1. What is the authority of Internal Audit?
The Internal Audit Department has been authorized by the LSU System Board of Supervisors to have unrestricted access to all University of
New Orleans records, property and personnel. The Internal Audit Charter defines the purpose, authority and responsibilities of the office.
The Internal Audit staff will make every effort to ensure that the security of assets and privacy of records are not compromised and
services are not unnecessarily disrupted.
2. Is the Internal Auditor a UNO employee?
Yes, All of the Internal Audit staff are University of New Orleans employees.
3. Who does the Office of Internal Audit report to?
The Office of Internal Audit directly reports to the Chancellor of UNO.
4. How long will an audit take?
Depending on the nature, complexity and condition of the area under review, an audit can take from a few days to several months.
5. Does Internal Audit ever conduct surprise audits?
Usually the area to be audited will be notified. However, sometimes surprise audits are conducted.
6. What are different types of audits?
- Opertaional Audits:
Operational audits are the most common type of audit. Operating procedures, document flow, and internal
controls are reviewed in detail. Operational audits assess the effective and efficient use of resources while accomplishing the area's
goals and objectives.
- Compliance Aduits:
Compliance audits assess the degree to which the area has adhered to laws, rules, regulations, policies and
procedures. Compliance may be reviewed for adherence to Federal, State and local laws, along with other regulatory agencies such as the
NCAA.
- Financial Audits:
Financial audits address issues related to the proper accounting and reporting of financial transactions,
including authorizations, cash receipts, cash disbursements, and commitments to purchase.
- Investigative Audits:
Investigative audits are performed when required and are the result of alleged acts of fraud or other
misconduct. Alleged white-collar crime, misuse of University assets, and conflicts of interest are examples of reasons for an
investigative audit. Typically, Internal Audit works with other parties, both internal and external to the University. Usually, the
focus of Internal Audit's review is on internal controls, with the goal of determining whether or not internal controls were compromised.
- Information Systems Audits:
Information systems audits typically address general controls, focusing primarily on input controls,
output controls, processing controls, backup and recovery plans, data security, and hardware security.
All of these different types of audits are performed in accordance with the Standards for the Professional Practice of Internal
Auditing.
7. How does Internal Audit decide what to audit?
Typically, an audit is selected for review as a result of Internal Audit's annual audit plan, administrative requests (University
or System level), or allegations of fraud or other misconduct. Internal Audit's annual audit plan is developed based on a combination
of risk assessment, follow-up to previous audits, and mandated recurring audits.
8. Can I request an audit?
Yes, an audit can produce many benefits, and timing can be an important factor. If you have recently assumed new or additional supervisory
responsibilities, an audit can review administrative procedures to assess whether internal controls in that unit are adequate. It is also
beneficial to assess system controls and modified office procedures when new computer systems are being installed.
A periodic "checkup" to review your unit's administrative activity can help ensure that your procedures continue to comply with University
policy. An audit is an opportunity to receive an independent appraisal of the effectiveness and efficiency of your unit's administrative
activities.
Anyone within the University community can request an audit. You should coordinate the request with your Dean or supervisor. Your request
should be in writing and will be considered as a part of our risk assessment.
9. Why does each department need individual policy and procedures, in addition to the Permanent Memorandum (PM's) and
Administrative Policies (AP's)?
Each department should maintain its own departmental policy and procedures manual to ensure that:
- Continuity and consistency of operations occurs
- Efficiency in operations occurs
- Documentation of "what-to-do" or "what-should-be-done" exists
- Documentation of "how-to-do" exists
- Documentation of the handling of non-routine and/or infrequent processes exists
- Efficiency and effectiveness of training for new employees occurs.
On the other hand, Permanant Memorandum and Administrative Policies address university-wide issues
