Skip to main content
Search
Southern Illinois University System Logo
Frequently Asked Questions

FAQ Sub MenuDismiss

 About UsInternal Audit FunctionResources Meet the Team FAQ

FAQ

Internal Audit FAQ

Frequently Asked Questions

Why was I selected to be audited?
The audit planning process for SIU has been designed to comply with the Global Internal Auditing Standards adopted for the profession by the Institute of Internal Auditors, as well as, the Fiscal Control and Internal Auditing Act (FCIAA). These two documents, combined with the risk assessment tools developed by our office, are the basis for the development of the annual audit plan. Audits for many high-risk units are routinely scheduled, while other units are selected for audits of their internal controls over their administrative processes. Because it is not feasible to audit every department each year, we focus our limited staffing and resources on areas where audit efforts will provide the greatest value and impact to the university.

Primary considerations in establishing which units will be audited include:  

  • evaluation of risk 
  • the results of previous internal and external audits
  • industry risk patterns
  • revenue and expense analysis
  • the length of time since last audited, and
  • specific requests and other input by administrators.


What should I expect when my unit/department is selected for an audit? 
Although unannounced audits are initiated where appropriate, typically a representative of the Office of Internal Audit will contact you to schedule a meeting to discuss the upcoming review.  We will discuss the objective, scope, and logistics of conducting the audit. At this initial meeting, you should take the opportunity to discuss any concerns or questions you may have about the audit, to identify any issues or areas of special concern that you would like the audit to address, and to determine how you can facilitate the audit process. A typical audit includes preliminary research; data collection (some by interview), analysis, and review; and preparation and distribution of an audit report. Control weaknesses identified during the audit will be noted in the audit report, and a follow-up review will subsequently be performed to determine whether corrective action has been taken.

How can I benefit from an audit?
Our goal is to help you determine whether there are appropriate internal controls over your administrative processes and systems in your department. We may also be able to show you ways to improve the efficiency and effectiveness of your operations.

What about the confidentiality of information retained by our department?
Per the internal Audit Charter, the Board of Trustees authorizes the internal audit function to:  “Have full and unrestricted access to all functions, data, records, information, physical property, and personnel pertinent to carrying out internal audit responsibilities. “  “Internal auditors are accountable for confidentiality and safeguarding records and information.”  Documents and information given to Internal Auditors will be handled in the same prudent manner as by those employees normally accountable for them.  Please also note that the State of Illinois Auditor General has access to all audit reports, but audit reports and workpapers are exempt from external disclosure under the Illinois Freedom of Information Act. 

Who do we report issues to?
Internal Audit reports its issues to the appropriate university management (the responsible party) to ensure accountability and a timely resolution. Specifically, audit results are communicated to the management of the area under review during the fieldwork phase. Then, during the reporting phase, additional university personnel, such as the President, Chancellor, and designated administrative employees, are included in the distribution of the final report. This reporting structure helps ensure that issues are addressed effectively, corrective actions are implemented, and overall governance, risk management, and internal control processes are strengthened. For additional information regarding the reporting process, please see the Internal Audit Function and Process.   

What are some common recommendations for common audit issues?

  • The unit should establish procedures for all operational processes
  • The unit should ensure all operational processes adhere to existing campus policies and procedures
  • The unit should establish and/or strengthen internal controls as they relate to all operational processes
  • The unit should maintain accurate and current records in accordance with records retention schedules
  • The unit should be monitoring purchasing and transactions to ensure appropriate use and adherence to P-Card Policies
  • The unit should ensure travel reimbursements are completed accurately and submitted in a timely manner
  • The unit should be reconciling departmental records to verify transactions and reporting

Why do I need to provide a management response for an audit issue?
We ask that management directly provides a response, as we are not part of management and are not permitted to specify solutions. We are only allowed to consult, which means we can provide advice regarding the implementation of controls. Our knowledge base may give us some perspective on what has worked for others, and we may also know of potential solutions that are available to you from other University departments. But ultimately, the authority and responsibility for all decisions for a solution belong to management, not the Office of Internal Audit.

What if I disagree with an issue?
We employ a collaborative audit approach; and as such, there should be no surprises at the point at which issues are documented and ultimately included in the final report.  Neither your department, nor ours, want an incorrect or overstated observation to be reported.  This creates unnecessary work for everyone.  We recognize that your expertise in your subject area is going to be deeper and more comprehensive than ours; while you must recognize our expertise in compliance requirements, internal controls, and proper financial reporting.  If we have failed to take something important into account, please work with us so that our conclusions are relevant, accurate, and fair.  You will have multiple opportunities to discuss potential issues before they are agreed upon and included in the final report.

Who audits the auditors?
All auditor work follows the professional standards as written by the Institute of Internal Auditors. All workpapers are reviewed and approved by a Senior Auditor and/or the Executive Director. Additionally, our team performs an annual peer quality assessment, and State law requires that a team of independent external reviewers perform a quality assurance review of internal audit operations every five years.  

What are some additional tips and things to remember during an audit?

  • We are professionally obligated to review documentation to support our conclusions, if documentation is not available, we cannot conclude work was performed.
  • We will likely want to spend a little time in your department to observe your workspace and processes.
  • Please provide information requests in a timely manner.
  • If a request is outside of your responsibilities, point us to the person able to assist us.
  • It is okay if you do not know the answer to a request; let us know so we can reach out to the appropriate person.
  • Our ultimate goal is to work with you and your staff as a team. We are on your side and strive to resolve issues and improve departmental efficiency together.
Copyright © 2023 Board of Trustees, Southern Illinois University System. All rights reserved. Privacy Policy Cascade