1. What is internal auditing?
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bring a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal auditing is a catalyst for improving an organization's effectiveness and efficiency by providing insight and recommendations based on analyses and assessment of data and business processes.
Audit Services' work is conducted in accordance with standards and guidance promulgated by the Institute of Internal Auditors.
2. What types of services does Audit Services provide?
Audit Services provides assurance and consulting services related to risk management, governance and control.
3. What is an assurance engagement?
An assurance engagement involves an objective assessment of evidence to provide an independent opinion or conclusion regarding the subject matter being assessed, using a formalized methodology.
4. What are consulting services?
Consulting services may include participation in committees, provision of guidance on application controls for systems under development, as well as responding to ad-hoc inquiries from faculties and administrative units on University policies and internal control.
5. What types of assurance engagements does Audit Services perform?
Audit Services provides assurance services related to risk management, governance and control.
Risk management - Risk management audits are conducted to provide assurance that the major risks to the University's objectives are being identified, managed and reported appropriately.
Governance - Governance engagements focus on the University's ethics and values objectives, policies and procedures, organizational performance management and accountability processes.
Control - There are various types of audits of controls that can be conducted. These may include:
Control audits also include assessments of whether financial, managerial and operating information is accurate, reliable and timely and if quality performance and continuous improvement are fostered in control processes.
6. How does Audit Services select areas to audit?
Audit Services follows a three-year Audit Plan approved by the Audit and Risk Management Committee. The plan is developed based on risk assessment information obtained from consultations with senior management, information from prior audits and through a rotation schedule, as well as our own assessment of risks.
7. What is the difference between internal and external audit?
An internal audit is conducted by University of Manitoba employees of Audit Services, or by a firm hired by them. Internal audit's mission is to provide independent, objective assurance and consulting services designed to add value and improve University operations.
External auditors are employees of the Office of the Auditor General Manitoba, who conducts an annual audit on the University's financial statements for the purpose of providing an opinion as to whether the financial statements are free of material misstatements.
8. What does internal audit independence mean?
Though internal auditors are employees of the University, they must maintain complete independence with respect to the University units, and are not subject to restrictions in the scope of their work by senior or operating management. Our independence is ensured by the Audit Services Charter which provides for a functional reporting relationship to the Audit and Risk Management Committee.
9. What is the typical audit process?
A typical assurance engagement includes the following four stages:
10. What is risk management?
Risk is the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood. Source: Institute of Internal Auditors.
11. What is governance?
Governance is the combination of policies, processes and structures implemented to inform, direct, manage, and monitor the activities of the organization toward achievement of its objectives. Source: Institute of Internal Auditors.
12. What is control?
A control is any action taken by management, the Board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Source: Institute of Internal Auditors.
13. What is fraud and financial misconduct?
Please visit the What is Fraud and Financial Misconduct? webpage.