Frequently Asked Questions – Tufts Audit and Management Advisory Services

What are internal controls and who is responsible for them?
Who are internal auditors?
Why does Tufts have an internal audit function?
What’s the difference between external and internal auditors?
What is Internal Control?
What are internal auditors looking for?
Can a department/unit request an audit?
What does a typical internal audit include?
Who will receive copies of the audit report?
What is the nature of consulting services that you provide?
How can I contact Audit & Management Advisory Services?

Return to Introduction to Services

What are Internal Controls and Who is Responsible for Them?
Internal control is defined as a process, designed to provide reasonable assurance regarding the achievement of objectives. Internal controls can be categorized as either accounting controls or administrative controls. Accounting controls are designed to safeguard University assets and ensure the accuracy of financial records. Administrative controls are designed to promote operational efficiency, effectiveness, and adherence to University policies and procedures. University management is responsible for designing and maintaining an adequate system of internal control. AMAS independently reviews and evaluates the adequacy of the system of internal controls and makes recommendations to management to improve these controls based on system testing and control analysis.

Return to top

Who are internal auditors?
As defined by the Institute of Internal Auditors (IIA), “internal auditors are “business generalists” who specialize in efficiency and effectiveness for the good of the organization.

Their roles include monitoring, assessing, and analyzing organizational risk and controls; and reviewing and confirming information and compliance with policies, procedures, and laws. Working in partnership with management, internal auditors provide the board, the audit committee, and executive management assurance that risks are held at bay and that the organization’s corporate governance is strong and effective. When there are opportunities for improvement anywhere within the organization, internal auditors make recommendations for enhancing processes, policies, and procedures.”

Return to top

Why does Tufts have an internal audit function?
AMAS exists by charter and by-law to assist university management and the Audit Committee of the Board of Trustees in effectively fulfilling their responsibilities. We are charged with reviewing the reliability and integrity of information; compliance with policies, plans, laws, and regulations; the safeguarding of assets; and the economical and efficient use of resources.

Return to top

What’s the difference between external and internal auditors?
External auditors are independent of the university organization. The university enters into a contract with a public account firm to provide annual opinions on health and strength of the university’s financial statements to ensure the information presented accurately portrays Tufts’ financial condition. External auditors may also be government auditors that focus on university compliance with government regulations and grant award terms.

Internal auditors are an integral part of the university organization and provide ongoing monitoring and assessment of university operations. This includes evaluation of the adequacy of internal controls, the university’s level of compliance with government regulations, and the level of compliance with university policies and procedures by the various components of the university community.

Tufts’ policies are designed to help ensure employees comply with applicable laws and regulations and efficiently and effectively manage their areas of responsibility. By following university policies, we help protect the university from unnecessary risks and ensure sound business practices are consistent throughout the university.

Return to top

What is Internal Control?
Internal control is defined as a process, designed to provide reasonable assurance regarding the achievement of objectives. Internal controls can be categorized as either accounting controls or administrative controls. Accounting controls are designed to safeguard University assets and ensure the accuracy of financial records. Administrative controls are designed to promote operational efficiency, effectiveness, and adherence to University policies and procedures. University management is responsible for designing and maintaining an adequate system of internal control. AMAS independently reviews and evaluates the adequacy of the system of internal controls and makes recommendations to management to improve these controls based on discussions with clients, system testing and control analysis.

Return to top

What are internal auditors looking for?
Internal auditors are primarily concerned with compliance with policies and the proper deployment of internal controls. Tufts’ policies are designed to help ensure its employees comply with applicable laws and regulations and operate their areas of responsibility efficiently. By following these policies, we help protect the University from unnecessary risks and ensure sound business practices are consistent throughout the University.

Return to top

Can a department/unit request an audit?
Yes. We take requests for audit work, although our ability to perform the audit may be affected by our staffing levels, annual audit plan, or year-end deadlines. Nevertheless, if you are concerned about an area in your department, we will try to schedule time for a review.

