Your Internal Audit service
The Institute of Internal Auditors defines internal
auditing as:
“an independent, objective assurance and consulting
activity designed to add value to and improve an
organisation’s operations. It helps an organisation
accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the
effectiveness of risk management, control and governance
processes”
HEFCE requires the University to have an internal
audit function; the University has decided to retain an
in-house team. In partnership with College Institute,
the University has established the Colchester and Essex
Internal Audit Consortium to provide an internal audit
service to both institutions.
The Internal Audit team
The team is comprised of 4 members of staff, employed
jointly by both institutions. The prime responsibility
of the Internal Audit team is to provide the
University’s council (via the Audit and Risk Management
Committee) and senior management, with assurance on the
adequacy and effectiveness of the University’s risk
management, control and governance arrangements.
The team is nominally attached to the Finance
Department but is completely separated from the
management and delivery of other services at the
University. This allows us to retain the objectivity and
independence needed to give an honest and fair opinion
on areas audited.
Our remit covers most areas of work that the
University undertakes, whether in academic departments
or professional services, and covers all campuses. The
annual internal audit plan (showing the areas being
reviewed in the coming year) is based on the
requirements of the University’s main funders and also
closely matches the University’s risk register.
A typical audit assignment
Although the exact format of an internal audit review
may vary (depending on the circumstances), a typical
audit will take place as follows:
- an
audit area is included in the annual plan;
- contact is made with
manager(s) who will be involved in the audit process and we meet with them to
discuss the work of the area involved;
- we plan the audit taking
into account the results of the University’s own risk management processes and
our own assessment of the University, its objectives and the risks associated
with its work;
- a draft Audit Assignment
Plan is drawn up, outlining the scope of the audit. This highlights the
principal objectives of the area to be reviewed and our initial view of the
threats that could prevent these from being achieved. The plan is discussed and
agreed with managers before the audit proceeds;
- we carry out the audit
fieldwork and testing. This involves discussions with staff and an evaluation of
the controls in place to address the threats identified, before deciding whether
to carry out more detailed audit testing (for example, sample testing, data
analysis, file reviews);
- at the end of the fieldwork
we meet with appropriate staff and their managers to discuss the factual
accuracy of the findings of the audit and discuss our recommendations for action
that could be taken to improve control;
- a written draft audit
report is then issued to managers involved in the audit, inviting comment and
feedback, agreeing recommendations made and relevant target dates for
implementation;
- a final report is then
produced and issued to the Audit and Risk Management Committee for discussion at
the next meeting; and
- we regularly follow up
whether the recommendations agreed with managers and included in the audit
report are being implemented to the agreed target dates. We then report back to
the Audit and Risk Management Committee on our findings.
Contact details.
- Audit office telephone – extn. 3893 (01206 873893)
Head of Internal audit:
Team members: