Purdue University
Staff & Contact Information Internal Audit Home Page Purdue Home Page
Purdue University Internal Audit Office
self-assessment checklist ask an auditor how to prepare for an audit links to purdue university policies & procedures other resources charter & mission frequently asked questions tips fraud reporting program
  1. Who can provide training on internal controls?
  2. What should I do if a theft occurs?
  3. How are departments selected for an internal audit?
  4. What occurs during an audit?

1. Who can provide training on internal controls?

Internal Audit Staff are available at your request to provide training on internal controls, proper segregation of duties, information system internal controls, etc. Please contact the Internal Audit Office, iadirector@purdue.edu or plfish@purdue.edu to discuss your training needs. The training agenda will be coordinated with you to ensure your training objectives are met.

return to the questions

2. What should I do if a theft occurs?

Thefts may result from internal misappropriations or external events such as a robbery. Always remember that unnecessary risk should never be taken -- items in homes, offices, cars, etc. can be replaced. You can’t!

Guidelines in the Event of Suspected Internal Theft
 
The responsibility for protecting University assets is shared by everyone. It is your responsibility to report suspected theft, negligence, misappropriations or carelessness to your Supervisor, Internal Audit, or Campus Police. Be alert and recognize control weaknesses that could result in a loss to the University. It is always better to prevent a loss than to recover one.

Guidelines in the Event of a Robbery

For detailed guidelines refer to the Purdue University Cash Handling Manual. A copy of this document should be on file with your Business Office or may be obtained from the Manager of University Collections. Remember that unnecessary risk should never be taken.

Remain calm and as soon as possible call 911

The “do’s” for defusing situations is to (1) do have a plan, (2) do be aware of warning signals, (3) do intervene early, and (4) do use calming techniques. The “don’ts” to remember are (1) don’t sacrifice yourself for things, (2) don’t put your hand unexpectedly on a disturbed or upset person, (3) don’t challenge, dare, argue, or threaten the person, (4) don’t use derogatory terms or talk as if he/she isn’t there.

return to the questions

3. How are departments selected for an internal audit?

The audit plan is developed using a simple risk-based methodology, which primarily includes input from management, staff, and external auditors in identifying risks, controls, or governance processes. Typically in November of each year, an invitation to suggest audit topics for the calendar-year audit plan is issued. We recognize that the internal control framework established by management is an integral part of our review. Internal control is a process, effected by the trustees, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.1

  • The following factors are considered in developing the audit plan:
  • The size and complexity of the operation
  • Potential risk of financial loss
  • Major changes in operations, programs, systems, controls, or staff
  • Regulated operations and operations subject to a high level of public scrutiny
  • Data integrity and security of data

1COSO Internal Control Integrated Framework

return to the questions

4. What occurs during an audit?

"Working Together for a Better University"

Our Vision Statement

Internal Audit is responsive to the requests made by the University community and provides feedback in a timely manner. We take a proactive role in assuring appropriate control environments are established.

Audit Process

Although every audit project is unique, the audit process is similar for most engagements and usually consists of three stages: Preliminary Review, Field Work, and Closure. Through these stages, we want to determine ways to minimize risks and increase efficiencies within your area taking a University system-wide approach. Your area's involvement is critical at each stage of the audit process. As in any special project, an audit results in a certain amount of time being diverted from your department's usual routine. One of our objectives is to perform the audit efficiently and effectively to minimize the disruption of your ongoing activities.

Preliminary Review

After the decision has been made to audit your area, we gather information about your processes and procedures. We then review and evaluate the existing internal control structure and identify the audit objectives. Finally, we plan the remaining audit steps necessary to achieve the objectives.

  • Initial Contact
    We will inform you of the audit project. A confirmation letter will follow identifying the auditors assigned to the project, and a list of information and/or documentation you should make available to us upon our initial meeting, the entrance conference.
  • Entrance Conference
    During this meeting, you will be asked to describe the department or system to be reviewed, the organization, available resources, and other pertinent information. We usually meet with the department head, senior business office representative, and any other staff members you wish to have. You are encouraged to identify issues or concerns that you would like to have addressed during the review.
  • Preliminary Survey
    This is the process in which the auditor gathers relevant information about your department in order to obtain a general overview of operations. We talk with key personnel and review various sources of written documentation.
  • Internal Control Review
    We will review your area's internal control structure, defined as all measures used by the University for the purposes of (1) safeguarding its assets against loss, waste, fraud, and inefficiency; (2) promoting accuracy and reliability in accounting and operating data; (3) encouraging and measuring compliance with University policy; and (4) judging the efficiency of operations. In doing so, we use an assortment of tools and techniques to gather and analyze information about your operation. This review of internal controls helps us determine the areas of highest risk and design tests to be performed in the fieldwork section.
  • Audit Program
    The preliminary review stage concludes with an audit program. This program outlines the fieldwork necessary to achieve the audit objectives.

Fieldwork

The fieldwork involves gathering data and identifying opportunities for continuous process improvement. It is during this phase that we determine whether the controls identified during the preliminary review are operating in the manner you described.

  • Communications
    We strive to keep you informed of our progress during fieldwork. If you have any questions or comments, please contact us.

Closure

A written report is issued showing the results of the audit steps performed. It will include advice and requests for action as needed based on the results.

  • Draft Audit Report
    An audit report will be drafted after completion of the fieldwork. This report, along with our work papers, goes through an extensive review process by our senior auditors and Director. After this, we will schedule an exit conference with you.
  • Exit Conference
    At this stage, we meet with you to review the draft audit report. You will be given the opportunity to comment and suggest changes. We will work together to reach agreement on its content.
  • Final Report
    This report is approved by the Director of Audits and is typically for use by internal University management. The final report issued by the Executive Vice President and Treasurer will indicate, via a cover letter, if a formal response is required. If the report contains requests for action, a formal response is required.
  • Formal Response
    Your formal written response to actions requested should be coordinated and submitted through appropriate management. This should include your plan of action and time lines for implementation. Management will then recommend audit closure, if appropriate.
  • Audit Closure
    We review your formal written response and if we agree that your plan of action will improve operational efficiency and effectiveness in a timely manner, we will recommend closure to the Executive Vice President and Treasurer. After assurance that all issues have been satisfactorily addressed, the Executive Vice President and Treasurer will close the audit.
  • Audit Follow Up
    We may perform a follow up review to verify that actions implemented had the intended results. This audit repeats the normal audit process, but is limited in scope based on the final report and corresponding formal response.

Your Comments

As part of our evaluation program, we ask you to comment on our performance. This feedback will be beneficial because we plan to improve our procedures as a result of your suggestions.

  • The Process: A Collaborative Effort
    The audit process works best when we have a shared working relationship. We hope you will extend this relationship beyond a particular audit. We have developed an understanding of your operation and are available to consult on organizational or operational changes.

return to the questions

Purdue Homepage | Directories & Searches | Campus Map

Copyright © 2004, Purdue University, all rights reserved.
An equal access/equal opportunity university.
Purdue University, West Lafayette, IN 47907 USA, (765) 494-4600