What is internal auditing?

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It provides insight and recommendations for improving organizational effectiveness and efficiency based on analyses and assessment of data and business processes.

What types of services does Audit Services provide?

Audit Services provides assurance and consulting services related to risk management, governance, and control.

What is an assurance engagement?

An assurance engagement is an independent evaluation of key processes and controls using a formal audit methodology. These risk-based engagements are designed to verify and analyze processes, identify risks, and determine if controls are effective and efficient to achieve the intended objectives.

What are consulting services?

Consulting services are advisory in nature and are often initiated by management seeking advice. The nature and scope of these engagements are agreed upon with management. Services may include participation in committees, delivery of internal control training, and provision of advice to management about control design or concerns.

How does Audit Services select areas to audit?

Audit Services develops an audit plan annually outlining the proposed audit engagements for the year. The audit plan is reviewed and approved by the Audit & Risk Committee of the Board of Regents. Topics are selected using a risk-based assessment process with consideration of the University’s Enterprise Risk Management reporting, areas of institutional priority, prior audits/coverage, and input from senior management and Audit & Risk Committee members.

Can an area request an audit?

Yes. Audit Services will consider requests for audit and advisory/consulting services. The ability to perform the audit or advisory/consulting service will be dependent on the availability of staffing resources, the risk level of the area in question, Audit Services’ progress on the annual plan and other deadlines.

What is the difference between internal and external audit?

An internal audit is conducted by University of Winnipeg employees of Audit Services, or by a firm hired by Audit Services.

External auditors are employees of a contracted accounting firm who conduct an annual audit on the University's financial statements for the purpose of providing an opinion as to whether the financial statements are free of material misstatements.

What does internal audit independence mean?

Though internal auditors are employees of the University, Audit Services must maintain independence within the organization in order to carry out its responsibilities in an unbiased manner. This independence is outlined in the Internal Audit Charter which provides for a direct reporting relationship with the Audit & Risk Committee of the Board of Regents. Internal audit activity is required to be free from interference in determining the scope of internal auditing, performing the work, and communicating results.

What is risk management?

Risk management involves the risk identification, assessment, response, and control activities of an organization. Risk is the possibility of an event occurring that will have an impact on the achievement of objectives. It is measured in terms of impact and likelihood.  An entity evaluates the risk/reward trade-off of key risks and can respond to the risk by accepting, avoiding, or mitigating it. Mitigation involves sharing, transferring, or reducing risk with control activities. Source: Institute of Internal Auditors.

What is governance?

Governance is the combination of policies, processes and structures implemented to inform, direct, manage, and monitor the activities of the organization toward achievement of its objectives. Source: Institute of Internal Auditors.

What is internal control?

An internal control is any action taken by management, the Board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Control activities include implementation of policies and procedures, training, approvals, verifications, reconciliations, reviews of operational performance, physical security of assets, and segregation of duties.

Source:  COCO and Institute of Internal Auditors

What do I do if I have a concern regarding alleged fraud or financial misconduct at the University?

Generally it’s best to first contact your immediate supervisor to discuss your concerns. If you are not comfortable doing so, or continue to have concerns, you may contact Audit Services. Audit Services is responsible for participating in the investigation of suspected fraud and irregularities at the University. The Director of Audit Services also acts as the University’s Designated Officer for the purpose of The Public Interest Disclosure (Whistleblower) Act and related University of Winnipeg Protected Disclosure Policy. Please visit the Protected Disclosure website for more information, including how to make a confidential report.