Frequently Asked Questions
How are audit areas selected?
How can I prepare my group for an audit?
Having documented policies and procedures will help ensure consistency across your operation and improve adherence to this university’s policies within your operation. Additionally, departments should always:
- Review and approve transactions before they are processed
- Reconcile accounts
- Monitor actual activities against amounts budgeted and having a firm grasp on variances
- Ensure assets are adequately safeguarded
- Prepare documents on a timely basis within the prescribed deadlines/timeframes
- File and retain documents in an organized fashion consistent with the department’s or the organizations record retention policies
- Segregate duties within a function such that no one person performs all the procedures from beginning to end within that business process
Who receives copies of audit reports?
Copies of audit reports are only shared with relevant members of management and distribution is limited. The university’s external accounting firm is also updated with the results of audits throughout the year.
Can a unit request Internal Audit services?
Any office or department at the university may request Internal Audit services or reach out to Internal Audit for assistance. Depending on the priorities, we may or may not be able to immediately accommodate your request, but will discuss your needs and expectations, and offer initial thoughts for your consideration.
Management should feel free to contact the Executive Director, UAS, with any audit requests or related concerns.
If I have information about a possible irregularity, violation, crime or concern, what should I do?
If you suspect a possible irregularity or have observed possible wrongdoing, you should report all concerns to your supervisor. In instances where you are uncomfortable with this approach or unable to report your concern to your supervisor, you may report concerns directly to internalaudit@andrew.cmu.edu.
If you wish to remain anonymous, or if all avenues have been exhausted and a sufficient response has not been received, visit the Carnegie Mellon Ethics Hotline webpage to learn how to confidentially report suspected unethical activity relating to financial matters.
What should I expect after the audit is complete?
IA will work with management to obtain periodic updates on action plans and observation remediation. Management should indicate during these updates when they are comfortable the item has been remediated and the action plan implemented. IA will then work with management to determine appropriate timing for validation testing to verify controls operate effectively.
How do I respond to audit findings?
Management responses should include a defined action plan to correct deficiencies, outlining both the responsible individual(s) and an expected date of completion. Estimated timelines for completion should provide a reasonable estimate for the remediation efforts to be completed and allow for timely corrective action. It is recommended that action plan timelines do no exceed 18 months.