Any office or department may request an audit. Depending on the priorities of the University and Internal Audit, we may not be able to immediately accommodate your request, but will certainly discuss your needs and expectations, and can offer initial thoughts for your consideration.
Before we perform an audit, an introductory letter is emailed to the department head. Preliminary information such as departmental policies and procedures, organization charts or chart-string information help us better to be better prepared for the audit. Additionally, applicable system access (application, shared drives, Google Drives, Wiki pages, etc.) to help us obtain the documentation required for the audit which could save you time in the future.
This depends on the type of audit. Things that may factor into the duration of our review of your department can include the following: the availability of your staff during our review, the nature of the review, and the complexity of departmental operations. We perform a risk-assessment at the beginning of the audit to help identify the key areas that should be reviewed. The audit scope and expected time frame will be communicated to you via an Audit Objectives Memo.
Inevitably there will be some disruption to your department's normal operations. We will try to minimize this disruption as much as possible by using available technological resources (BC secured drives, Google Drive) and scheduling meetings at mutually convenient times.
We send copies of the audit report to the department administration, the President, the Executive Vice President, the Financial Vice President, the Controller, General Counsel, and others, depending on the type of audit. Reports on academic units are sent to the Provost. IT audit reports go to the Vice President of Information Technology.
Yes. Audit issues will be discussed with you and your team as they are identified. Your feedback and input will be welcomed as opportunities for improvement and recommended actions are developed. You will have an opportunity to review and provide feedback to our draft report.
We are audited every five years by other auditors under guidelines set forth by the Association of College and University Auditors. This "peer review" process draws upon the standards and guidelines set forth by the Institute of Internal Auditors in their International Standards for the Professional Practice of Internal Auditing. The peer reviewers typically include auditors from other universities, public accounting firms, or specialists in an audit area and they issue a report with findings and recommendations, just as we do when we audit University departments.
Internal auditors are employees of Boston College. We support senior management by performing audit activities that address risks and controls at all levels across the University.
External auditors are non-employees of Boston College and they include the University appointed audit firm and external auditors from government / regulatory agencies.
However, there may be situations where Internal Audit will contract with an external audit firm to perform an audit. In this situation, the external auditor will function in an internal audit capacity and his/her work will be supervised by Internal Audit.
For more information, or to anonymously report an ethics violation, please visit: www.bc.ethicspoint.com. EthicsPoint facilitates confidential and anonymous reporting of concerns about any aspect of University compliance.