Welcome to PSU's Internal Audit Department website. This website was developed to provide you with information about our department and the services we provide to the University. These pages will tell who we are, what we do, and how we can help you. We hope to demystify the role of Internal Audit and increase the lines of communication. If you have any suggestions, concerns, or questions about the department or need help in finding some specific information on our website, please feel free to call us at (620) 235-6167. We value your feedback.
A robust internal auditing department is beneficial to an organization on many levels. Our professionals help identify strengths and opportunities for improvement in the daily operations of a department or office, identify and communicate risk and risk exposure, offer solutions to improve efficiency, present catalysts for positive change and provide cost effective management advisory services.
Internal Audit
Jaime Dalton, Executive Director
Phone: 620-235-6167
Email: internalaudit@pittstate.edu
Internal Audit at Pittsburg State University is an independent, objective assurance and consulting activity designed to add value and improve the organization's operations. Internal Audit aims to assist Pittsburg State University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit assists university management and the Board of Regents Fiscal Affairs and Audit Standing Committee in identifying, avoiding, and mitigating risks.
The Internal Auditor strives to continually add value and mitigate risk through evaluations of the university’s operations. The Internal Auditor will partner with management to identify areas of risk and work collaboratively with management to improve processes, efficiencies, and the control environment. The Internal Auditor is concerned with any University activity where it can be of service to management, faculty, and staff.
We perform a wide range of audit services at the University, including: financial audits, compliance audits, operational audits, informational technology audits, consulting/advisory services, and special investigations. Most audits are integrated encompassing financial, operational, compliance and information technology audits. Should you have any questions or concerns regarding types of audits, we encourage you to contact us.
You hear that the auditors are coming to conduct an entrance conference or fieldwork at your department. You may ask,
The most successful audit projects are those in which you, the audit client, and Internal Audit have a constructive working relationship. Our objective is to have your continued involvement at every phase so you understand what we are doing and why, while trying to minimize disruptions of your daily activities.
Although every audit project is unique, the audit process is similar for most audits and consists of the same phases. There are five phases of our audit process, each one requiring the involvement from you, our audit client. In the annual audit plan phase, your supervisors, department chairs, deans, and executive management complete a risk assessment questionnaire. During planning, we work with you to understand and learn about your area so that we can develop step to evaluate the processes and controls currently in place. Fieldwork consists of specific testing steps we perform to identify whether the controls are mitigating the risks. Reporting of our results takes place through a transparent reporting process involving you, the audit client. Finally, follow-up is where we come back to you after a period of time to reassess the progress made against your agreed upon management responses. Each of the following sections describes the above phases in more detail.
Annual Audit Plan:Every other year we conduct a University-wide risk assessment in the spring. We interview the supervisors, department chairs, and deans of each department utilizing a standardized questionnaire. This questionnaire identifies specific risk criteria within six general areas of risk:
We have developed the questions to attempt to objective determine the amount of risk in the department relative to each risk criteria. Each individual criteria is given a score from one (low risk) to five (high risk) and the sum of all those scores determines the department’s risk ranking. We evaluate those departments with high-risk rankings and develop the annual audit plan. We present the proposed annual audit plan to the President and the Fiscal Affairs and Audit Committee of the Kansas Board of Regents for review and approval.
Planning:The planning phase is extremely important to the success of the overall audit. During the planning phase we:
It is during this phase that we gather relevant information about your department in order to obtain a general overview of your operations and internal controls and perform transaction testing. During fieldwork, we determine whether the controls identified are operating efficiently and are adequately controlling the risks identified during the planning phase. During the fieldwork we:
During the reporting phase, we schedule several meetings, preliminary close meetings and a final close meeting.
When the fieldwork is complete, we schedule the first preliminary closing meeting with you and your staff to discuss the audit results. During this meeting, we discuss our findings and recommendations. Typically, this information is in the format of a finding spreadsheet. This is an opportunity to help us better understand any results that require more context or to explain those we may have misinterpreted. Our recommendations are just that, recommendations based on our knowledge of the subject or a best practice we identified during our research of the audit area.
At the conclusion of this meeting, we request that you provide us with your management responses to our audit findings and suggested recommendations. Your management responses are usually required back to us within 2 weeks. Your management response is either:
As you can see, this meeting is very important because we seek your agreement or disagreement to each audit finding and recommendation, and your opinion as to the reasonableness of each recommendation. We do not want a recommendation of which the cost outweighs the risk. We want the recommendations to mitigate the risk identified but also for them to work with you, not against you.
Between the first and second preliminary meeting, we draft the audit report based on the information in the audit finding spreadsheet. At this point, we adjust the wording if necessary to make the report sound more like an audit report and less like a spreadsheet. We also give an overall opinion regarding the audit results. Once we receive your management responses, we include them in the draft audit report. We send you the draft report for your review.
