Frequently Asked Questions

How are audits selected?

Internal Audit performs an annual risk assessment process which focuses on current and emerging risks.  The Audit Plan, prepared after seeking input from leadership, is presented to, and approved by the Stewardship Committee.

Back to Top

What is the difference between internal and external auditors?

Internal auditors are employees of the University.  Our scope of work serves the University by helping it accomplish its goals, enhance operations, improve risk management and internal controls.  Internal auditors focus on both financial and non-financial risks and controls.  Internal auditors provide University leadership and the Board with assurance on the University’s risk management and control processes.

Internal Audit follows the standards and guidelines of the Institute of Internal Auditors (IIA).  Internal Audit roles include monitoring, analyzing, and assessing risks and controls; reviewing and confirming compliance with policies, procedures, regulations, and laws; reviews to ensure accuracy of data; and, assessing current operations and procedures against best practices.

External auditors are often thought of as the independent accounting firm hired by the University to render an opinion on the financial statements each year.  Other external auditors could include government auditors who perform audit work related to determine compliance with regulations/laws, or non-University auditors hired to perform a specialized audit or review of a specific process or area.

Back to Top

What are internal controls, and who is responsible for them?

Internal controls are processes, systems, and/or policies and procedures put in place to provide reasonable assurance regarding the achievement of reliable financial reporting, effective and efficient operations, and compliance with laws and regulations.  Internal controls are anything we do or put in place to help us achieve our objective(s).  Examples of internal controls include locking your desk, or office space to ensure your belongings and other items are safeguarded and, using strong passwords to reduce the risk of your accounts being accessed by external parties.

In general, controls can be categorized as preventive or detective.  Preventive controls are aimed at preventing errors or irregularities from occurring.  Detective controls are designed to identify errors or irregularities after they have occurred.

Back to Top

What can I expect if Internal Audit identifies an observation/finding during the audit?

You can expect the auditor to discuss the observation with you to ensure the auditor has a thorough, accurate, and appropriate understanding of the issue.  Further, Internal Audit will partner with leadership within the department/unit being reviewed to develop an appropriate recommendation to enhance processes, mitigate, or transfer risk.

Back to Top

Who receives the audit report?

The final audit report is sent to University leadership as well as leadership within the area/department being audited.  The President, Provost, and Executive Vice President will be copied on each audit report.  Departmental leadership would typically include the Dean or Vice President, as well as appropriate administrative staff.  The Stewardship Committee will be provided with a summary of each audit report.

Back to Top

How long does an audit take?

Some audits take approximately two months, while others take approximately five months, depending on the size and complexity of the area under review. 

The majority of this time is spent by the auditor in our office performing reviews and analyses of data and information.  While we will request meetings, and make requests for data and documentation during the audit, we take your schedules into consideration as we strive to minimize interference with your day to day work.

Back to Top

Our Staff

Courtney Henry

Chief Internal Auditor
Villanova University
St. Mary's Hall