Who does Internal Audit report to?
The Department of Internal Audit and Advisory Services reports to the University President and the Board of Regents Chief Audit Officer and Associate Vice Chancellor for Internal Auditing.
How are departments and offices selected for audit?
See the Audit Plan link for details of the audit selection process. In summary, each year the Director of Internal Audit and Advisory Services prepares an audit plan based on management input and an assessment of a unit's perceived audit risk. The risk assessment analysis has the following factors:
- Audit History (30%) which considers prior findings and/or the date of the last audit.
- Regulatory Compliance/Public Scrutiny (20%) which rates sponsor expectations.
- Reliance on Information Technology (20%) which considers system security and data accuracy vulnerabilities.
- Transaction Volume (15%) which determines the financial size of the area.
- Organization Change and Economic Transition (15%) which highlights areas adapting to change or that have had a period of transformation.
As a unit head, how may I request the services of the Internal Audit Department?
Management may contact the Director of Internal Audit and Advisory Services, Elaine Campbell, via telephone or email, to request services for an audit, special review, or advisory services. Your request will be reviewed, and we will determine how to meet your needs and coordinate review activities based on our audit plan commitments.
What is audit planning?
It is a process by which a perceived risk is identified, management input is solicited, and a determination is made of what will be included in the review (i.e., audit scope). It includes assessing various university documents, discussing with management, establishing audit objectives, and developing a plan that is shared with applicable personnel.
How long do audits take?
It depends on the depth and scope of the engagement. Generally speaking, full-scope audits will take approximately two months.
How often are the departments reviewed?
It depends on the results of the risk analysis performed and the corresponding priority ranking for each auditable unit. Based on the audit resources available, the annual audit schedule is defined and reviewed by executive management. The audit plan is then submitted to the Board of Regents Internal Audit Office and approved by the Board of Regents.
Why are departments always under audit?
What may be interpreted as being under audit may not be the case. Auditors may be in departments to gather information, as part of another department's audit, to follow-up on outstanding issues, or to perform a special review requested of management. Keep in mind that many university activities interrelate with other department activities and frequently the audit scope crosses departmental or divisional lines.
What can I do to facilitate the audit process?
Be honest and open; understand that the University Internal Auditor serves to assist you and your department by recommending solutions that may save your organization time and money while ensuring your operation has sound business practices and is in compliance with University, Board of Regents and State policies and procedures. We ask that you participate in the planning process and discussions. It is important that you not only voice your opinions regarding areas of weakness and issues of concern, but to give an honest assessment of the anticipated effectiveness and feasibility of our proposed suggestions for improvement.
What should I expect during an audit?
View the audit process link to get a detailed description of the audit steps.
Who gets audit reports?
Audit reports are distributed to the applicable department head, applicable executive management, the Associate Vice Chancellor for Internal Audit at the Board of Regents Internal Audit Office, and the State of Georgia Auditors.
Why do you sometimes recommend actions that are not contained in campus policies or procedures?
Our objective is to offer suggestions to mitigate identified risks. We believe the head of a University organization would want to mitigate identified risks, even though campus policy might not yet specifically address a given situation.
Why are you conducting follow-up activities when less than a year ago you were conducting the audit?
We have an obligation to the University's management, the Board of Regents, and the professional practice of Internal Auditing to report progress on actions to implement audit recommendations. We typically perform follow-up procedures within 6 months of the audit.
What if I become aware of fraud, waste or abuse? Is the Internal Auditor interested?
We are interested in feedback should you become aware of these situations and would like to have your input. You should contact the Director of Internal Audit and Advisory Services at (912) 303-1776 or email firstname.lastname@example.org. You may anonymously report these situations to Savannah State University's Ethics and Compliance Reporting Hotline at 877-516-3462 or via web at http://reportlineweb.com/SSU.
Where can I find the University document retention policy? I need to know how long certain records must be kept.
Please refer to the University System of Georgia Record Retention Guidelines at http://www.usg.edu/usgweb/busserv/series/index.phtml. This document provides guidance on the minimum retention time for a particular record. The guidelines are organized in 19 categories and a search engine is provided for your convenience.