1. Who does our GCSU Internal Auditor report to?
The Chief Audit Officer reports to the University President and the Board of Regents Chief Audit Officer and Associate Vice Chancellor for Internal Auditing.
2. How are departments and offices selected for audit?
See the Yearly Risk Assessment link. In summary, each year Internal Audit prepares an audit plan based on management input and an assessment of a unit's perceived audit risk. The risk assessment analysis has the following factors:
- Audit History which considers prior findings and/or the date of the last audit.
- Regulatory Compliance/Public Scrutiny which rates sponsor expectations.
- Reliance on Information Technology which considers system security and data accuracy vulnerabilities.
- Transaction Volume which determines the financial size of the area.
- Organization Change and Economic Transition which highlights areas adapting to change or that have had a period of transformation.
3. As a unit head, how may I request the services of the Internal Audit Department?
Management may contact the Chief Audit Officer, Rhonda Fowler, via telephone or email, to request services for an audit, special review, or advisory services. Your request will be reviewed, and to determine how to meet your needs and coordinate review activities based on current audit plan commitments.
4. What is audit planning?
It is a process by which a perceived risk is identified, management input is solicited, and a determination is made of what will be included in the review (i.e. audit scope). It includes assessing various university documents, discussing with management, establishing audit objectives, and developing a plan to share with applicable personnel.
5. How long do audits take?
It depends on the depth and scope of the engagement. Generally speaking, full-scope audits will take approximately two months.
6. How often are the departments reviewed?
The results of the risk analysis performed and the corresponding priority ranking for each auditable unit determines the frequency of reviews. The annual audit schedule is defined and reviewed by executive management with consideration of available audit resources. The audit plan is then submitted to the Board of Regents Internal Audit Office and approved by the Board of Regents.
7. Why are departments always under audit?
What may be interpreted as being under audit may not be the case. Auditors may be in departments to gather information, as part of another department's audit, to follow up on outstanding issues, or to perform a special review requested by management. Many university activities interrelate with other department activities and the audit scope frequently crosses departmental or divisional lines.
8. What can I do to facilitate the audit process?
Be honest and open; understand that the Office of Internal Audit and Advisory Services serves to assist you and your department by recommending solutions that may save your organization time and money while ensuring your operation has sound business practices and is in compliance with University, Board of Regents and State policies and procedures. Participate in the planning process and discussions to share opinions regarding areas of weakness and issues of concern, and to give an honest assessment of the anticipated effectiveness and feasibility of proposed suggestions for improvement.
9. What should I expect during an audit?
View the audit process link to get a detailed description of the audit steps.
10. Who receives an audit report?
Audit reports are distributed to the applicable department head, applicable executive management, the Associate Vice Chancellor for Internal Audit at the Board of Regents Internal Audit Office, and the State of Georgia Auditors.
11. Why are actions recommended that are not contained in campus policies or procedures?
Suggestions are designed to mitigate identified risks as a best practice even if university policy does not address the situation.
12. Why are there follow up activities when the audit was less than a year ago?
The progress of implementing audit recommendations is reported to the University management and the Board of Regents on a routine basis.
13. What if I become aware of fraud, waste or abuse?
The Office of Internal Audit and Advisory Services should be contacted should you become aware of these situations and would like to comment. You should contact the Chief Audit Officer at 478-445-3327 or email rhonda.fowler@gcsu.edu.
14. Where can I find the University document retention policy?
Please refer to the University System of Georgia Records Management Guidelines at http://www.usg.edu/records_management/. This document provides guidance on the minimum retention time for a particular record. The guidelines are organized into 14 categories and a search engine is provided for convenience.
15. Where can I find the University conflict of interest policy?
Please refer to the GCSU conflict of interest policy located in the GCSU Employee Handbook and on the Office of Legal Affairs website.
16. Where can I find GCSU purchasing card (P-card) policies and procedures?
The GCSU Policy Manual explains all GCSU policies and procedures including P-cards. Contact the Office of Administrative Services for additional details on P-cards.