• Home
  • Login
  • Welcome to the Staff Intranet
YOU ARE HERE: Skip Navigation LinksEdinburgh Napier Staff Intranet > Service Depts > Governance & Compliance > Governance Services > Risk management > Internal Audit

​Internal Audit


What is Internal Audit?

The Institute of Internal Auditors (IIA) describes internal auditing as ".....an independent, objective assurance and consulting activity designed to add value and improve and organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes."

 

Why is Internal Audit important?

Internal audit helps the University achieve its strategic objectives by evaluating the management of risk. It also provides assurance to senior management and other key stakeholders that important risks have been evaluated and highlights where any improvements may be made.  The internal audit function is a critical part of top-level governance of any organisation and helps senior management to demonstrate that they are managing the organisation effectively.

 

How is the Internal Audit Plan agreed?

The internal audit plan is drafted by the University's internal audit providers and takes account of the following key areas:

 

  • The University's strategic and operational plans and objectives;
  • The University's top corporate risks;
  • Results of internal audit work completed in prior years;
  • External audit reports and plans;
  • Input from the Audit & Risk Committee; and
  • Discussions with senior management

The draft plan and timing of audits is discussed and agreed with ULT and it is presented to Audit and Risk Committee in June for final approval.


Who are our Internal Auditors?

The University's appointed internal auditors are PwC.

 

My area is subject to an internal review- what happens next?

The annual internal audit plan is designed to deliver a steady flow of reports to the Audit & Risk Committee. The timetable is shared with all the senior staff likely to be involved in the relevant audits.

 

Each audit will involve a Sponsor who will be a member of ULT (or equivalent) with overall responsibility for the area being audited, and a Co-ordinator or Audit Lead who will be a senior manager appointed by the Sponsor to lead the work internally.

 

The Sponsor will be asked to agree a detailed scope of work with the Auditors.  The Sponsor and Co-ordinator will meet with the auditors and provide access to such information and staff as the auditors might reasonably require.  The members of staff to be interviewed are normally agreed as part of the project scope and will include both providers and consumers or users of the services and processes being audited.

 

The fieldwork will normally take 10-15 days depending on the complexity of the area under review and will consist of a combination of face-to-face interviews with staff and review and analysis of key documentation. 

 

Process to finalise reports

A draft written report will be prepared and issued to the Project Sponsor (in the first instance) following the conclusion of each internal audit engagement. The Audit Sponsor will have the opportunity to provide comments on factual accuracy or any matters that are not appropriately reflected in the report and will also provide management comments including actions and timescales to address recommendations made in the report.  Once finalised and signed off by the Sponsor the report will be considered by ULT. 

 

Reports will be considered by the Audit & Risk Committee at its meeting after the report has been finalised and the Project Sponsor will be invited to the meeting to discuss the report, recommendations and actions arising.

 

What happens after the report has been considered by the Audit & Risk Committee?

The internal auditors manage the process of tracking actions using their customised actions tracking tool.  They will liaise directly with those responsible for delivery of actions to seek progress updates for Audit and Risk Committee and to agree whether the work undertaken to deliver actions has been delivered and whether recommendations can be considered complete and closed.

 

A tracking report which monitors the progress of recommendations is considered by ULT ahead of it being presented to Audit & Risk Committee.

 

How often does the Audit & Risk Committee meet?

The Audit & Risk Committee meets four times a year normally in October, November, March and June. 

 

If you would like to discuss any aspect of the internal audit process further or have any questions in relation to any of the above please contact Governance Services.



Edinburgh Napier University is a registered Scottish charity.
Registration number SC018373