Why does Northeastern University have an Audit & Advisory Services department?

University management is responsible for establishing and maintaining a system of internal controls. Audit & Advisory Services assists both management and the Board of Trustees, specifically the Audit & Risk Committee, in fulfilling their responsibilities by bringing a systematic disciplined approach to assessing the effectiveness of the design and execution of the system of internal controls and risk management processes. Audit & Advisory Services provides an objective assessment of internal controls. This provides University management, the Audit & Risk Committee, and external stakeholders with independent assurance that the University’s risks have been appropriately mitigated. Because internal auditors are experts in understanding organizational risks and internal controls available to mitigate these risks, they assist University management in understanding these topics and provide recommendations for improvements.

Why was my department selected?
Audit & Advisory Services chooses which departments to audit by using a risk-based approach. Some factors that are used to determine which departments to review include:

    • Time and results of the last audit
    • Complexity of the department
    • Volume of financial transactions
    • Degree of change or stability in the department
    • Federal & state regulations related to the department
    • Management concerns
    • Key IT applications and interfaces

What is the key difference of external audit compared to internal audit?
Internal and external auditors have mutual interests regarding the effectiveness of internal controls. However, major differences exist with regard to their relationships to the organization, and to their scope of work, and objectives. Internal auditors are part of the University. Their objectives are determined by professional standards, the Audit & Risk Committee, and University management. Audit & Advisory Services’ clients are University management and the Audit & Risk Committee. External auditors are not part of the University but are engaged by the University to provide an independent opinion on the organization’s financial statements, annually.

Audit & Advisory Services meets with the external auditors periodically to discuss common interests and gain an understanding of each other’s scope of work and methods. We also discuss audit coverage and scheduling to minimize redundancies, provide access to reports, programs and working papers, and jointly assess areas of risk.

What are internal auditors looking for?
Internal auditors focus on compliance with policies and the proper deployment of internal controls. Complying with these policies helps protect the University from unnecessary risks and ensure business practices adhere to University policies.

What can I expect during an audit?
Prior to the audit beginning, you will receive an audit announcement memo that lists the audit objectives and scope. The next step is an entrance meeting in which Audit & Advisory Services will review what to expect, and how much time will be needed to complete the audit. Following the entrance meeting, the audit team will set up appointments to meet with key personnel. These interviews with key personnel help us obtain a better understanding of processes and procedures in place in your department. Once these interviews are finished, the audit team will perform testing on the processes to ensure that controls and safeguards are in place. The results of the testing will be communicated to the key personnel involved, followed by a written report that will be sent out to all parties involved and presented to the Audit & Risk Committee.

How can I prepare for the audit?
Departments under review should ensure that staff is familiar with University policies and procedures. Audit management will meet with you before the audit begins to review expectations.

How can I provide feedback to the auditors?
A post-audit survey is provided. To access this survey, please click here.