Frequently Asked Questions
The Institute of Internal Auditors defines internal auditing as "an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance process."
The WKU Office of Internal Audit can help managers assess department-specific risks and mitigation techniques. Our goal is to help you increase efficiency, decrease expenses and reduce exposure to risks.
A risk assessment is completed annually by the Office of Internal Audit in conjunction with President's Cabinet members. Many factors are evaluated during the risk assessment, including:
- Regulations related to the department,
- Complexity of the department,
- Turnover of key personnel,
- Volume of transactions,
- Departmental income/expenses, and
- Other factors related to department-specific risks.
Managers may also request audits to assess specific department processes and procedures, review the internal controls or to investigate suspicious activity.
As internal auditors, we are tasked with defining risks that may affect a specific department or the university as a whole and gathering information about controls that may mitigate those risks. We test the controls to determine if they are effective. Internal Audit will review processes to ensure that applicable regulations, laws, and policies are used. In addition, internal auditors will seek out ways to improve the efficiency of the existing processes.
Generally, the following steps are helpful to prepare for an audit:
- Notify employees of the upcoming audit and ask for their cooperation in answering questions and demonstrating departmental processes.
- Review important departmental policies to ensure they are up-to-date.
- Obtain the following information:
- An organization chart,
- Job descriptions for key personnel, and
- Information about the department that is not readily available on the website.
Internal Audit will accept requests to perform an audit or review of departments from managers and President's Cabinet members. Requests may need to be discussed to more fully define the scope and objectives of the project. The ability for the Office of Internal Audit to perform the work may be dependent on the current staffing levels and other deadlines imposed upon the office. However, we are always happy to discuss any concerns and help assess risks and controls in your area.
Each project is different. Some audits require more time to complete due to size or complexity. The typical audit takes anywhere from two to six months to complete.
An audit report will be distributed to President's Cabinet and Board of Regents members. In comparison, management reviews are not distributed to the Board of Regents.
A full audit requires much more documentation, extensive testing and action plans with completion dates for an control gaps noted. A management review consists of inquiry, with little to no testing performed. A full audit is distributed to the Board of Regents and President's Cabinet members. In comparison, management reviews are not distributed to the Board of Regents.
Western Kentucky University is an organization with strong values of responsibility and integrity. The Univeristy encourages its employees, students, and the general public to promptly report suspected or known fiscal misconduct by WKU personnel.
WKU encourages this by creating a means for anonymous reporting through a third party service provider, Ethics Point. Internal Audit does not receive any information from Ethics Point regarding the reporter's identity. However, a reporter may wish to reveal their identity and can choose to do so during the reporting process.
In addition, a reporter many choose to discuss any concerns with Internal Audit staff. This type of reporting is not anonymous, but it is confidential.
Much of the audit process takes place in the Office of Internal Audit and will not disrupt the daily activities of the department. However, Internal Audit will need to meet with senior officials as well as other personnel in the department to better understand the existing processes and recommend improvements. The amount of time needed for these interviews varies with each audit and typically doesn't exceed a few hours.
Internal Audit will certainly work around scheduling conflicts to the best of our ability and seek to minimize disruptions to the daily operations of the department.
Approximately 75% of our projects integrate operational, compliance, financial, and governance audits. Other types of projects we focus on include consulting and advisory services and special investigations. Detailed definitions of these types of projects can be found on our web site.
Internal controls can be simply defined as any process, procedure, or task we do to help us achieve our objectives. Some examples include implementing separation of duties where necessary, reconciling procurement card transactions, and documenting day-to-day operational procedures.
Internal Audit has compiled an internal control self-assessment questionnaire that allows departments to answer questions regarding controls over areas within their department.
Feel free to contact Internal Audit with any questions regarding WKU policies. If we don't know the answer, we will research the question further and relay the findings back to you.
