University of Illinois System
Office of University Audits

Frequently Asked Questions

Why was I Selected to be Audited?

The University of Illinois System (System) conducts a regular, ongoing examination of its internal controls, and as part of this process, the Office of University Audits conducts approximately 60 audits annually. Primary considerations in establishing which units will be audited include evaluation of risk, the results of previous internal and external audits, and specific requests and other input by administrators. Audits for many high risk units are routinely scheduled, while other units are randomly selected for audits of their internal controls over their administrative processes. In addition, internal audits are initiated to investigate possible irregularities.

Why Might I Request an Audit?

An audit is an opportunity to receive an independent appraisal of the effectiveness and efficiency of your unit's administrative activities. The timing of an audit can be an important factor in maximizing the resulting benefits. If you have recently assumed new or additional supervisory responsibilities, an audit can review administrative procedures to assess whether internal controls in your unit are adequate and to provide suggestions to improve the efficiency and effectiveness of your unit’s administrative activities. Conversely, a periodic "checkup" to review your unit's administrative activity can help ensure that your procedures continue to provide the desired level of internal control and comply with University policy. It is also beneficial to assess system controls and new office procedures when computer systems are installed.

You may wish to coordinate an audit request with your Vice Chancellor's or Vice President’s office or submit a request for an audit directly to the Office of University Audits.

What Should I Expect When an Audit is Scheduled for my Unit?

Although unannounced audits are initiated where appropriate, typically a representative of the Office of University Audits will contact you to schedule a meeting to discuss the planned objective and scope of the review and the logistics of conducting the audit. At this initial meeting, you should take the opportunity to discuss any concerns or questions you may have about the audit, to identify any issues or areas of special concern that you would like the audit to address, and to determine how you can facilitate the audit process. A typical audit has several stages, including preliminary research; data collection (some by interview), analysis, and review; an exit conference; and preparation and distribution of an audit report. Control weaknesses identified during the audit will be noted in the audit report, and a follow-up review will subsequently be performed to determine whether corrective action has been taken.

How Long Will an Audit Take?

The audit team assigned to the audit of your unit will give you an estimate of the time anticipated to complete the audit. An audit will result in a certain amount of time being diverted from your unit’s usual routine, but every effort will be made to keep this disruption to a minimum. We appreciate your assistance and cooperation.

How Will Audit Findings be Reported?

The appropriate people will be kept appraised of the auditor's findings throughout the course of the audit. At the conclusion of the audit, you will be provided a draft of the audit report for your review before the final version is issued. You will also be given the opportunity to discuss the draft audit report at an exit conference with the audit team members.  Once the report content has been agreed to, those individuals responsible for implementing any corrective action will be asked to sign a copy of the report acknowledging their agreement to implement the corrective action.

Final audit reports are distributed to the President, Vice President and Chief Financial Officer, Vice President for Planning and Administration, the Chancellor on your university, the applicable Vice Chancellor, and the unit head and staff of the audited area as appropriate. In addition, the State of Illinois Auditor General has access to all audit reports. Audit reports and workpapers are exempt from external disclosure under the Illinois Freedom of Information Act.

What is Internal Control and Why is It Important?

Internal control is a process in which all System employees participate. It is designed to provide reasonable assurance to unit management that:

  • Management data used in decision making and reporting is reliable, accurate, and timely;
  • Assets are accounted for and safeguarded from loss;
  • Operations are effective and efficient; and
  • Compliance with applicable laws and regulations is at an acceptable level.

Internal controls are intended to:

  • prevent, or lessen the risk of, errors or irregularities;
  • identify problems; and
  • ensure that corrective action is taken.
     

What are Some Examples of Internal Controls?

Examples of common internal controls include:

  • policies and procedures (at the System, university, and unit level) that are communicated and that establish what should be done, how, and by whom;
  • approvals and authorizations that include a thorough review of supporting information to verify the propriety and validity of transactions;
  • verifications and reconciliations (e.g., review and reconciliation of Banner statements, petty cash verifications, comparison of budgeted to actual amounts);
  • supervision including training, keeping employees informed of new policies and procedures, and performance reviews;
  • safeguarding of assets (including passwords and other restricted information) against theft, destruction, deterioration, or misuse (for example by locking your office, depositing cash receipts timely, and limiting access to procurement cards); and
  • segregation of duties (dividing authorization, custody, and record keeping duties among different people so that someone can’t both perpetrate and conceal an error or irregularity).