Frequently asked questions
Are you part of the Finance Department?
What is the end result of an audit?
No, the Department of Business Assurance sits within the Office of the Chairman & College Secretariat with a right of access to the Principal, the Chair of Audit, Risk and Compliance Committee and the Chair of the College Council. However, the Department does work closely with the Finance Department at all times.
Will I have a chance to comment on the audit report?
For most audits a report will be produced. Summaries of all reports and the full set of recommendations are always presented to the Audit, Risk and Compliance Committee.
How is the audit loop closed?
A draft report will be sent to the relevant manager(s) in the area reviewed to provide an opportunity for feedback or queries.
Does Internal Audit just look at financial issues?
A series of recommendations will be produced within the audit report. These will indicate responsibility for action and a timetable for implementation. A follow up report is produced for each meeting of the Audit, Risk and Compliance Committee reporting on progress with the implementation of recommendations.
Does the Internal Audit provide advice?
No, Internal Audit will review both financial and non-financial systems. A key focus for the department is the manner in which the university manages its risk, both financial and non-financial.
Why have I been selected for an audit?
Internal Audit is happy to provide informal and ad-hoc advice and guidance on a wide range of systems or procedural issues. Interaction with univeristy management is welcomed at any time; not just during formal audit exercises.
What happens if I am audited?
Audits are undertaken on a rolling basis throughout the university with a bias to high risk activities. In most cases audits will be undertaken as part of this cycle identified within the annual audit plan. Management can also request audit time to look at specific issues of concern and the Department holds back a certain number of audit days every year as contingency for this purpose.
In most cases the auditor will contact you in advance and arrange a mutually convenient time to visit. Terms of Reference are agreed with management in the area under review. The auditor will discuss relevant points with you and may also undertake a review of source documentation.
Following on from this, the auditor may come back with queries as a result of the discussion and any review of relevant Management Information. Where anomalies or issues are identified during the course of an audit, these would be discussed with you at the earliest possible opportunity. The Head of the service under review will have the opportunity to feedback on a draft audit report and the agreed finalised report will be distributed to relevant stakeholders, audit participants and, in particular, to anyone identified as an owner of a recommendation.
Follow-ups are conducted on any outstsanding recommendations and any which are still to be closed are reported to subsequent meetings of the Audit, Risk and Compliance Committee.