why is my area being audited?

 

Our Operational Internal Audit Plan is agreed by the institutional Audit Committee every year. We identify all potential audit areas through an analysis of the risks faced by the institution and through observation and discussions with management. Potential audit areas are then prioritised, having regard to the level of risks associated with the activities/processes, audit resource availability, desired frequency of reviews, results of previous audits and the views of management. In addition, we will usually be required to satisfy a minimum level of audit coverage, agreed with the Audit Committee or stakeholders.

 

As part of the audit planning process, we will contact your department or school to notify you about the audit and to agree an appropriate time for the audit to take place.

 

What are the key stages in carrying out an audit assignment?

 

There are four key stages in a typical internal audit assignment:

• Planning
• Fieldwork
• Reporting
• Follow-up

 

Will I be involved in the audit process?

 

Yes, if your work area is subject to an Internal Audit review, you and your staff will be very much involved in the process. The key stages of involvement are in the planning phase, describing systems of control to the auditors, discussion and agreement of the audit report and in the report sign-off. We adopt a participative style of auditing. Our aim is to utilise and combine your knowledge with our audit skills and knowledge of other similar institutions to produce a practical report that adds value to your area.

 

Won’t this take up a lot of my time?

 

The Internal Audit team will require the time of you and your staff to varying degrees at different stages of the review. We do, however, appreciate that there will be certain key deadlines for your area and we will attempt to minimise disruption to your normal routine.

 

Does anyone review the work of the Internal Audit function?

 

Quality control is incorporated into Internal Audit work. This is achieved via a rigorous review of all files and reports by the Head of Internal Audit. In addition, the external auditors have access to our files and reports and are able to express an audit opinion for management on the Internal Audit function. We are also audited by HEFCE.

 

How will Internal Audit ensure that their work is not duplicated by the external auditors?

 

We maintain ongoing relationships with the external auditors both to discuss our annual plans with them and to review their plans. This exchange of information aims to ensure our efforts are co-ordinated and so avoid duplication.

 

How does Internal Audit maintain awareness of business developments?

 

Communication and liaison with institutional business managers are the key methods adopted, as well as a review of minutes (where appropriate) and keeping abreast of sector and national issues.

 

Can I ask Internal Audit for assistance?

 

Yes. Wherever resources permit, Internal Audit are happy to advise on the institution’s rules and procedures or on implementing new systems. Wherever possible, we aim to work in partnership to improve systems for the benefit of the institution. If you need to contact someone in Internal Audit [click here to be taken to our staff contact page].