What Is An Audit?
The word "audit" is traditionally defined as an examination of records or financial accounts to check their accuracy. In reality, the concept of auditing is much broader and deeper than this definition implies. Taking the above definition as an example, an audit does not end until answers are found to such questions as: How and why was the record created? How does it fit in to the activities of the organization as a whole? By what standard should accuracy be judged? If inaccuracy is detected, what was the cause? What were the effects on the organization and/or on other parties who relied on the accuracy of the record? How may the problem be corrected?
The definition above also implies that audits include only financial records and accounts, but in fact it is common for an audit to extend beyond financial considerations and also to include processes, in addition to records and accounts. Therefore, an audit may best be defined as an appraisal of organizational processes in light of the goals and objectives of that organization and/or the goals and objectives of an external group (such as a regulatory agency).
Internal audits primarily serve the interests of the organization being audited, and are usually performed by employees of the organization. The interests of the organization are always understood to include compliance with external regulations, laws, and expectations, but also encompass goals and objectives that are internal to the organization.
The goal of external audits is to report on the accuracy of the organization's financial reports and/or its compliance with external regulations, laws, and/or societal expectations. Such audits are necessarily performed by individuals or groups who are not employed by the organization being audited, and who are themselves employed by (or regulated by) the group or agency requiring the audit.
The University is subject to numerous external audits each year. It is important for University personnel to notify Internal Audit when external audits are scheduled.
Internal audits at the University of Memphis include risk-based audits, required audits, and follow-up audits.
- Risk-based: An audit scheduled by the Chief Audit Executive based on an assessment of relative risk for all the functional areas of the University.
- Required: An audit required to be performed periodically, usually annually, in order to assure compliance with a specified set of rules or regulations.
- Follow-up: An audit focused on the status of issues originating from the prior internal audit of the same activity.
Internal audits are usually pre-scheduled by the Chief Audit Executive, but may also be requested. The results of internal audits are reported to the Audit Committee and the President, as well as responsible managers, directors, and other University officials.
Non-audit projects usually focus on narrowly defined problems or activities, and are often performed at the request of the responsible manager or director. The goals of non-audit projects typically include:
Verifying and/or defining the scope of problems
Identifying causes and effects
Recommending workable solutions
The results of non-audit projects are usually reported only to the responsible managers or University officials.
Please contact us at UoM_Audit@memphis.edu or 901.678.2125 to discuss a possible project for internal audit or to find out more about this function of our department.