Northwestern State University

 

 

Frequently Asked Questions

 

 

NSU
Home 
Page

About
Internal
Audit

FAQ

Internal
Audit
Charter

Rules of
the Board

Internal
Controls

Control
Self-
Assessment

 

  1. Is the Internal Auditor an NSU employee?

  2. What does an Internal Auditor do?

  3. How long will an audit take?

  4. What are the different types of audits?

  5. How do you decide what to audit?

  6. Who receives a copy of internal audit reports?

  7. What are internal controls?  Why should I be concerned?

  8. What should I do if I learn of a fraud at the University?

  9. Why does each department need individual policy and procedures, in addition to the Fiscal Policy and Procedures Manual?

  10. What are Audit Alerts?  Why should I be concerned?

  11. What are some examples of common audit findings?

  12. Whom should I contact if I have questions not covered in this section?

Is the Internal Auditor an NSU employee?

Yes, the Internal Auditor (Ms. Betty J. Deans) is an Northwestern State University employee.  The Office of Internal Audit is located in Room 202 of South Hall.  The office hours are 8:00 a.m. - 4:30 p.m., Monday through Friday.   

Back to Top

What does an Internal Auditor do?

The primary responsibility of the Internal Auditor is to evaluate and promote the system of internal controls established at the University.  This is accomplished by a variety of means, including planned audits (i.e. assurance services), internal control reviews, advisory services (i.e. consulting engagements) and staff training.  Specifically, the Internal Auditor identifies actual and potential problems and recommends corrective courses of action, in accordance with professional internal auditing standards.  In addition, the Internal Auditor performs special projects as requested by University management personnel and various University of Louisiana System personnel.  The Internal Auditor has a dual reporting relationship.  At the University level, the Internal Auditor reports to the President.  At the system level, the Internal Auditor reports to the System Director of Internal Audit.   

Back to Top

How long will an audit take?

An audit can take from a few days to several months, depending on the nature, complexity and condition of the area under review.

Back to Top

What are the different types of audits?

OPERATIONAL AUDITS 

Operational audits are the most common type of audit.  Operating procedures, document flow, and internal controls are reviewed in detail.  Operational audits assess the effective and efficient use of resources while accomplishing the area's goals and objectives.

COMPLIANCE AUDITS 

Compliance audits assess the degree to which the area has adhered to laws, rules, regulations, policies and procedures.  Compliance may be reviewed for adherence to Federal, State and local laws, along with other regulatory agencies such as the NCAA.

FINANCIAL AUDITS  

Financial audits address issues related to the proper accounting and reporting of financial transactions, including authorizations, cash receipts, cash disbursements, and commitments to purchase.  

INVESTIGATIVE AUDITS 

Investigative audits are performed when required and are the result of alleged acts of fraud or other misconduct.  Alleged white-collar crime, misuse of University assets, and conflicts of interest are examples of reasons for an investigative audit.  Typically, Internal Audit works with other parties, both internal and external to the University.  Usually, the focus of Internal Audit's review is on internal controls, with the goal of determining whether or not internal controls were compromised.  

INFORMATION SYSTEMS AUDITS 

Information systems audits typically address general controls, focusing primarily on input controls, output controls, processing controls, backup and recovery plans, data security, and hardware security. 

Back to Top

How do you decide what to audit?

Typically, an audit is selected for review as a result of Internal Audit's annual audit plan, administrative requests (University or Board level), or allegations of fraud or other misconduct.  Internal Audit's annual audit plan is developed based on a combination of risk assessment, follow-up to previous audits, and mandated recurring audits.  

Back to Top

Who receives a copy of internal audit reports?

The President, the System Director of Internal Audit, the Executive Assistant to the President, the Vice President for Business Affairs, and the Auditor-in-Charge from the Office of the Legislative Auditor receives a copy of internal audit reports, along with the Budget Unit Head, the Approving Agent, and the responsible Vice President of the area being audited.

Given the confidential nature of investigative audit reports, Internal Audit further limits the distribution of such investigative reports.

Back to Top

What are internal controls?  Why should I be concerned?

Internal control can be defined as a process, effected by an entity's board, management and other personnel, designed to provide reasonable assurance regarding the achievement of goals and objectives in the following categories:

  • Effectiveness and efficiency of operations

  • Reliability of financial reporting

  • Compliance with laws and regulations

You should be concerned with internal controls because everyone at the University has some responsibility for the achievement and adequacy of internal controls.  As such, Internal Audit prepared a PowerPoint presentation which provides training on internal controls.  Management personnel are encouraged to require employees to view the presentation.  

Back to Top

What should I do if I learn of a fraud at the University?

Employees are required to adhere to the Section XIV, Page XIV-8-1 (Reporting of Incidents Involving Fraud) of the Fiscal Policy & Procedures Manual.  The policy requires that employees notify their Budget Unit Head of incidents involving fraud as soon possible.  The Budget Unit Head is required to immediately notify University Police, the President's Office and the Internal Auditor.  University Police, the President's Office and the Internal Auditor are required to follow the procedures as outlined in the Fiscal Policy and Procedures Manual.    

Back to Top

Why does each department need individual policy and procedures, in addition to the Fiscal Policy and Procedures Manual?

Each department should maintain its own departmental policy and procedures manual to ensure that:

  • Continuity and consistency of operations occurs

  • Efficiency in operations occurs

  • Documentation of "what-to-do" or "what-should-be-done" exists

  • Documentation of "how-to-do" exists

  • Documentation of the handling of non-routine and/or infrequent processes exists 

  • Efficiency and effectiveness of training for new employees occurs

On the other hand, the Fiscal Policy and Procedures Manual addresses university-wide issues, typically fiscal in nature, and does not cover department specific procedures, processes and/or services.   

Back to Top

What are Audit Alerts?  Why should I be concerned?

Audit Alerts! are statements issued by the Internal Auditor to inform the University community of problems and/or emerging issues which have been identified in other departments, at other universities, or at other state agencies which have the potential to impact the University and its employees.  Audit Alerts! give departments an opportunity to detect and correct deficiencies internally ... without involvement of auditors.  Audit Alerts!, when used properly, can be viewed as a self-assessment tool.    

Back to Top

What are some examples of common audit findings?

Examples of common audit findings include the following:

  • Inadequate separation of duties, i.e. one employee responsible for all aspects of specific types of activities

  • Deposits not made in a timely manner

  • Bank accounts not reconciled in a timely manner

  • Administrative policies, procedures and practices not documented

  • Subsidiary ledger accounts are not reconciled to the general ledger

  • Expenditures or disbursements not properly authorized

  • Administrative staff not cross-trained to provide coverage during extended absences

  • Computer applications developed without adequate technical or user documentation

  • Access to campus and departmental computer resources not properly controlled

  • Computer data files not backed up on a regular basis

  • Electronic backup media not stored in a secure location remote from the original data

  • Mission, goals and objectives are not established and documented

Back to Top

Whom should I contact if I have questions not covered in this section?

For any additional questions, please contact the Internal Auditor (Betty J. Deans, CIA) by telephone at 357-4421 or email at betty@nsula.edu.

Back to Top

 

Audit
Alerts !

Internal
Audit
Related
Websites

Research
Links 

 

Office of
Legislative
Auditor

Internal
Auditing
Terms

  

Northwestern State University is a member of the University of Louisiana System