Frequently Asked Questions Regarding Internal Audit
1. Are Internal Audit employees Auburn University employees?
Yes. All employees of the Division of Internal Audit are University employees.
2. Are there any other auditors that I might encounter at the University?
Yes, the University engages an external auditor, PricewaterhouseCoopers, LLP to perform both the annual financial statement audit and the federally mandated A-133 audit. In addition, the Alabama State Examiners of Public Accounts perform audits of AU. On occasion, auditors from federal (or state) agencies may be on campus reviewing programs or research they have funded.
Any auditor working on campus should be able to appropriately identify themselves. Our suggestion is not to provide any documentation, records, or access to assets until the individual provides proper identification. No auditor should be offended by such a request.
3. How do you select areas for review?
Each year we perform a risk assessment. We attempt to direct our audit resources to the areas deemed high risk. Our goal is to evaluate & improve the management of these risk in these units.
4. How long do audits take?
There is no easy answer to this question as each audit's length will depend on the nature and scope of the review. Small audits might last 20 hours while more complex reviews can last several months.
5. I have a policy question, can Internal Audit help me?
Absolutely, if you have questions on policies, procedures, or best practices we will be glad to help. In some cases we will know the answer to your question, but if we don't we will be glad to research the answer to your question.
6. What kinds of audits do you do?
We perform a variety of services. Generally speaking, here are the most common:
-
Traditional Audits -- we examine internal controls, test documents for compliance with state and federal law, and look for ways to improve operational efficiencies.
-
Risk Based Departmental Audits -- we examine a broad range of risks and determine how they are being managed currently.
-
Investigations -- we attempt to learn the validity of allegations received.
-
Consulting Engagements -- we are typically providing advice on some specific problem that management has asked for our assistance in solving.
-
Data Analytics/Continuous Monitoring -- we compare and analyze large and complex data sets to determine exceptions or detect anomalies based on select criteria.