Skip Ribbon Commands
Skip to main content
Sign In
/

University Governance/University committees/Audit Committee/Internal auditing/Internal auditing - FAQs

Audit Committee

 

Internal auditing - FAQs

Frequently asked questions on internal auditing

Each year, several internal audits include coverage of activities undertaken by departments and faculties. As part of the audit fieldwork, the internal auditors will visit a sample of institutions for these audits. 

These FAQs are written for departments selected to be sampled as part of internal audits. 

Departments leading on an internal audit (usually, but not limited to, professional services divisions) should instead refer to the Internal Audit Protocol​

​In brief, what happens when the auditors visit?

  • The department will be contacted in advance of the audit visit;
  • Relevant staff will attend an initial meeting where the internal auditor will explain the purpose of the audit and what information the department needs to provide; 
  • Departments must provide all information and explanations required by the internal auditors promptly;
  • The total time commitment for sampled departments does not usually exceed 1-2 days, spread across several weeks;
  • After the audit takes place, a draft report will be prepared with findings and audit sponsors (typically senior staff in professional services divisions) agree actions to address those findings;
  • The final report is issued for discussion by the Audit Committee.

Why is my department being audited?

Departments are selected by the internal auditors, in consultation with the Head of Assurance and based on discussions with audit sponsors. A number of factors are taken into consideration when selecting departments, including the size and shape of the department, when the department was last visited by internal audit, the risk profile of the audit area or department, and the need to balance coverage across all six Schools and Non-School Institutions.

​When will the audit review take place?

eral weeks' notice of the audit and efforts will be made to conduct the audit at a time which is convenient to you. The Head of Assurance will contact the Head of Institution and Departmental Administrator (or equivalent) approximately 2 weeks’ prior to audit fieldwork taking place. Whilst efforts will be made to conduct the audit at a time which is convenient to the department, please note that audit fieldwork often takes place in a fixed timeframe. The total time commitment for sampled departments does not usually exceed 1-2 days, spread across several weeks.

Most departments will have contact with the internal audit team on more than one occasion owing to the different types of audit taking place.  

Who is involved?

Sampled departments: This is dependent on the area being audited and the department being sampled. For example, an audit looking at staff induction arrangements would typically require HR colleagues in the department to be involved but a key financial controls audit would require finance colleagues. In all cases the departmental administrator (or equivalent) should oversee engagement in the audit. Heads of Institution are required to ensure that all information and explanations required by the auditors are provided promptly.

Professional Services Divisions: Each audit has a designated audit sponsor and accountable senior officer. The audit sponsor is often a senior person within a professional services function with designated responsibility for a certain area.  The senior accountable officer is usually a Director of a UAS Division (e.g. Director of Finance). The Head of Assurance in the Governance and Compliance Division oversees all internal audit work within the University.

What will the audit cover?

Internal audits cover a range of processes and procedures, typically focusing on compliance with the University’s and/or external regulations. An initial meeting will take place where the internal auditor will explain the purpose of the audit and set out what information the department needs to provide.

​What are the department's responsibilities?​

Departments must provide all information and explanations requested by the internal auditors as promptly and accurately as possible, including any follow up queries. It is important that the internal auditors have unfettered access to data and documents.

​What are the audit outputs?

When the auditors have completed their work they will make a number of observations (ranked by priority/risk rating) and will also give an overall assurance rating for the audit area concerned. This will be set out in a draft audit report, to which the audit sponsor will respond and agree audit actions before the report is finalised. Sampled departments may occasionally be asked to comment on the factual accuracy of findings or to take action in response to the findings of a particular audit. This will be coordinated through the Head of Assurance.

Who sees internal audit reports?

Draft internal audit reports are seen only by the audit sponsor, any other agreed stakeholders and the Head of Assurance.

Final audit reports are discussed by the Audit Committee and copies of all audit reports are held on file by the Governance and Compliance Division. The Council receives minutes of the Audit Committee and so will see which audits have been conducted along with a synopsis of their outcome.  

Sampled departments can request to see final audit reports for audits that they have been involved in (subject to approval of the audit sponsor). This should be requested via the Head of Assurance.

What happens next?

Each agreed action will have a deadline for implementation. The assurance team (Governance & Compliance Division) follow up with action owners when the agreed deadline is due and the implementation status of all audit actions is reported to the Audit Committee as a standing item.  

​Further information:

If you have any questions about the internal audit process, please contact the Head of Assurance via assurance@admin.cam.ac.uk.


 

Useful links