Resources and Tools
How to Prepare for an Audit
The prospect of an audit can be intimidating; however, it does not need to be. We work with you throughout the process to help improve operations and add value to the organization. Familiarizing yourself with the audit process can pave the way to a productive audit experience.
The initial information gathering meetings and follow-up questions can take some time, depending on the complexity of your area. Completing the pre-audit questionnaire in advance of the audit can make the in-person meetings more productive.
How to Assess Your Own Area
Internal control is a self-assessing process to ensure compliance with university standards and boundaries for acceptable conduct. Everyone has a responsibility to internal control to ensure continuous compliance is maintained. Some examples you should undertake are: maintaining an organized system of required documentation, recording all financial transactions and their nature, retaining documents for the prescribed duration, etc.
Internal Control Self-Assessment Questionnaires are to help you self-assess your internal control environment and risks. Controls are important for ensuring the institution’s practices are consistent with laws, regulations, and policies, that resources are safeguarded against waste, loss, and abuse. You should use this guide to manage important controls in your areas.
Institutional Membership Organizations:
- ACUA – Association of College and University Auditors – Professional organization comprised of audit professionals from all over the globe that helps improve the internal operations and processes of institutions through professional development and the dissemination of individual internal audit experiences. [ACUA website]
- IIA – Institute of Internal Auditors – An international professional association for internal auditing, risk management, governance, internal control, information technology audits, education, and security. [IIA website]
- ACFE – Association of Certified Fraud Examiners – The world’s largest anti-fraud organization and provider of anti-fraud training and education. [ACFE website]
- NCURA – National Council of University Research Administrators – NCURA advances the field of research administration through education and professional development programs, sharing of knowledge and experience, and by fostering a community of professionals. [NCURA website]
- ISACA—previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves. [ISACA website]
- COSO—The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of the five pricate sector organizations listed on the left and is dedicated to providing thought leadership through the development of frameworks and guidance on the enterprise risk management, internal control and fraud deterrence. [COSO Website]
- AICPA—Founded in 1887, the American Institute of Certified Public Accountants is the national professional organization of Certified Public Accountants in the United States. [AICPA Website]
- Uniform Guidance—Federal Office of Management and Budget (OMB)’s guidance on administrative requirements, cost principles and audit requirements for federal awards (including grant awards). [Uniform Guidance Website]
- Educause—Nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. [Educause Website]
- NACUBO—National Association of College and University Business Officers (NACUBO) is a membership organization representing more than 2,500 colleges, universities and higher education service providers across the country and around the world. [NACUBO Website]
Frequently Asked Questions
Does the Office of Internal Audit work for Colorado School of Mines?
Internal Audit is a Part of Mines. Administratively, Internal Audit reports to Mines’ executive vice president for finance and administration, and functionally it reports to the Finance and Audit Committee of the Board of Trustees. However, it remains independent so it can provide unbiased and objective consulting.
How can I request the services of the internal audit department?
Internal departments can contact the Director of Internal Audit, Shannon Sinclair.
What does the internal audit process look like?
Internal Audits follow these steps: Notification, Information Gathering Sessions, Kick-off Meetings, Fieldwork, Exit Conference, Final Audit Report, Customer Survey, and a Follow-up Audit. Specific information on each step can be found on the Auditing 101 page.
Why do you conduct follow-up activities after an audit?
The follow-up activities allow Internal Audit to ensure corrective actions are being taken until all findings are resolved. This is an integral part of Internal Audit’s effectiveness, and ensures continued improvement to efficiency in your department.
What should I do if I have a process improvement suggestion for my department or I become aware of waste and abuse?
Feel free to either suggest improvements to management in your department or to Internal Audit.
What should I do if I become aware of fraud or other illegal activities?
If you have reasonable questions or concerns regarding possible inappropriate activities/conduct, contact the Office of Internal Audit as soon as possible (303-384-2504). If you believe serious violations have or are occurring, and you are uncomfortable speaking directly with our office, you may contact the Ethicsline at 1-855-363-0857. This is an external reporting site provided by EthicsPoint.
