Frequently Asked Questions
Why was I Selected to be Audited?
The University of Illinois System (System) conducts a regular, ongoing examination of its
internal controls, and as part of this process, the Office of University
Audits conducts approximately 60 audits annually. Primary
considerations in establishing which units will be audited include
evaluation of risk, the results of previous internal and external
audits, and specific requests and other input by administrators. Audits
for many high risk units are routinely scheduled, while other units are
randomly selected for audits of their internal controls over their
administrative processes. In addition, internal audits are initiated to
investigate possible irregularities.
Why Might I Request an Audit?
An audit is an opportunity to receive an independent appraisal of the
effectiveness and efficiency of your unit's administrative activities.
The timing of an audit can be an important factor in maximizing the
resulting benefits. If you have recently assumed new or additional
supervisory responsibilities, an audit can review administrative
procedures to assess whether internal controls in your unit are adequate
and to provide suggestions to improve the efficiency and effectiveness
of your unit’s administrative activities. Conversely, a periodic
"checkup" to review your unit's administrative activity can help ensure
that your procedures continue to provide the desired level of internal
control and comply with University policy. It is also beneficial to
assess system controls and new office procedures when computer systems
are installed.
You may wish to coordinate an audit request with your Vice
Chancellor's or Vice President’s office or submit a request for an audit
directly to the Office of University Audits.
What Should I Expect When an Audit is Scheduled for my Unit?
Although unannounced audits are initiated where appropriate,
typically a representative of the Office of University Audits will
contact you to schedule a meeting to discuss the planned objective and
scope of the review and the logistics of conducting the audit. At this
initial meeting, you should take the opportunity to discuss any concerns
or questions you may have about the audit, to identify any issues or
areas of special concern that you would like the audit to address, and
to determine how you can facilitate the audit process. A typical audit
has several stages, including preliminary research; data collection
(some by interview), analysis, and review; an exit conference; and
preparation and distribution of an audit report. Control weaknesses
identified during the audit will be noted in the audit report, and a
follow-up review will subsequently be performed to determine whether
corrective action has been taken.
How Long Will an Audit Take?
The audit team assigned to the audit of your unit will give you an
estimate of the time anticipated to complete the audit. An audit will
result in a certain amount of time being diverted from your unit’s usual
routine, but every effort will be made to keep this disruption to a
minimum. We appreciate your assistance and cooperation.
How Will Audit Findings be Reported?
The appropriate people will be kept appraised of the auditor's
findings throughout the course of the audit. At the conclusion of the
audit, you will be provided a draft of the audit report for your review
before the final version is issued. You will also be given the
opportunity to discuss the draft audit report at an exit conference with
the audit team members. Once the report content has been agreed to,
those individuals responsible for implementing any corrective action
will be asked to sign a copy of the report acknowledging their agreement
to implement the corrective action.
Final audit reports are distributed to the President, Vice President
and Chief Financial Officer, Vice President for Planning and
Administration, the Chancellor on your university, the applicable Vice
Chancellor, and the unit head and staff of the audited area as
appropriate. In addition, the State of Illinois Auditor General has
access to all audit reports. Audit reports and workpapers are exempt
from external disclosure under the Illinois Freedom of Information Act.
What is Internal Control and Why is It Important?
Internal control is a process in which all System employees
participate. It is designed to provide reasonable assurance to unit
management that:
- Management data used in decision making and reporting is reliable, accurate, and timely;
- Assets are accounted for and safeguarded from loss;
- Operations are effective and efficient; and
- Compliance with applicable laws and regulations is at an acceptable level.
Internal controls are intended to:
- prevent, or lessen the risk of, errors or irregularities;
- identify problems; and
- ensure that corrective action is taken.
What are Some Examples of Internal Controls?
Examples of common internal controls include:
- policies and procedures (at the System, university, and unit level) that are communicated and that establish what should be done, how, and by whom;
- approvals and authorizations that include a thorough review of supporting information to verify the propriety and validity of transactions;
- verifications and reconciliations (e.g., review and reconciliation of Banner statements, petty cash verifications, comparison of budgeted to actual amounts);
- supervision including training, keeping employees informed of new policies and procedures, and performance reviews;
- safeguarding of assets (including passwords and other
restricted information) against theft, destruction, deterioration, or
misuse (for example by locking your office, depositing cash receipts
timely, and limiting access to procurement cards); and
- segregation of duties (dividing authorization, custody,
and record keeping duties among different people so that someone can’t
both perpetrate and conceal an error or irregularity).