The audit process can be confusing, especially for those who have never been audited before. Whether
you have questions about internal controls in your existing system or are scheduled
for an audit, this information can help.
The Audit Committee and Types of Audits
The Audit and Compliance Committee assists the Florida Agricultural and Mechanical
University (FAMU) Board of Trustees in discharging its oversight responsibilities.
The Committee’s principal activities include:
Oversight of FAMU's business risk assessment, by reviewing procedures in place to
assess and minimize significant risks.
Oversight of the University’s internal control structure to review the effectiveness
and reliability of its business, financial and information system controls.
Oversight of the quality and integrity of the University’s financial reporting processes
to ensure the balance, transparency and integrity of published financial information.
Review of the internal audit function and overall audit process.
Review of the annual audit plan.
Review of the University’s process for monitoring compliance with laws, regulations
We handle scheduled audits, investigations and special reviews. We are also responsible
for compliance and training.
Audit projects can be placed into four categories: financial audits, compliance audits,
operational audits and information technology audits.
Financial audits address questions of accounting and reporting of financial transactions,
including commitments, authorizations and receipt and disbursement of funds.
Compliance audits determine the degree of adherence to laws, policies and procedures.
Operational audits review operating information and the means used to identify, measure,
classify and report such information; review the means for safeguarding assets; ascertain
whether results are consistent with management's goals and objectives and whether
the operations are being carried out as planned; appraise the economy and efficiency
with which resources are employed; and review the systems established to ensure compliance
with policies, procedures, plans, laws and regulations.
IT audits evaluate system input, output and processing controls, backup and recovery
plans, and system data and physical security.
What to Expect From an Audit
The Division of Audit has a comprehensive audit plan based on a five-year cycle. While
all major activities are scheduled for audit in this cycle, the audit frequency can
vary depending upon associated risks. The Audit Committee approves an annual audit
schedule to ensure that objectives, scope and allocated audit hours support management
The length of the audit varies. The lead auditor assigned to the audit will give a
reasonable estimate of the time needed to complete the audit.
When an activity is scheduled for audit, an engagement letter is sent to the responsible
parties. The auditor will then schedule an entrance conference to discuss the objective
and scope of the audit. At this initial meeting, responsible parties should take the
opportunity to discuss any concerns or questions they may have about the audit and
how they can facilitate the review process.
A typical audit has several stages, including preliminary review, fieldwork and reporting.
The auditor flowcharts the system, evaluates the system and its controls, collects
data and performs testing, and then documents the work performed and the conclusions
reached. At the end, the auditor issues an audit report.
Auditors are not specifically searching for the existence of fraud. However, while
conducting audits in accordance with the Institute of Internal Auditors’ "Standards
for the Professional Practice of Internal Auditing,” improper activities may be identified.
A good system of internal controls and a control-conscious organizational environment
will reduce this risk.
During the audit and at the conclusion of the fieldwork, the auditor will discuss
any findings noted during the process. The responsible parties will receive a draft
audit report for review and, if required, an exit conference will be scheduled. This
conference is an opportunity to discuss the audit findings, clarify any ambiguities
and, if necessary, modify the report.
If the report contains recommendations or written responses detailing corrective action,
information about a projected implementation date and the responsible party will be
required. The response is included in the body of the report. Significant findings
are reported to the State University System as well as the Audit Committee and the
All audit information is treated as confidential and is reported only to those within
the institution who need to know. The final report and response are distributed to
appropriate management personnel, the Audit Committee and the president.
Internal controls can be categorized as either accounting controls or administrative
Accounting controls are designed to safeguard FAMU assets and ensure the accuracy
of financial records.
Administrative controls are designed to promote operational efficiency, effectiveness
and adherence to FAMU policies and procedures.
The Division reviews the adequacy of both accounting and administrative controls during
No. University management is responsible for maintaining an adequate system of internal
controls. Internal auditors independently evaluate the adequacy of the existing internal
control systems by analyzing and testing controls. The Division of Audit makes recommendations
to management to improve controls based on system testing and control analysis.
Working With Us
Yes. The Division acts as an in-house consultant on internal control matters and provides
guidance on control aspects of new systems and procedures.
Yes. You may file a report by using the web or phone. On the web, enter information
into the requested fields and submit it. By phone, you are greeted by a trained interviewer
who documents in detail the situation you described. You don’t have to give your name
and the call is not recorded.
Please direct questions and requests for audits to the Division of Audit at 850-412-5479.