Frequently Asked Questions
What are internal controls?
Internal controls are nothing more than policies or procedures put in place to safeguard an asset, provide reliable financial information, promote efficient and effective operations and ensure policy compliance. Generally there are three types of control:
- Preventive Controls - are designed to discourage errors or irregularities from occurring. For example: Processing a purchase order only after it has been properly approved by the appropriate personnel.
- Detective Controls - are designed to find errors or irregularities after they have occurred. For example: Comparing transactions on monthly management reports to the departmental source documents.
- Directive Controls - are designed to encourage a desirable event. For example: written policies and training seminars assist in the accomplishment of goals and objectives.
Who is responsible for internal controls?
While everyone at the University plays a part in the internal control system, ultimately University administration is responsible for ensuring that adequate controls are in place. They, in turn, delegate part of this responsibility to each operational area, whether it is administrative or academic. Essentially, every employee has some responsibility for making sure that the internal control system functions properly. Therefore, all faculty and staff need to be aware of the concept and purpose of internal controls. If you are a departmental supervisor you must ask yourself, "How do I know that things are okay? Do I assume that all is well until a crisis happens, or do I review processes and procedures on a regular basis to make sure I know what is going on?" While good internal controls will not prevent or solve all your problems, they provide an early warning system to help prevent surprises.
What does Internal Audit do?
Why are we being audited?
Internal Audit schedules audits based on an annual risk assessment and audit plan. In addition, other audits are scheduled due to requests from the ISU president, vice presidents, State Board of Education Audit Committee or external regulatory agencies.
What can I expect during an audit?
Please see the following link: steps of an audit
What will the auditors need from me?
The main items needed from you for a successful audit are cooperation and communication with Internal Audit. The following are specific examples of what you can do to help the audit process:
- Supply all requested information on a timely basis.
- Document departmental policies, procedures and processes.
- Maintain organized files, documents and transactional support.
- Share any internal control concerns you have with Internal Audit.
- As issues are communicated to you during the audit, begin thinking about potential corrective actions.
- Review the draft audit report and make any suggestions for changes or enhancements either before or during the exit conference.
- Provide a written response to issues identified in the report, along with who will be responsible for implementing the corrective actions and when they will be completed.
- Be proactive in monitoring the progress of the corrective actions.