1. Where is the Office of Risk and Internal Controls Services located?
2. What is the meaning of the terms risk and internal controls?
3. What is an internal audit?
4. What is management's responsibility regarding internal controls?
5. How do I evaluate my department's internal controls to ensure they are appropriate?
6. What are the benefits of an audit to my department?
7. What should I expect during an audit?
8. How can I prepare for an audit?
9. May I request an audit?
10. Who will receive the audit report of my department?
11. What is the difference between internal auditors and external auditors?
12. Where do I report a concern about a business ethics matter that I would like to discuss with someone, but I am concerned that my colleagues or supervisors may learn that I raised this concern. What should I do?
The Office of Risk and Internal Controls Services is located at 53 South Main St (Nugget Building), Suite 212, Hanover NH.
Risks: According to the Institute of Internal Auditors’ International Professional Practice Framework, risk is the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.
Internal Controls: Please refer to the Internal Controls section of our website.
According to the Institute of Internal Auditors, internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The management of every department/function is responsible for establishing and monitoring internal controls which are required to support the achievement of their goals and objectives. The monitoring process is essential to ensure that internal controls are effective and they continue to mitigate the department’s risks.
Internal Controls Services has designed a self-assessment tool to help departments to perform an internal evaluation of their own processes and controls. The tool is called Dartmouth Operations Self-Assessment (DOSA).
The overall benefit of an audit is that it supports the achievement of a department's objectives. Depending on the type of audit, there are specific benefits that could be gained from the completion of an audit.
• Internal audit can provide recommendations that will help you administer your processes and procedures in a more effective and efficient manner, ensure the reliability of information and improve your department’s compliance with external regulations and Dartmouth policies and procedures.
• An independent appraisal of your processes can provide better insights on areas which were hitherto not considered high risk by your department.
• The contents of an audit report are usually specific to the area being reviewed and they provide a basis for management to make value adding decisions that may be strategic to their department.
• If you have recently assumed new or additional supervisory responsibilities, an audit of the department can help to determine whether internal controls in your new department are adequate. Audit is also beneficial when new computer systems are installed to assess their controls and procedures.
There are four processes to an audit at the College:
Planning: At this stage is to obtain necessary internal and external information and to then create an audit work paper templates.
Field Work: Auditors schedule times to interview responsible individuals and randomly select test samples for evaluation by gathering documentations and assessing such information.
Reporting: The final report goes to the manager of the audited department. It will be kept confidential in the Risk and Internal Controls Services Office.
Follow-up: Depending on the nature of the audit and the level of risk of audit findings, follow-up audit(s) may be performed to determine the status of audit findings and actions taken by management.
For scheduled audits, Internal Controls Services will communicate in advance to the department and senior management (either through electronic mail or by phone) about an upcoming audit. After being notified, the department can prepare for an audit by doing the following (not a comprehensive list):
• Make ready for release to the audit team, the department’s organization chart, list of key personnel and their job descriptions, process flowcharts, operating policies and procedures and training records for employees.
• If applicable, make available the copies of recent external audit reports completed on your department within the audit period.
• Inform the department staff about the upcoming audit and encourage full cooperation with the audit team.
• If applicable, assign areas of the audit scope to key employees so they can effectively plan and prepare to respond to audit requests.
• Contact the audit team, in a timely manner, if you have questions or comments about the upcoming audit.
You may contact the Internal Controls Services if you feel you are a good candidate for an audit. Depending on the urgency of the request and our availability, we might be able to schedule you for an audit in the current year. More likely, your request will be put on a list of potential audits for the following fiscal year. When we create our annual audit plan at the beginning of the following fiscal year, we will consider your group along with other groups who requested audits or who were identified as potential audit areas.
Internal Control Services will send a draft audit report to the Director(s)/Manager(s) directly responsible for the department being audited for their reviews and feedbacks. Once this process is completed, the final audit report is sent to the recipients of the draft report and their supervisors (e.g. Vice Presidents, Deans, Department Chairs, etc.). In addition, copies of audit reports (including executive summary) are sent to the Executive Vice President and CFO and other officer(s) of the College that are deemed appropriate to receive to report.
Internal auditors work in the Internal Controls Services department and are employees of Dartmouth. They support Management and the Board of Trustees by performing audit activities that address risks and controls at all levels (departments and functions) across the College. External auditors are non-employees of the College and they include the College appointed audit firm (currently KPMG) and external auditors from government/regulatory agencies (for example, Internal Revenue Services). However, there may be situations where Internal Control Services (ICS) will contract an external audit firm or professional to perform an audit of a department. In this situation, the external auditor will function in an internal audit capacity and their work will be supervised by an internal auditor from ICS.
The Dartmouth College Business Ethics Helpline is designed to allow you to remain anonymous if you wish when you raise your concern. You may submit your concern in writing to any of the offices listed on the Business Ethics Helplines web page (identifying yourself or remaining anonymous, as you wish), or you may submit your concern online. (The process for receiving information submitted anonymously via the Ethics Concerns Form is designed so that College officials cannot trace your identity).You should also be aware that Dartmouth College policy prohibits retaliation against any person who has raised a concern in good faith. Good faith means that you have a sincere belief based on the facts known to you at the time — and more than mere speculation — that there may be an ethical or compliance problem.
Last Updated: 9/14/10