Frequently Asked Questions 1. What does the Audit Committee do?
2. Why was I selected to be audited?
3. How long will the audit take?
4. What are the types of audits performed?
5. What are internal controls?
6. Are the internal auditors responsible for maintaining FAMU's
7. System of Internal Controls?
8. What is the audit process?
9. Are auditors looking for fraud when performing audits?
10. What is the reporting process?
11. Can FAMU personnel seek advice from the Division of Audit and Compliance?
12. Can I remain anonymous when I file a report with the Compliance and Ethics Hotline?
What does the Audit Committee do?
The primary function of the Audit and Compliance Committee is to assist the Board of Trustees in discharging its oversight responsibilities. The Audit and Compliance Committee’s principal activities will include:
· Oversight of the University’s business risk assessment, by reviewing procedures in place to assess and minimize significant risks.
· Oversight of the University’s internal control structure to review the effectiveness and reliability of its business, financial and information system controls.
· Oversight of the quality and integrity of the University’s financial reporting processes to ensure the balance, transparency and integrity of published financial information.
· Review of the internal audit function and overall audit process;
· Review of the annual audit plan.
· Review of the University’s process for monitoring compliance with laws, regulations and policies.
Why was I selected to be audited?
The Division of Audit and Compliance has established a comprehensive audit plan for FAMU utilizing risk assessment. The current audit plan is based on a five-year cycle. While all major activities are scheduled for audit in this cycle, the audit frequency can vary depending upon associated risks. An annual audit schedule is approved by the Audit Committee to ensure that objectives, scope and allocated audit hours support management goals.
How long will the audit take?
The length of the audit varies. The lead auditor assigned to the audit will give a reasonable estimate of time needed to complete the audit.
What are the types of audits performed?
Audit projects can be placed into four categories: financial audits, compliance audits, operational audits, and Information Technology (IT) audits.
· Financial audits address questions of accounting and reporting of financial transactions, including commitments, authorizations, and receipt and disbursement of funds.
· Compliance audits determine the degree of adherence to laws, policies, and procedures.
· Operational audits review operating information and the means used to identify, measure, classify, and report such information; review the means for safeguarding assets; ascertain whether results are consistent with management's goals and objectives and whether the operations are being carried out as planned; appraise the economy and efficiency with which resources are employed; and review the systems established to ensure compliance with policies, procedures, plans, laws, and regulations.
· IT audits evaluate system input, output and processing controls, backup and recovery plans, and system data and physical security.
What are internal controls?
Internal controls can be categorized as either accounting controls or administrative controls.
· Accounting controls are designed to safeguard FAMU assets and ensure the accuracy of financial records.
· Administrative controls are designed to promote operational efficiency, effectiveness, and adherence to FAMU policies and procedures.
· The Division reviews the adequacy of both accounting and administrative controls during audit engagements.
Are the internal auditors responsible for maintaining FAMU's systems of internal control?
No. University management is responsible for maintaining an adequate system of internal controls. Internal auditors independently evaluate the adequacy of the existing internal control systems by analyzing and testing controls. The Division of Audit and Compliance makes recommendations to management to improve controls based on system testing and control analysis.
What is the audit process?
When an activity is scheduled for audit, an engagement letter is sent to the responsible parties. The auditor will then schedule an entrance conference to discuss the objective and scope of the audit. At this initial meeting, responsible parties should take the opportunity to discuss any concerns or questions they may have about the audit and how they can facilitate the review process.
A typical audit has several stages, including preliminary review, fieldwork, and reporting. The auditor flowcharts the system and evaluates the system and its controls, collects data and performs testing, documents the work performed and the conclusions reached, and issues an audit report.
Are auditors looking for fraud when performing audits?
Auditors are not specifically searching for the existence of fraud. However, while conducting audits in accordance with the Institute of Internal Auditor's "Standards for the Professional Practice of Internal Auditing”, improper activities may be identified. A good system of internal controls and a control conscious organizational environment will reduce this risk.
What is the reporting process?
During the audit and at the conclusion of the fieldwork, the auditor will discuss any findings noted during the audit process. The responsible parties will receive a draft audit report for review and, if required, an exit conference will be scheduled. The conference is an opportunity to discuss the audit findings, clarify any ambiguities and, if necessary, modify the report. If the report contains recommendations, written responses detailing corrective action, a projected implementation date, and the responsible party will be required. The response is included in the body of the report. Significant findings are reported to State University System (SUS) as well as the Audit Committee and the President.
All audit information is treated as confidential and is reported only to those within the institution who need to know. The final report and response are distributed to appropriate management personnel, the Audit Committee, and the President.
Can FAMU personnel seek advice from the Division of Audit and Compliance?
Yes. The Division acts as an in-house consultant on internal control matters and provides guidance on control aspects of new systems and procedures.
Can I remain anonymous when I file a report with the Compliance and Ethics Hotline?
Yes. You may file a report by using the Web or phone. On the Web, enter information into requested fields and submit it. By phone, you are greeted by a trained interviewer who documents in detail the situation you described. You don’t have to give your name and the call is not recorded.
Please direct questions and requests for audits to the Division of Audit and Compliance at 850.412.5479.