What are some common situations that should be reported?
|Accounting Irregularities||Questionable accounting practices, management override, omitting information for required disclosures.|
|Conflict of Interest||Undisclosed significant financial interest in research, consulting on research that conflicts with other interests, employee’s business conducting business with school.|
|Distressed or Disruptive Behavior||Sleep disturbances, change in personal hygiene, difficulty making decisions, heightened emotional response, self-harm behaviors, expressed suicidal thoughts, drug and alcohol abuse.|
|Employee Mistreatment/ Personnel Issue||Wage and hour issues, bullying, insubordination, inappropriate physical behavior (drug or alcohol use, personal hygiene, threatening behavior)|
|Environmental Health & Safety||Unsafe conditions, behaviors, environmental problem or safety suggestion.|
|Employee Theft||Stealing School resources, stealing cash, abuse of tuition remission.|
|Executive Management Concerns||Misconduct with top-level management involvement.|
|Faculty Grievances||Employee-related concerns (matters directly affecting the faculty member’s working conditions or work assignments).|
|Fraud||Theft of University assets for personal benefit, bribes or kick-backs, improper financial reporting, purchase of personal items with University funds, falsification of time sheets or University records.|
|Nepotism||Supervising a family member or spouse.|
|Personal Relationships||Person in position of trust in a romantic or sexual relationship with a student.|
|Policy or Regulatory Non-compliance||Violation of FERPA, not safeguarding sensitive information, export controls, financial policies, BOT policies.|
|Research Misconduct or Academic Fraud||Misuse of sponsored funds, breach of policies, plagiarism, falsification, fabrication or results, departure from accepted practices.|
|Sexual Harassment/Sexual Violence/ Discrimination||Sexual assault, harassment, discrimination, stalking, or domestic violence against an employee or student.|
|Waste and Abuse||Misuse of resources, being charged more for products.|
|Student Code of Conduct Violation||Any situation where student’s conduct presents a danger to health and safety of self or others, impinges upon the rights of self or others, or is detrimental to the educational mission and/or interest of Mines.|
|Workplace Violence||Threats, destruction of property, intimidation or bullying, endangerment or safety.|
Where can I find the university document retention policy so I know how long to keep certain documents?
The Procurement Rules and page 31 of The University’s Policies are two of the best references for the guidelines on document retention. In general, you should not fear losing your job unless you are committing fraud.
If I’m visited by an Internal Auditor – should I fear disciplinary actions, such as losing my job?
Fear should never guide your interactions with an Internal Auditor. Answering an Internal Auditor’s questions helps encourage transparency throughout our organization. More than likely, you will probably walk away with some new ideas from the Internal Auditor about how to make your job easier and more efficient. The goal of an Internal Audit is not necessarily to focus on problems, but to discover improvements that we can all benefit from. When the university does well, we all indirectly profit from better university performance.
What types of tasks might the Internal Audit department perform?
Confirm compliance with laws, regulations, policies, and contracts. Benchmark performance. Suggest ways for reducing costs, enhancing revenues, and improving profits. Encourage efficiency and effectiveness. Share ideas for best practices that reduce errors and fraud. Ensure segregation of duties so that assets are safeguarded. Deliver consulting, assurance, and facilitation services. Assess ethics, quality, and cost-benefit. Assure that controls exist to mitigate risks. Use audit technology tools to analyze data for reliability and anomalies. …Such diversity gives internal auditors a broad perspective on the organization. And that, in turn, makes internal auditors a valuable resource to management and the board in accomplishing overall goals and objectives, as well as in strengthening transparency and organizational governance.
As a unit head, how may I request the services of the Internal Auditing Department?
Management may contact Shannon Sinclair. Your request will be reviewed and the director will determine how we may best meet your needs and coordinate review activities based on our audit plan commitments.
Should I be concerned that my audit results are shared with the Finance and Audit Committee?
No, it is standard practice to share results with the Finance and Audit Committee. These can be positive experiences by being proactive and demonstrating willingness to correct any findings through the audit process and report.
Enterprise Risk Management Resources
Office of Internal Audit
1500 Illinois Street
Guggenheim Hall, Room 235
Golden, CO 80401
Shannon E. Sinclair
Director of Internal Audit