Washington State University units may, at any time, be the subject of an audit from either internal or external auditors, or both. External auditors may be from state or federal agencies, or a contracted party. An audit may be initiated due to statutory or contractual provision, by request or referral, or, as a result of a complaint or other communication. Types of audits include financial, compliance, program, federal, or specialized purpose (for example: fraud, ethics or abuse investigation, research compliance, or, an information technology review).
Except in the case of unannounced cash counts, units are generally notified prior to audits. Unannounced cash counts may be performed by Internal Audit, or by external auditors as part of their planned audit program.
In the event of contact by an auditor, the unit of contact should request identification that indicates the agency or organization name. A business card or letter of engagement with the auditor's name must be compared to a photo identification. Never release or provide access to any records without obtaining confirmation of identity and purpose. As soon as feasible after initial contact with an external auditor, unit administration should contact Internal Audit to ensure proper coordination of audit activities.
The University cooperates with and assists external auditors or investigators whose responsibilities involve examination and confirmation of University transactions and operations. As part of the coordination process, Internal Audit serves as liaison between central administrative offices, University departments, and external auditors or investigators.
In most cases, an internal auditor may attend the Entrance and/or Exit meeting/conference with the department and external auditor. Preliminary comments or response to specific audit findings may be required by University personnel. The Unit is to coordinate with Internal Audit the response to any findings communicated in audit memorandums or reports.
Internal auditors have no authority over the University operations being audited and are not responsible for any functions of University operating units. The objective of internal auditing is to assist all levels of management with the effective discharge of their responsiblities by furnishing them with analyses, appraisals, and recommendations concerning activities reviewed. University administrators are responsible for providing internal auditors access to all records, property, and personnel relevant to the subject under review.
Most audits, regardless of type or auditor, follow a general pattern for execution of the project. There is preliminary planning on the part of the auditor, an entrance meeting to discuss audit activity and expectations, audit fieldwork (testing, review of records, interviews, documentation, etc.), pre-exit or informal communication of results of review, and exit meeting that may include a report, memorandum or some other communication of results of review. See 'Auditor Interaction' for suggestions to consider when interacting with auditors.
In addition, here is a quick checklist of 'Do's and Don'ts for Interacting with Auditors':
Do
-
be honest and open
-
recognize they may be experts
-
realize they may not be subject experts
-
understand the purpose of the meeting and review related records prior to interviews
-
listen carefully and understand each question before answering
-
be sure responses are complete and accurate
-
keep answers simple and direct
-
limit comments to areas where you have 'first hand' knowledge
Do Not
-
speculate or answer hypothetical questions
-
agree or disagree with opinions
-
'ramble' or provide irrelevant information
-
get offended by 'why' questions
-
sign anything on behalf of the University
Resources
-
BPPM 30.12 - Internal Audits
-
BPPM 30.14 - External Auditors
-
Quick Reference Guide - Internal Controls