Auditing Reference Info
List of links related to University Auditing
- ACUA (Association of College and University Auditors)
- NCURA (National Council of University Research Administrators)
- NACUBO (National Association of College and University Business Officers)
- SRA (Society of Research Administrators) International
- FASB (Financial Accounting Standards Board)
- AICPA (American Institute of Certified Public Accountants)
- ACFE (Association of Certified Fraud Examiners)
- ISACA (Information Systems Audit and Control Association)
Frequently Asked Questions
The University Audit Department receives its authority from the Audit Committee of the Yale Corporation. The authority includes full and unrestricted access to all personnel and departmental records while conducting audit activities. All information received by the audit department is held at the appropriate level of confidentiality.
There are several factors that affect what departments are selected to be audited. Internally, the Audit Department management assesses the degree of risk or exposure to loss any given department represents to the University. This assessment is used to weigh the order in which departments are selected. Audit requests also come from external sources. Departments sometimes contact us to request an audit if they feel they have a problem. Senior management of the University frequently request our services as well.
The length of time it takes to complete an audit varies significantly. Some take as little as a couple of weeks and others can take several months. The audit is a dynamic process, the scope of which can be expanded or reduced at any time depending on the findings.
An audit is broken down into four main parts. They are as follows:
- Planning: During this phase we gather various types of information from interviews with department personnel and from financial analyses we perform from the University Ledger. This information helps us get a clear understanding of the various functions of a department and establish the preliminary scope for the engagement.
- Fieldwork: This phase is where we begin spending a good deal of time “on site” in the department. We perform tests of various department transactions. The number of transactions tested varies from audit to audit depending on our scope. The transactions to be tested will be provided in advance so that department personnel have ample time to gather the information before our arrival.
- Reporting: The compilation phase. During this part of the audit we assemble any findings and/or suggestions in draft form for discussion with department management. As a result, some findings are resolved and some remain to be included as part of the “official” audit report.
- Follow-up: It is anticipated that all Audit Report and Management Letter comments will be followed up with the department.
The overall goal of our audit is to provide the department being reviewed with an assessment of their control environment and compliance with appropriate policies. A secondary goal of our review is to make recommendations, if necessary, that are aimed to improve the efficiency and/or accuracy by which certain procedures are performed. The Audit Department is uniquely qualified in this respect because it has broad exposure to the University and other departments and can therefore relate its experiences to the department being reviewed.
Prior to our review, we submit an Initial Request for Information to the department. This request includes general department information which aids us in gaining an understanding of the department being reviewed. When we begin the fieldwork segment of our review the department will need to provide us with various detail supporting the transactions we are testing.
Inevitably there will be some disruption within the department’s daily schedule. However, we try to keep this disruption to a minimum and schedule our meetings with department personnel at their convenience.
Yes. All information provided to us is held in confidence. The only people outside of Internal auditing who are privy to this information are the recipients of the audit report.