Skip to main
University-wide Navigation

Do we get a chance to respond to an audit?

Your input is welcome and considered throughout all stages of the review. Additionally, some audit types afford the client the opportunity to include a formal Management Action Plan (MAP) in the final report, which outlines the steps the management intends to take to remediate the concerns noted in the review and the expected timeline to complete them.

How can I best work with the auditors at the University of Kentucky?

  1. Have personnel available for interviews, observations, or walkthroughs. If possible, provide a space where the audit consultants may work and conduct interviews.
  2. Review the audit objectives presented for your unit in this announcement letter. Please feel free to ask questions if you do not understand why certain activities have been included or excluded.
  3. Share any related concerns you have with the auditor(s).
  4. Make all pertinent information, such as data, records, and technology resources available to the auditor(s).
  5. Supply all requested information on a timely basis.
  6. Review the preliminary audit results that are communicated to you and recommend clarifications or corrections at that time.
  7. After the audit is completed, implement a management action plan. This plan will be reviewed with UKIA but will not be included in the report.
  8. Monitor activity for compliance with your management action plan.
  9. As part of its Work Prioritization Plan, UKIA will return for a follow-up evaluation to check progress on remediating any findings noted during this initial review.

What does a typical audit include?

The Audit Process outlines the major steps of a typical audit performed by the University of Kentucky Internal Audit (UKIA) department and the associated communication.

What information does UKIA have access to?

In accordance with Internal Audit's Charter, signed by the University's President and the chair of the Board of Trustees, "all Internal Audit personnel have unlimited and unrestricted access to all data, records, files, property and personnel of the University."

What is Internal Audit's reporting structure?

UKIA’s staff report administratively to the president of the University of Kentucky and functionally to the Audit and Compliance Committee of the Board of Trustees.

What is the role of UK's External Auditors?

External auditors are employees of public accounting firms who primarily perform the annual consolidated financial statements audit for the university. External auditors are charged with providing a documented opinion stating whether or not the consolidated financial statements are fairly presented, "in all material respects."

What should I do if theft has occurred?

You should immediately report it to your supervisor. If you do not feel comfortable reporting the theft to your supervisor, you may report it anonymously to the Comply LineUK Police or UKIA. Supervisors reporting thefts at UK should follow UK's Business Procedure Manual E-2-9.

Who audits the Internal Audit Department?

Per the Standards of the Institute of Internal Auditors (IIA),  peer Quality Assessment Reviews (QAR) are required every five years. The peer review is conducted by an external committee assessing the effectiveness of the Internal Audit function. Visit here for more information about UKIA’s last QAR.

Who gets the final audit report?

A courtesy copy of the final audit report is first distributed to the client – the management of the unit being audited.. A few days later, a courtesy copy of the final report is also sent to university administration and relevant stakeholders. The final report is distributed a few days after that to the Audit and Compliance Committee of the Board of Trustees.

Why were we selected for an audit?

Generally, units are selected for audits using a risk assessment framework that considers their perceived risk and/or impact on the university. However, recently, units have been selected due to elevated identified risk noted from prior reviews. Unplanned reviews are also conducted each year at the request of management and in response to reports submitted via the comply line or directly to Internal Audit.