Audit FAQs
Do we get a chance to respond to an audit?
Your input is welcome and considered throughout all stages of the review. Some audit types afford the client the opportunity to include a formal management action plan (MAP) in the final report, which outlines the steps the management intends to take to remediate the concerns noted in the review and the expected timeline to complete them.
How can I best work with the auditors at the University of Kentucky?
- Make all pertinent information, such as data, records, and technology resources available to the auditor(s). For the duration of the audit, record destruction of any kind must cease. Once UKIA considers the audit completed, the unit will be notified that normal document destruction practices may resume.
- Have personnel available for interviews, observations, or walkthroughs. If possible, provide a space where the audit consultants may work and conduct interviews. Please note that, in order to facilitate a thorough, accurate and objective review, all interviews conducted by UKIA – including who and what was communicated – are strictly confidential.
- Review the audit objectives presented for your unit in the announcement letter. Please feel free to ask questions if you do not understand why certain activities have been included or excluded.
- Share any related concerns you have with the auditor(s).
- Supply all requested information on a timely basis.
- Review the preliminary audit results that are communicated to you and recommend clarifications or corrections at that time.
- Implement an action plan to resolve observations/findings and monitor for compliance.
- As part of its Work Prioritization Plan, UKIA will return for a follow-up evaluation to check progress on remediating any findings noted during this initial review.
What does a typical audit include?
The audit process outlines the major steps of a typical audit performed by University of Kentucky Internal Audit (UKIA), including the associated communications.
What information does UKIA have access to?
In accordance with Internal Audit's Charter, signed by the University's President and the chair of the Board of Trustees, "all Internal Audit personnel have unlimited and unrestricted access to all data, records, files, property and personnel of the University."
What is Internal Audit's reporting structure?
UKIA’s staff report administratively to the president of the University of Kentucky and functionally to the Audit and Compliance Committee of the Board of Trustees.
What is the role of UK's external auditors?
External auditors are employees of public accounting firms who primarily perform the annual consolidated financial statements audit for the university. External auditors must provide a documented opinion stating whether the consolidated financial statements are fairly presented, "in all material respects."
What should I do if theft has occurred?
You should immediately report it to your supervisor. If you do not feel comfortable reporting the theft to your supervisor, you may report it anonymously to the Comply Line, UK Police or UKIA.
Who audits the Internal Audit Department?
Per the Standards of the Institute of Internal Auditors (IIA), peer quality assessment reviews (QAR) are required every five years. The peer review is conducted by an external committee assessing the effectiveness of the Internal Audit function. Visit here for more information about UKIA’s last QAR.
Who gets the final audit report?
A courtesy copy of the final audit report is first distributed to the client — the management of the unit being audited. A few days later, a courtesy copy of the final report is also sent to university administration and relevant stakeholders. The final report is distributed a few days after that to the Audit and Compliance Committee of the Board of Trustees.
Why were we selected for an audit?
Generally, units are selected for audits using a risk assessment framework that considers their perceived risk and/or impact on the university. However, recently, units have been selected due to elevated identified risk noted from prior reviews. Unplanned reviews are also conducted each year at the request of management and in response to reports submitted via the comply line or directly to Internal Audit.