Frequently Asked Questions (FAQ) – Internal Audit

Where is the Compliance Office?

The Office of Internal Audit is located in A-235. The office hours are 8:00 a.m. – 4:30 p.m., Monday through Friday.

What does the Compliance Officer do?

The primary responsibility of the Compliance Officer is to evaluate and the system of internal controls established at the College. The Compliance Officer identifies actual and potential problems and recommends corrective action, in accordance with professional internal auditing standards. The Compliance Officer provides management with an independent appraisal of the overall system of internal controls. In addition, the Compliance Officer performs special projects as requested by College management personnel and LCTCS personnel. The Compliance Officer reports direct to the Chancellor.

How long will an audit take?

An audit can take from a day to several months, depending on the function, nature, complexity and condition of the area under review.

What are some different types of audits?

Operational audits
Operational audits are the most common type of audit. Operating procedures, document flow, and internal controls are reviewed in detail. Operational audits assess the effective and efficient use of resources while accomplishing the area’s goals and objectives.

Compliance audits
Compliance audits assess the degree to which the area has adhered to laws, rules, regulations, policies and procedures. Compliance may be reviewed for adherence to Federal, State and local laws, along with other regulatory agencies such as NJCAA.

Financial audits
Financial audits address issues related to the proper accounting and reporting of financial transactions, including authorizations, cash receipts, cash disbursements, and commitments to purchase.

Investigative audits
Investigative audits are performed when required and are the result of alleged acts of fraud or other misconduct. Alleged white-collar crime, misuse of College assets, and conflicts of interest are examples of reasons for an investigative audit. Typically, Internal Audit works with both internal and external parties to the College. The focus of Internal Audit’s review is on whether or not internal controls were compromised.

Information systems audits
Information systems audits typically address general controls, focusing primarily on input controls, output controls, processing controls, backup and recovery plans, data security, and hardware security.

How do you decide what to audit?

An audit is selected for review as a result of Internal Audit’s annual audit plan, administrative requests (College or System level), or allegations of fraud or other misconduct. Internal Audit’s annual audit plan is developed based on a combination of factors including follow-up to previous audits, and mandated recurring audits.

Who receives a copy of internal audit reports?

The Chancellor, the responsible Vice Chancellor, the Budget Unit Head and/or applicable Auditee, receives a copy of internal audit reports. Copies are also made available for the Auditor-in-Charge from the Office of the Legislative Auditors. Given the confidential nature of investigative audit reports, Internal Audit further limits the distribution of such reports.

What are internal controls? Why should I be concerned?

Internal controls to mean that plan of organization and methods and procedures adopted by management to ensure that (a) resource use is consistent with laws, regulations, and policies; (b) resources are safeguarded against waste, loss, and misuse; and (c) reliable data are obtained, maintained and fairly disclosed in reports.

You should be concerned with internal controls because everyone at the College has some responsibility for the achievement and adequacy of internal controls.

What should I do if I learn of a fraud at the College?

Employees should notify their Budget Unit Head of incidents involving fraud as soon as possible. The Budget Unit Head is required to immediately notify College Police, the Chancellors Office and the Compliance Officer.

Why does each department need individual written policy and procedures?

Each department should maintain its own departmental policy and procedures manual to ensure that:

  • Continuity and consistency of operations occurs
  • Efficiency in operations occurs
  • Documentation of “what to do” or “what should be done” exists
  • Documentation of “how to do” exists
  • Documentation of the handling of non-routine and/or infrequent processes exists
  • Efficiency and effectiveness of training for new employees occurs

What are some examples of common audit findings?

Examples of common audit findings include the following:

  • Inadequate separation of duties, i.e. one employee responsible for all aspects of specific types of activities
  • Deposits not made in a timely manner
  • Bank accounts not reconciled in a timely manner
  • Administrative policies, procedures, and practices not documented
  • Subsidiary ledger accounts are not reconciled to the general ledger
  • Expenditures or disbursements not properly authorized
  • Administrative staff not cross-trained to provide coverage during extended absences
  • Access to campus and departmental computer resources not properly controlled
  • Computer data files not backed up on a regular basis
  • Electronic backup media not stored in a secure location remote from the original data.

Whom should I contact if I have questions not covered in this section?

For any additional questions, please contact the Compliance Office in Building A, Room 235.