What is internal audit? |
The Institute of Internal Auditors defines internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance process.” |
How can internal audit help my department? |
Internal Audit at WKU can help managers assess department-specific risks and mitigation techniques. Our goal is to help you increase efficiency, decrease expenses and reduce exposure to risks. |
How are departments selected for an audit? |
A risk assessment is completed annually by the Office of Internal Audit in conjunction with President's Cabinet members. Many factors are evaluated during the risk assessment, including:
Managers may also request audits to assess specific department processes and procedures, review internal controls or to investigate suspicious activity. |
What are internal auditors looking for? |
As internal auditors, we are tasked with defining risks that may affect a specific department or the university as a whole and gathering information about controls that may mitigate those risks. We test the controls to determine if they, in fact, exist and actually work. Internal Audit will review processes to ensure that applicable regulations, laws and policies are followed. In addition, internal auditors will seek out ways to improve the efficiency of the existing processes. |
How do I prepare for an audit? |
Generally, the following steps are helpful to prepare for an audit:
|
Can a department request an audit? |
Internal Audit will accept requests to perform an audit or review of departments from managers and President's Cabinet members. Requests may need to be discussed to more fully define the scope and objectives of the project. The ability for the Office of Internal Audit to perform the work may be dependent on the current staffing levels and other deadlines imposed upon the office. However, we are always happy to discuss any concerns and help assess risks and controls in your area. |
How long does an audit take? |
Each project is different. Some audits require more time to complete due to size or complexity. The typical audit takes anywhere from two to six months to complete. |
Who will see my audit report? |
An audit report will be distributed to President's Cabinet and Board of Regents members. In comparison, management reviews are not distributed to the Board of Regents. |
What is the difference between a management review and an audit? |
A full audit requires much more documentation, extensive testing and action plans with completion dates for any control gaps noted. A management review consists of inquiry, with little to no testing performed. A full audit is issued to outside parties when final (i.e. the chairpersons of the board and the Finance & Budget Committee), while the management review remains internally. |
Can I report irregularities/misconduct/fraud/unethical behavior anonymously? |
Western Kentucky University is an organization with strong values of responsibility and integrity. The University encourages its employees, students and the general public to promptly report suspected or known fiscal misconduct by WKU or by WKU personnel. WKU encourages this by creating a means for anonymous reporting through a third party service provider, Ethics Point. Internal Audit does not receive any information from Ethics Point regarding the reporter’s identity. However, a reporter may wish to reveal their identity and can choose to do so during the reporting process. In addition, a reporter may choose to discuss any concerns with Internal Audit staff. This type of reporting is not anonymous, but it is confidential. |
What if I don’t have time for an audit now? |
Much of the audit process takes place in the Office of Internal Audit and will not disrupt the daily activities of the department. However, Internal Audit will need to meet with senior officials as well as other personnel in the department to better understand the existing processes and recommend improvements. The amount of time needed for these interviews varies with each audit and typically doesn’t exceed a few hours. Internal Audit will certainly work around scheduling conflicts to the best of our ability and seek to minimize disruptions to the daily operations of the department. |
What kind of audits do you do? |
Approximately 75% of our projects integrate operational, compliance, financial and governance audits. Other types of projects we focus on include consulting and advisory services and special investigations. Currently, we partially outsource projects involving information technology. Detailed definitions of these types of projects can be found on our web site. |
What are internal controls? |
Internal controls can be simply defined as any process, procedure or task we do to help us achieve our objectives. Some examples include implementing separation of duties where necessary, reconciling procurement card transactions, and documenting day-to-day operational procedures. |
How can I assess my department’s controls? |
Internal Audit has compiled an internal control self-assessment that allows departments to answer questions regarding controls over certain areas within their department. |
Can internal audit help me with a policy question? |
Feel free to contact Internal Audit with any questions regarding WKU policies. If we don’t know the answer, we will research the question further and relay the findings back to you. |
Some of the links on this page may require additional software to view.