Return to top

What does a typical internal audit include?
Common elements of an internal audit engagement include:

Sending an introductory audit scope letter to the responsible individual(s) of the unit/department/area.
Scheduling an entrance meeting to discuss audit objectives, timing, and intended report distribution.
Evaluating internal control systems
Testing to ensure proper operation of internal control systems
Developing conclusions based on test results and other assessments
Reviewing audit issues and draft audit reports with management and staff
Preparing and distributing an audit report which generally include management’s responses to the issues identified
Following up to ensure all issues raised in audit reports have been addressed

Check out Types of Audits and The Audit Process for more information.

Return to top

Who will receive copies of the audit report?
We send copies of audit reports to the individual responsible for the area under review and his or her direct supervisor, the VP for Finance, the Executive VP, Tufts’ external auditors and to others, depending on the area of audit focus. IT audit reports are also provided to the VP for Information Technology and CIO. Summaries of audit reports are periodically provided to the Audit Committee of the Tufts Board of Trustees.

Return to top

What is the nature of consulting services that you provide?
One type of consultant service that we can provide is helping department administrators identify any significant risks that might prevent their organizations from optimizing its resources or achieving its key objectives. At other times we offer to help management resolve an operational bottleneck or look for cost savings opportunities or revenue enhancements. Our methodology includes understanding and documenting how a particular process or administrative activity works, reviewing pertinent policies and procedures, identifying opportunities for improvement, and working together on viable and practical solutions.

Return to top

How can I contact Audit & Management Advisory Services?
E-mail: seth.kornetsky@tufts.edu
Phone: 617-627-2068
Web Page Address: http://sites.tufts.edu/amas/

