Frequently Asked Questions
Questions
- What are internal controls?
- What is an internal audit?
- What is management's responsibility regarding internal controls?
- How do I evaluate my department's internal controls to ensure they are appropriate?
- What are the benefits of an audit to my department?
- What should I expect during an audit?
- How can I prepare for an audit?
- May I request an audit?
- Who will receive the audit report of my department?
- What is the difference between internal auditors and external auditors?
- Where do I report a concern about a business ethics matter that I would like to discuss with someone, but I am concerned that my colleagues or supervisors may learn that I raised this concern? What should I do?
What are internal controls?
Internal controls are processes within the College designed to provide reasonable assurance that certain things happen the way we want them to:
- Reliability and integrity of information
- Compliance with policies, plans, procedures, laws, regulations and contracts
- Safeguarding of assets
- Effectiveness and efficiency of operations
Internal Control consists of five interrelated components as follows:
- Control Environment: Sets the foundation upon which all other components of internal control are based, and sets the tone for an educational institution. Factors include sound integrity and ethical values which are part of the College's standard of conduct
- Risk Assessment: Involves identification and analysis of risks.
- Control Activities: Control policies and procedures which help ensure achievement of the College's mission and strategic objectives.
- Information and communication: Systems that identify, capture, process and distribute information.
- Monitoring: Internal controls need to be monitored to assess the quality of performance.
What is an internal audit?
According to the Institute of Internal Auditors, internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
What is management's responsibility regarding internal controls?
The management of every department/function is responsible for establishing and monitoring internal controls which are required to support the achievement of their goals and objectives. The monitoring process is essential to ensure that internal controls are effective and they continue to mitigate the department’s risks.
How do I evaluate my department's internal controls to ensure they are appropriate?
Internal Controls Services has designed a self-assessment tool to help departments to perform an internal evaluation of their own processes and controls. The tool is called Dartmouth Operations Self-Assessment (DOSA).
What are the benefits of an audit to my department?
The overall benefit of an audit is that it supports the achievement of a department's objectives. Depending on the type of audit, there are specific benefits that could be gained from the completion of an audit.
- Internal audit can provide recommendations that will help you administer your processes and procedures in a more effective and efficient manner, ensure the reliability of information and improve your department’s compliance with external regulations and Dartmouth policies and procedures.
- An independent appraisal of your processes can provide better insights on areas which were hitherto not considered high risk by your department.
- The contents of an audit report are usually specific to the area being reviewed and they provide a basis for management to make value adding decisions that may be strategic to their department.
- If you have recently assumed new or additional supervisory responsibilities, an audit of the department can help to determine whether internal controls in your new department are adequate. Audit is also beneficial when new computer systems are installed to assess their controls and procedures.
What should I expect during an audit?
There are four processes to an audit at the College:
- Planning: At this stage is to obtain necessary internal and external information and to then create an audit work paper templates.
- Field Work: Auditors schedule times to interview responsible individuals and randomly select test samples for evaluation by gathering documentations and assessing such information.
- Reporting: The final report goes to the manager of the audited department. It will be kept confidential in the Internal Controls Services office.
- Follow-up: Depending on the nature of the audit and the level of risk of audit findings, follow-up audit(s) may be performed to determine the status of audit findings and actions taken by management.
How can I prepare for an audit?
For scheduled audits, Internal Controls Services will communicate in advance to the department and senior management (either through electronic mail or by phone) about an upcoming audit. After being notified, the department can prepare for an audit by doing the following (not a comprehensive list):
- Make ready for release to the audit team, the department’s organization chart, list of key personnel and their job descriptions, process flowcharts, operating policies and procedures and training records for employees.
- If applicable, make available the copies of recent external audit reports completed on your department within the audit period.
- Inform the department staff about the upcoming audit and encourage full cooperation with the audit team.
- If applicable, assign areas of the audit scope to key employees so they can effectively plan and prepare to respond to audit requests.
- Contact the audit team, in a timely manner, if you have questions or comments about the upcoming audit.
May I request an audit?
You may contact the Internal Controls Services if you feel you are a good candidate for an audit. Depending on the urgency of the request and our availability, we might be able to schedule you for an audit in the current year. More likely, your request will be put on a list of potential audits for the following fiscal year. When we create our annual audit plan at the beginning of the following fiscal year, we will consider your group along with other groups who requested audits or who were identified as potential audit areas.
Who will receive the audit report of my department?
Internal Controls Services will send a draft audit report to the Director(s)/Manager(s) directly responsible for the department being audited for their reviews and feedbacks. Once this process is completed, the final audit report is sent to the recipients of the draft report and their supervisors (e.g. Vice Presidents, Deans, Department Chairs, etc.). In addition, copies of audit reports (including summary) are sent to the CFO and other officer(s) of the College who are deemed appropriate to receive the report.
What is the difference between internal auditors and external auditors?
Internal auditors work in the Internal Controls Services department and are employees of Dartmouth. They support Management and the Board of Trustees by performing audit activities that address risks and controls at all levels (departments and functions) across the College. External auditors are non-employees of the College and they include the College appointed audit firm (currently KPMG) and external auditors from government/regulatory agencies (for example, Internal Revenue Services). However, there may be situations where Internal Control Services (ICS) will contract an external audit firm or professional to perform an audit of a department. In this situation, the external auditor will function in an internal audit capacity and their work will be supervised by an internal auditor from ICS.
Where do I report a concern about a business ethics matter that I would like to discuss with someone, but I am concerned that my colleagues or supervisors may learn that I raised this concern? What should I do?
The Dartmouth College Business Ethics Helpline is designed to allow you to remain anonymous if you wish when you raise your concern. You may submit your concern in writing to any of the offices listed on the Business Ethics Helplines web page (identifying yourself or remaining anonymous, as you wish), or you may submit your concern online. (The process for receiving information submitted anonymously via the Ethics Concerns Form is designed so that College officials cannot trace your identity).You should also be aware that Dartmouth College policy prohibits retaliation against any person who has raised a concern in good faith. Good faith means that you have a sincere belief based on the facts known to you at the time — and more than mere speculation — that there may be an ethical or compliance problem.