Tufts University Logo SITE_NAME

Search  GO >

this site tufts.edu people
SITE_NAME SITE_NAME SITE_NAME  
 
SITE_NAME SITE_NAME 6

Frequently Asked Questions


What are internal controls and who is responsible for them?
Who are internal auditors?

Why does Tufts have an internal audit function?
What’s the difference between external and internal auditors?
What is Internal Control?
What are internal auditors looking for?
Can a department/unit request an audit?
What does a typical internal audit include?
Who will receive copies of the audit report?
What is the nature of consulting services that you provide?
How can I contact Audit & Management Advisory Services?

Return to Introduction to Services

What are Internal Controls and Who is Responsible for Them?
Internal control is defined as a process, designed to provide reasonable assurance regarding the achievement of objectives. Internal controls can be categorized as either accounting controls or administrative controls. Accounting controls are designed to safeguard University assets and ensure the accuracy of financial records. Administrative controls are designed to promote operational efficiency, effectiveness, and adherence to University policies and procedures. University management is responsible for designing and maintaining an adequate system of internal control. AMAS independently reviews and evaluates the adequacy of the system of internal controls and makes recommendations to management to improve these controls based on system testing and control analysis. For more information concerning internal controls, please refer to the training module “Concepts of Internal Controls” which is hosted on Absorb, the Tufts University on-line learning management system.

Return to top

Who are internal auditors?
As defined by the Institute of Internal Auditors (IIA), “internal auditors are “business generalists” who specialize in efficiency and effectiveness for the good of the organization.

Their roles include monitoring, assessing, and analyzing organizational risk and controls; and reviewing and confirming information and compliance with policies, procedures, and laws. Working in partnership with management, internal auditors provide the board, the audit committee, and executive management assurance that risks are held at bay and that the organization’s corporate governance is strong and effective. When there are opportunities for improvement anywhere within the organization, internal auditors make recommendations for enhancing processes, policies, and procedures.”

Return to top

Why does Tufts have an internal audit function?
AMAS exists by charter and Trustee by-law to assist university management and the Audit, Risk and Compliance Committee of the Board of Trustees in effectively fulfilling their responsibilities. We are charged with reviewing the reliability and integrity of information; compliance with policies, plans, laws, and regulations; the safeguarding of assets; and the economical and efficient use of resources.

Return to top

What’s the difference between external and internal auditors?
External auditors are independent of the university organization. The university enters into a contract with a public account firm to provide annual opinions on the accuracy of the university’s financial statements as presented. External auditors may also be government auditors that focus on university compliance with government regulations and the terms of grant and contract awards.

Internal auditors are an integral part of the university organization and provide ongoing monitoring and assessment of university operations. This includes evaluation of the adequacy of internal controls, the university’s level of compliance with government regulations, and the level of compliance with university policies and procedures by the various components of the university community.

Return to tReturn to top

What are internal auditors looking for?
Internal auditors are primarily concerned about compliance with an organization’s policies and procedures, risk assessment and the proper design of internal controls. Tufts’ policies and procedures are designed to help ensure its employees comply with applicable laws and regulations and operate their areas of responsibility efficiently and in alignment with the University’s key objectives.  As internal auditors, we are looking for opportunities to help management mitigate  operating, financial and compliance risks that could affect their areas of responsibility and ensure sound business practices are consistently observed throughout the University.  We also look for gaps in policies and procedures that could raise fraud risk and make recommendations to improve controls that will help prevent or detect fraudulent activities.

Return to top

Can a department/unit request an audit?
Yes. We take requests for audit engagements, although scheduling to perform the audit may be affected by our staffing levels, annual audit plan, or year-end deadlines. Nevertheless, if you are concerned about an area in your department, we will usually do our utmost to accommodate your request.

Return to top

What does a typical internal audit include?
Common elements of an internal audit engagement include:

  • Sending an introductory audit engagement and scope notice to the responsible individual(s) of the unit/department/area.
  • Scheduling an entrance meeting to obtain a better understanding of the audit areas of focus, discuss audit objectives, timing, and planned report distribution.
  • Evaluating the effectiveness (or existence) of internal control systems, compliance with policies and procedures, etc. often by testing certain transactions.
  • Documenting conclusions based on test results and other assessments
  • Reviewing audit issues and the draft audit report with responsible management and staff
  • Preparing and distributing the final audit report which generally include management’s responses to the suggested recommendations
  • Following up after several months to ensure all issues and control concerns raised in the audit report have since been addressed and determine if management implemented the agreed-to recommendations

Refer to Types of Audits and The Audit Process for more information.

Return to top

Who will receive copies of the audit report?
We send copies of audit reports to the individual responsible for the area under review and the individual’s direct supervisor, the VP for Finance, the Executive VP, Tufts’ external auditors and to others, depending on the area of audit focus. IT audit reports are also provided to the VP for Information Technology and CIO. Summaries of audit reports are provided three times per year to the Trustee Audit, Risk and Compliance Committee.

Return to top

What consulting services do you provide?
One type of consulting service that we can provide is helping department administrators identify any significant risks that might prevent their organizations from optimizing its resources or achieving its key objectives.  At other times we offer to help management review a proposed new policy or work flow from an internal control perspective,  or look for cost savings opportunities or revenue enhancements. Our methodology includes understanding and documenting how a particular process or administrative activity works, reviewing pertinent policies and procedures, identifying opportunities for improvement, and working together on viable and practical solutions. We also offer our services to any schools or divisions that are interested in developing their own risk registers in accordance with the methodology that has been adopted by the University.

Return to top

How can I contact Audit & Management Advisory Services?
E-mail: seth.kornetsky@tufts.edu
Phone: 617-627-2068
Web Page Address: http://sites.tufts.edu/amas/

Return to top

Return to Introduction to Services