Return to top

Return to Introduction to Services

			Search GO > this site tufts.edu people

	Welcome About Us Letter from the Director Mission Charter Staff and Organization Internal Auditing Introduction to Services Tips for a Smooth Audit Types of Audits The Audit Process Online Risk Assessment AMAS Internal Control Awareness Award Controls & Compliance Internal Controls Institutional Compliance Ethical Business Conduct Fraud Prevention IT Security Resources Best Practices Management Resources Student Resources News & Links Audit Newsletter Tufts Links External Links Contact Us
	Internal Auditing Introduction to Services Mission Charter Frequently Asked Questions EthicsPoint Hotline Tips for a Smooth Audit Types of Audits The Audit Process Online Risk Assessment AMAS Internal Control Awareness Award	Frequently Asked Questions What are internal controls and who is responsible for them? Who are internal auditors? Why does Tufts have an internal audit function? What’s the difference between external and internal auditors? What is Internal Control? What are internal auditors looking for? Can a department/unit request an audit? What does a typical internal audit include? Who will receive copies of the audit report? What is the nature of consulting services that you provide? How can I contact Audit & Management Advisory Services? Return to Introduction to Services What are Internal Controls and Who is Responsible for Them? Internal control is defined as a process, designed to provide reasonable assurance regarding the achievement of objectives. Internal controls can be categorized as either accounting controls or administrative controls. Accounting controls are designed to safeguard University assets and ensure the accuracy of financial records. Administrative controls are designed to promote operational efficiency, effectiveness, and adherence to University policies and procedures. University management is responsible for designing and maintaining an adequate system of internal control. AMAS independently reviews and evaluates the adequacy of the system of internal controls and makes recommendations to management to improve these controls based on system testing and control analysis. Return to top Who are internal auditors? As defined by the Institute of Internal Auditors (IIA), “internal auditors are “business generalists” who specialize in efficiency and effectiveness for the good of the organization. Their roles include monitoring, assessing, and analyzing organizational risk and controls; and reviewing and confirming information and compliance with policies, procedures, and laws. Working in partnership with management, internal auditors provide the board, the audit committee, and executive management assurance that risks are held at bay and that the organization’s corporate governance is strong and effective. When there are opportunities for improvement anywhere within the organization, internal auditors make recommendations for enhancing processes, policies, and procedures.” Return to top Why does Tufts have an internal audit function? AMAS exists by charter and by-law to assist university management and the Audit Committee of the Board of Trustees in effectively fulfilling their responsibilities. We are charged with reviewing the reliability and integrity of information; compliance with policies, plans, laws, and regulations; the safeguarding of assets; and the economical and efficient use of resources. Return to top What’s the difference between external and internal auditors? External auditors are independent of the university organization. The university enters into a contract with a public account firm to provide annual opinions on health and strength of the university’s financial statements to ensure the information presented accurately portrays Tufts’ financial condition. External auditors may also be government auditors that focus on university compliance with government regulations and grant award terms. Internal auditors are an integral part of the university organization and provide ongoing monitoring and assessment of university operations. This includes evaluation of the adequacy of internal controls, the university’s level of compliance with government regulations, and the level of compliance with university policies and procedures by the various components of the university community. Tufts’ policies are designed to help ensure employees comply with applicable laws and regulations and efficiently and effectively manage their areas of responsibility. By following university policies, we help protect the university from unnecessary risks and ensure sound business practices are consistent throughout the university. Return to top What is Internal Control? Internal control is defined as a process, designed to provide reasonable assurance regarding the achievement of objectives. Internal controls can be categorized as either accounting controls or administrative controls. Accounting controls are designed to safeguard University assets and ensure the accuracy of financial records. Administrative controls are designed to promote operational efficiency, effectiveness, and adherence to University policies and procedures. University management is responsible for designing and maintaining an adequate system of internal control. AMAS independently reviews and evaluates the adequacy of the system of internal controls and makes recommendations to management to improve these controls based on discussions with clients, system testing and control analysis. Return to top What are internal auditors looking for? Internal auditors are primarily concerned with compliance with policies and the proper deployment of internal controls. Tufts’ policies are designed to help ensure its employees comply with applicable laws and regulations and operate their areas of responsibility efficiently. By following these policies, we help protect the University from unnecessary risks and ensure sound business practices are consistent throughout the University. Return to top Can a department/unit request an audit? Yes. We take requests for audit work, although our ability to perform the audit may be affected by our staffing levels, annual audit plan, or year-end deadlines. Nevertheless, if you are concerned about an area in your department, we will try to schedule time for a review. Return to top What does a typical internal audit include? Common elements of an internal audit engagement include: Sending an introductory audit scope letter to the responsible individual(s) of the unit/department/area. Scheduling an entrance meeting to discuss audit objectives, timing, and intended report distribution. Evaluating internal control systems Testing to ensure proper operation of internal control systems Developing conclusions based on test results and other assessments Reviewing audit issues and draft audit reports with management and staff Preparing and distributing an audit report which generally include management’s responses to the issues identified Following up to ensure all issues raised in audit reports have been addressed Check out Types of Audits and The Audit Process for more information. Return to top Who will receive copies of the audit report? We send copies of audit reports to the individual responsible for the area under review and his or her direct supervisor, the VP for Finance, the Executive VP, Tufts’ external auditors and to others, depending on the area of audit focus. IT audit reports are also provided to the VP for Information Technology and CIO. Summaries of audit reports are periodically provided to the Audit Committee of the Tufts Board of Trustees. Return to top What is the nature of consulting services that you provide? One type of consultant service that we can provide is helping department administrators identify any significant risks that might prevent their organizations from optimizing its resources or achieving its key objectives. At other times we offer to help management resolve an operational bottleneck or look for cost savings opportunities or revenue enhancements. Our methodology includes understanding and documenting how a particular process or administrative activity works, reviewing pertinent policies and procedures, identifying opportunities for improvement, and working together on viable and practical solutions. Return to top How can I contact Audit & Management Advisory Services? E-mail: seth.kornetsky@tufts.edu Phone: 617-627-2068 Web Page Address: http://sites.tufts.edu/amas/ Return to top Return to Introduction to Services Tufts EthicsPoint Hotline 1-866-384-4277 Tufts EthicsPoint Important Links Tufts Business Conduct Policy University Policies and Procedures
Tufts \| InsideTufts \| Directions \| Find People \| Contact Copyright © 2012 Tufts University