Auditing

Auditing

Frequently Asked Questions

What is the authority of the University Audit Department?
The University Audit Department receives its authority from the Audit Committee of the Yale Corporation. The authority includes full and unrestricted access to all personnel and departmental records while conducting audit activities. All information received by the audit department is held at the appropriate level of confidentiality.

How does the department gets selected to be audited?
There are several factors that affect what departments are selected to be audited. Internally, the Audit Department management assesses the degree of risk or exposure to loss any given department represents to the University. This assessment is used to weigh the order in which departments are selected. Audit requests also come from external sources. Departments sometimes contact us to request an audit if they feel they have a problem. We have also received anonymous phone calls. Senior management of the University frequently request our services as well.

How long does an audit typically take?
The length of time it takes to complete an audit varies significantly. Some take as little as a couple of weeks and others can take several months. The audit is a dynamic process, the scope of which can be expanded or reduced at any time depending on the findings.

What does the basic audit process involve?
An audit is broken down into four main parts. They are as follows:

  1. Planning: During this phase we gather various types of information from interviews with department personnel and from financial analyses we perform from the University Ledger. This information helps us get a clear understanding of the various functions of a department and establish the preliminary scope for the engagement.
  2. Fieldwork: This phase is where we begin spending a good deal of time "on site" in the department. We perform tests of various department transactions. The number of transactions tested varies from audit to audit depending on our scope. The transactions to be tested will be provided in advance so that department personnel have ample time to gather the information before our arrival.
  3. Reporting: The compilation phase. During this part of the audit we assemble any findings and/or suggestions in draft form for discussion with department management. As a result, some findings are resolved and some remain to be included as part of the "official" audit report.
  4. Follow-up: It is anticipated that all Audit Report and Management Letter comments will be followed up with the department approximately 6 months after the reports is issued.

What are the benefits of the audit process to my department?
The overall goal of our audit is to provide the department being reviewed with an assessment of their control environment and compliance with appropriate policies. A secondary goal of our review is to make recommendations, if necessary, that are aimed to improve the efficiency and/or accuracy by which certain procedures are performed. The Audit Department is uniquely qualified in this respect because it has broad exposure to the University and other departments and can therefore relate its experiences to the department being reviewed.

What information will I need to provide to the auditors?
Prior to our review, we submit an Initial Request for Information to the department. This request includes general department information which aids us in gaining an understanding of the department being reviewed. When we begin the fieldwork segment of our review the department will need to provide us with various detail supporting the transactions we are testing.

Will the audit interfere with normal workflow within my department?
Inevitably there will be some disruption within the department's daily schedule. However, we try to keep this disruption to a minimum and schedule our meetings with department personnel at their convenience.

Is all the information I provide to you confidential?
Yes. All information provided to us is held in the strictest confidence. The only people outside of Internal auditing who are privy to this information are the recipients of the audit report.

 

Last Updated: November 17, 2008 (vm).