I have been contacted by an external auditor and would like some assistance. Whom can I contact?
Our department is the liaison for external auditors. Contact us at (352) 392-1321 or firstname.lastname@example.org and we can provide assistance in compiling information, coordinating responses, etc.
Whom do I contact if I want assistance with business procedures or internal controls in my department?
We are happy to perform process walk-throughs, reviews of a specific process, general information about internal controls, or specialized training for your department. To request, contact us at (352) 392-1321 or email@example.com.
How can I recognize a well-developed control?
The following questions can be used to determine if a control is well-designed:
Does it help ensure funding, regardless of the source, is properly used?
Does it detect and/or prevent errors in a timely manner?
Does it reduce the risk of fraud, errors, waste or abuse?
Does it contribute to record and reporting accuracy?
Does it assist in meeting sponsored project performance deadlines for outcome reporting?
Does it foster confidence that funds are safeguarded and spent appropriately?
How can I simplify the internal control expectations?
Internal controls should be designed to meet three goals: effective and efficient operations, reliable reporting and compliance with laws, regulations and grant objectives. To accomplish this, ensure that the five components of internal control are addressed:
Control Environment: Leadership sets a top down expectation
Risk Assessment: Identify and analyze internal and external risks associated with the process
Control Activities: Policies and procedures that establish the control
Communication: People understand their role, the control, and the information necessary for the process is shared appropriately
Monitoring: There is a strategy for regular monitoring and testing to ensure the control for the process is taking place
What are some keys to great internal control practices?
How is a quality assurance review different than an audit?
This is not an audit, nor does it substitute for an audit! The purpose of our reviews is to provide, in a consultative manner, an objective evaluation of internal controls in the area and alert relevant employees to potential risks. A review is a proactive approach to monitoring internal controls and provide the opportunity to mitigate those risks before weaknesses are identified in an audit. A review helps answer the question “are we doing what we think we are doing?”
Why and how were we chosen to be reviewed?
Quality assurance and internal control reviews are selected using a risk assessment based on several variables, e.g., funding levels, complexity of transactions, etc.
How are we notified if we have been selected for a review?
You will receive an e-mail and/or a call from the Internal Controls and Quality Assurance department to let you know you were selected, find out the appropriate contacts throughout the review, and set up a time to meet.
How should we prepare for out review?
No special preparation is needed. The goal of our review is to obtain an understanding of your work processes and internal controls, while being as minimally disruptive to your normal work as possible. We will work with your team throughout the process to coordinate walk-throughs or request information if needed.
What kind of report will I receive?
Each department leader will receive a report that details conclusions and, if applicable, recommendations related to the various areas reviewed. We will have a meeting at the end of the review to discuss the report and are always available to provide consultation on potential improvements that might mitigate compliance risk.
What if I want to request a review?
We are always happy to provide proactive reviews and consultations with departments, regardless of the funding source. This could include a high-level process review, general evaluation of controls, reviews focused on specific processes, or other consultations to help your department. Please reach out to us at firstname.lastname@example.org with any requests.