Frequently Asked Questions

As defined by the Institute of Internal Auditors, Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The Jacksonville State University (JSU) Board of Trustees (BOT) Audit, Risk, and Compliance Charter and the JSU Internal Audit Charter require the Office of Internal Audit (IA) to prepare an annual audit plan and obtain BOT Audit, Risk, and Compliance Committee approval. The methodology used in preparing this annual audit plan consists of the following: (1) identification of auditable areas, otherwise known as the audit universe, (2) Enterprise Risk Assessment results, (3) identification of annual audit mandates, and (4) input from members of the President’s Cabinet and other JSU Leaders. Matters considered in establishing annual audit plan include, but are not limited to, (a) the date and results of the last audit; (b) financial exposure; (c) potential loss and risk; (d) requests by management; (e) major changes in operations, programs, systems, and controls; and (f) opportunities to achieve operating benefits.

Internal controls are one of the most essential elements within any organization. Internal controls are designed and implemented to enable organizations to achieve their goals and missions.  An organization's Management is responsible for the design, implementation, and maintenance of all internal controls, with its Board responsible for the oversight of the control environment.  Strong internal controls allow for organizations to achieve the following three objectives:

  • Accurate and reliable financial reporting,
  • Compliance with laws and regulations, and
  • Effectiveness and efficiency of the organizations operations.

In order to achieve these objectives an internal control framework needs to be applied and followed throughout the organization. The five components of an internal control framework are control environment, risk assessment, control activities, information and communication, and monitoring.

The annual audit plan is posted on the Internal Audit page within and an auditee will be notified when an audit is initiated.  Internal Audit (IA) will explain the audit process and obtain input from the auditee.  During the audit IA may meet with faculty or staff, review and evaluate processes and systems, examine documentation, and select transactions for testing.  At the conclusion of an audit IA will prepare a draft report, which will include identified opportunities for improvement, that will be provided to the auditee for review, input, and comment.

Yes.  Internal Audit (IA) will keep the auditee informed of progress and will solicit auditee input throughout the audit process.

Yes.  The auditee will be requested to review the final audit report prior to issuance.