Washington State University units may, at any time, be the subject of an audit from either internal or external auditors, or both. External auditors may be from state or federal agencies, or a contracted party. An audit may be initiated due to statutory or contractual provision, by request or referral, or as a result of a complaint or other communication. Types of audits include financial, compliance, program, federal, or specialized purpose (for example: fraud, ethics or abuse investigation, research compliance or information technology review).
Initial Audit Contact
Except in the case of unannounced cash counts, units are generally notified prior to audits. Unannounced cash counts may be performed by Internal Audit or by external auditors as part of their planned audit program.
In the event of contact by an auditor, the unit being contacted should request identification that indicates the agency or organization name. A business card or letter of engagement with the auditor’s name must be compared to a photo identification. Never release or provide access to any records without obtaining confirmation of identity and purpose. As soon as feasible after initial contact with an external auditor, unit administration should contact Internal Audit to ensure proper coordination of audit activities.
The University cooperates with and assists external auditors or investigators whose responsibilities involve examination and confirmation of University transactions and operations. As part of the coordination process, Internal Audit serves as liaison between central administrative offices, University departments, and external auditors or investigators.
In most cases, an internal auditor may attend the entrance and/or exit meeting/conference with the department and external auditor. Preliminary comments or response to specific audit findings may be required by University personnel. The Unit must coordinate with Internal Audit their response to any findings prior to submission to the external auditor.
Internal auditors must maintain their independence and objectivity in all services provided. Accordingly and by design, internal auditors do not have authority over the University operations being audited and are not responsible for any functions of University operating units. The objective of internal auditing is to assist all levels of management with the effective discharge of their responsibilities by furnishing them with analyses, appraisals and recommendations concerning activities reviewed. University administrators are responsible for providing internal auditors access to all records, property and personnel relevant to the subject under review.
Most audits, regardless of type or auditor, follow a general pattern for execution of the project. See General Audit Process for the general stages of audit projects.
In addition, here is a quick checklist of “Do’s and Don’ts” to keep in mind when working with Auditors:
- be honest and open
- recognize they may be experts
- realize they may not be subject experts
- understand the purpose of the meeting and review related records prior to interviews
- listen carefully and understand each question before answering
- be sure responses are complete and accurate
- keep answers simple and direct
- limit comments to areas where you have firsthand knowledge
- speculate or answer hypothetical questions
- agree or disagree with opinions
- ramble or provide irrelevant information
- get offended by “why” questions
- sign anything on behalf of the University
- BPPM 30.12 – Internal Audits
- BPPM 30.14 – External Auditors
- Reference Guide – Internal Controls