Once we have received your management responses and you have reviewed the draft report, we meet with your direct supervisor to discuss the draft audit report. We discuss the audit findings, recommendations, and your management responses. We make any revisions recommended during the second preliminary close meeting to the draft audit report.
The final close meeting is very similar to the second preliminary meeting except the President and Vice President of your area are in the meeting to discuss the draft audit report. We discuss the audit findings, recommendations, and your management responses. At the conclusion of the meeting, we request the approval of the draft audit report. We receive the approval of the draft audit report via email. We change the draft report into a final report and send it electronically to you, your supervisor, your Vice President, and the President.
As part of our self-evaluations program, we ask you and/or your staff to comment on our performance. We send you an email with a link to our post-audit survey after the final close meeting. This survey helps our department evaluate our strengths and weaknesses and foster future improvements in our audit process.
Once a year in April or May, we perform audit follow up. During audit follow up, we send you an email requesting you provide us with the status of your management responses. We want to know if you have implemented the recommendations. Sometime we request more information from you to test whether you have completely implemented the recommendations. We create a report of the number of outstanding recommendations. The report is issued to the President.
As we have pointed out, during each phase in the audit process you have the opportunity to participate. There is no doubt that the process works best when we have a solid working relationship based on clear and continuing communication. Many departments extend this working relationship beyond the initial audit. Once we have worked with you on a project, we have an understanding of the unique characteristics of your department’s operations. As a result, we can help evaluate future changes or modifications in your operations.
External auditors are auditors who are not employed by the University and are performing an audit or review of any of the following:
When a department is notified by an external auditor about an upcoming audit or review, the department should:
Do's:
Don'ts:
Internal controls are broadly defined as processes, affected by an organization's people, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
Control Categories:
We believe everyone uses internal controls in their typical daily activities such as the following:
Most internal controls can be classified as preventive or detective. Preventive controls are designed to discourage errors or irregularities.
Detective controls are designed to identify an error or irregularity after it has occurred.
Internal Audit assists the University in maintaining effective controls by evaluating their effectiveness and efficiency, making recommendations for improved controls, and by promoting continuous improvement as part our internal auditing and consulting activity. Every employee play a role in either strengthening or weakening our University's internal control system.
Below is a list of typical best business practices in maintaining an effective control environment:
Internal Audit has been established at Pittsburg State University as an independent, objective assurance and consulting activity designed to add value and improve to the organization's operations. The objective of an internal audit activity is to help an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. To this end, internal auditing furnishes analysis, appraisals, recommendations, counsel, and information concerning the activities reviewed. The Internal Auditor is concerned with any phase of University activity where it can be of service to management.
Scope:The scope of activities of the Internal Auditor encompasses examining and evaluating the adequacy and effectiveness of the University’s systems of internal control and the operating efficiency of those controls against established higher education standards.
The responsibility of the Internal Auditor is to serve Pittsburg State University in a manner that is consistent with the International Standards for the Professional Practice of Internal Auditing and with professional standards of conduct such as the Code of Ethics of the Institute of Internal Auditors, Inc. This includes coordinating activities with other internal and external providers of assurance and consulting services to ensure proper coverage and minimize duplication of efforts in order to best achieve the audit objectives of the organization.
Internal Audit is an integral part of the University and reports directly to the President and indirectly to the Kansas Board of Regents. The Internal Auditor shall remain independent and objective with the ability to report directly to the Kansas Board of Regents Audit Committee any situation wherein the auditor perceives a conflict of interest with, or on the part of, the President’s involvement with the subject of an audit.
In performing audits, the Internal Auditor shall assert no direct responsibility or authority over the activities being reviewed. Therefore, the review and appraisal of an activity does not in any manner relieve other persons within the institution of responsibilities assigned to them.
The Internal Auditor is to be advised of all external auditors from firms and Federal or State agencies who are performing audits on University or related corporation records, systems, or procedures.
All University offices and employees are expected to cooperate fully with Internal Audit in the performance of its duties. The Internal Auditor shall have full, free, and unrestricted access to any and all University functions, records, personnel, and properties deemed relevant to the activity under review. Audits of related corporations will only be authorized by invitation only, as the University and any affiliated corporations are separate legal entities.
Updated and Approved 2/1/2007
The most important items needed form you for a successful audit are cooperation and good communication with us. Here are some specific examples of what you can do to facilitate the audit process:
PSU Internal:
Kansas:
External:
At Pittsburg State University, we believe that our core values of honesty, integrity, respect and cooperation, are not simply words written in a strategic plan or on a website page. They are something that we all live by each and every day while striving to provide transformational experiences for our students and the community.