Financial and Operational Audits
From Appalachian State University Policy Manual
- 1 Introduction
- 2 Scope
- 3 Definitions
- 4 Policy and Procedure Statements
- 5 Additional References
- 6 Authority
- 7 Contact Information
- 8 Original Effective Date
- 9 Revision Dates
1.1 The Office of Internal Audits serves as an independent control and appraisal activity. A primary mission of the office is the review and evaluation of all institutional operations of the University. This includes an evaluation of internal control with recommendations for improvements of controls. Also included is audit coverage through Information Systems audits of computer applications and administrative systems.
1.2 In accomplishing the mission of the office, the Chief Audit Officer is authorized full, free and unrestricted access to all University functions, property, personnel and records maintained by all units of the University. Such access shall be with or without prior notice to or specific approval by any level of management, depending on the nature and sensitivity of the audit. The Chief Audit Officer will exercise appropriate professional judgment in the use of this authority.
1.3 The Chief Audit Officer reports administratively to the Chancellor of the University and functionally to the Board of Trustees of the Audit Committee. This reporting relationship ensures the independence of the office, promotes comprehensive audit coverage, and assures adequate consideration of audit recommendations. The Office of Internal Audits serves as a constructive link between the Office of the Chancellor and all operational and administrative levels of the University.
1.4 The Chief Audit Officer determines the audit coverage and schedule based on the risk analysis of the operational areas of the University and available personnel to perform the audits. He may also receive advice and counsel from the North Carolina State Auditor as to areas that should be reviewed before the annual State audit. As the need arises, the Chief Audit Officer may adjust the schedule in order to perform special audits/reviews as requested by senior administrators of the University.
2.1 This policy applies to all departments and offices of Appalachian State University.
3.1 Financial Audits/Reviews
- A financial audit is a review intended to serve as a basis for expressing an opinion regarding the fairness, consistency, and conformity of financial information with generally accepted accounting principles. Financial audits can be full or limited in scope, depending on the objectives. Financial audits that are limited in scope are normally performed by the Office of Internal Audits. These audits can include a transaction cycle review of administrative systems such as purchasing, payroll, and payables or a special examination of the financial activities of a decentralized University department.
- The North Carolina Office of the State Auditor normally performs the University’s financial audit. The NC Office of the State Auditors performs a full scope financial audit which consists of a review of the financial statements of an entity of sufficient extent to express an opinion on those statements. Such an audit is conducted in accordance with auditing standards generally accepted in the United States of America and the standards applicable to financial audits contained in Government Auditing Standards, issued by the Comptroller General of the United States. Also, other external accounting firms perform Foundation audits and other associated entity audits.
3.2 Performance/Operational Audits and/or Reviews
- Performance/operational audits or reviews have a direct relationship to the University departmental operations and activities. These audits/reviews assess risks and evaluate internal controls of operational systems for departments, units, and functions of the University. Operational audit objectives include determining whether operations are functioning efficiently, effectively, and in accordance with management’s intent. The operational audit evaluates the use of resources available to the department, unit or function to determine if management’s objectives and goals are being met in the most effective and efficient manner. Some areas of operational audits include: organizational structure, asset management and security, staffing, and productivity.
3.3 Compliance Audits
- A compliance audit measures the compliance of the client with Federal and State laws and regulations, and/or University policies, such as Travel guidelines or Procurement Card (P-Card) purchasing policies.
3.4 Audits/Reviews of Internal Controls
- Audits and reviews of internal control systems and processes include assessments and testing of 1) UNC FIT required reporting (ex. Departmental Budget Reconciliations); 2) Campus-wide Fixed Assets; 3) Travel Disbursements; 4) Procurement Card – Data Analysis and Departmental Activity; and 5) Foundation Expenditure review.
3.5 Special Investigations
- These audits include investigations of internal and external hotline reports as well as any similar types of investigations, regardless of the source. They are often requested by management and focus on alleged, irregular conduct. Reasons for investigative audits include: internal theft, misuse of State property, and/or conflicts of interest.
4 Policy and Procedure Statements
4.1 Internal Audit Standards
4.1.1 The Office of Internal Audits adheres to the Standards for the Professional Practice of Internal Auditing of The Institute of Internal Auditors. The Standards are mandatory requirements consisting of:
- Statements of basic requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance, which are internationally applicable at organi-zational and individual levels.
- Interpretations, which clarify terms or concepts within the Statements.
4.2 Requesting an Audit
4.2.1 The Chief Audit Officer maintains a schedule of audits to be performed during the fiscal year. The schedule is developed by the Chief Audit Officer, discussed and approved by the Audit Committee, and is based on risk analysis.
4.2.2 As the need arises, the Chief Audit Officer may adjust the schedule in order to perform special audits and reviews of other operational areas as requested by senior administrators of the University. Occasional special investigations of a confidential nature are also done at the request of appropriate senior administrators, management, or the North Carolina Office of State Auditor.
4.2.3 A request for an internal audit or a review of a University activity is made by memorandum and addressed to the Chief Audit Officer. The request should state the particular coverage desired and any pertinent related facts. The request will be followed up by an individual conference with all parties concerned with the request.
4.3 Audit Report
4.3.1 The principal product of an audit is the final report in which the auditor expresses an opinion, presents the audit findings, and discusses recommendations for improvement. To facilitate communication and ensure that the recommendations presented in the final report are practical, the auditor should discuss the rough draft with the department under review prior to issuing the final report.
4.4 Reply to Audit Report
To ensure that consistent practices and procedures are followed regarding the correction of audit deficiencies, the following policies are applicable:
4.4.1 Audit Exit Conference
126.96.36.199 The internal auditor-in-charge is responsible for scheduling the exit conference before the Chief Audit Officer issues the final audit report. The goal is to have knowledgeable and accountable audit, client, supervisory, and management personnel at the meeting who can make decisions and implement agreed improvements. The Chief Audit Officer of Internal Audits and the auditor-in-charge as well as any staff auditors the Chief Audit Officer deems necessary should also attend the exit conference. The purpose of the exit conference is to inform management of the audit results and the report process, reach final agreement on findings, and finalize planned improvement actions. Management can also provide an update on any actions already taken.
4.4.2 Written Reply from Management
188.8.131.52 A formal written reply to all audit findings mentioned in the audit report should be addressed to the Chief Audit Officer. The written reply to the audit report is due within fifteen (15) days of the date of the audit conference.
184.108.40.206 The reply should consist of the action taken to correct each audit finding. Where applicable, it should also give attention to changes in operating procedures that would alleviate the problem in the future.
220.127.116.11 If it is felt that the reply to the audit letter is unsatisfactory in corrective action, it will be resolved through consultation of all parties concerned. This process also may include a determination that senior management and/or the board have assumed the risk of not taking corrective action on reported observations.
18.104.22.168 The Chief Audit Officer will review the audit report and the audit response with the Chancellor and the Board of Trustees Audit Committee.
5 Additional References
7 Contact Information
8 Original Effective Date
9 Revision Dates
- January 23, 2014