Ñý¼§Ö±²¥

1. What does the Office of Internal Audit do?
2. How are specific departments or processes selected for audits?
3. What should I do if an external agency contacts me and wants to conduct an audit or review of our department, operation, or grant?
4. What should I expect when an audit is being performed on my department?
5. How are audit findings and results reported?
6. How do I get a copy of the University's audited financial statements?
7. What are Internal Controls?
8. Who is responsible for Internal Controls?
9. What is considered fraud?
10. Where do I report waste, fraud, or abuse?

1. Q: What does the Office of Internal Audit do?

A: The Office of Internal Audit uses a systematic and disciplined approach to improve the effectiveness of governance, risk management and control processes and the Ñý¼§Ö±²¥ and its affiliated campuses: Helena College, Montana Technological University, and the Ñý¼§Ö±²¥ Western. The Office of Internal Audit executes the University's annual Audit Plan. (Back to Top)

2. Q: How are specific departments or processes selected for audits?

A: Areas selected for audits are identified as part of an annual risk assessment performed by the Internal Auditors. However, some audits may result from specific requests by UM's senior executive team and/or the . (Back to Top)

3. Q: What should I do if an external agency contacts me and wants to conduct an audit or review of our department, operation, or grant?

A: The Internal Audit Office serves as campus liaison with all external auditors/representatives. It is the responsibility of the affected administrator to notify Internal Audit. Email Jolene Crist in Internal Audit: Jolene.Crist@mso.umt.edu. Your email should include the name of the agency conducting the audit/review, name and phone number of a contact person, dates of the proposed audit/review and any specific information the external agency is requesting. (Back to Top)

4. Q: What should I expect when an audit is being performed on my department?

A: See Internal Audit Procedures. (Back to Top)

5. Q: How are audit findings reported?

A: You and your staff will be kept informed of the auditor's findings throughout the course of the audit. At the conclusion of the audit, you will be able to review a draft of the report before the final version is issued. A copy of your department's response to the audit findings is included in the final audit report. Final audit reports are distributed to the Office fo the Commissioner of Higher Education (OCHE), the President, the appropriate Sector Head, and staff/management of the department being audited.  (Back to Top)

6. Q: How may I get a copy of the University's audited financial statements?

A: You can email Ben Froemming in the Internal Audit Office: Ben.Froemming@mso.umt.edu. You should include the name, title, address and phone number of the person requesting the financial statements. If the request for financial statements is related to grants, please include the name of the Principal Investigator/Program Director and, if applicable, the grant index code. (Back to Top)

7. Q: What are internal controls?

A: Internal controls are designed to provide reasonable assurance regarding the achievements of objectives in the following categories:

1. Effectiveness and efficiency of operations
2. Reliability of financial reporting
3. Compliance with applicable laws and regulations

Internal controls are the process you and your staff, as well as the University's administration, develop to administer your area efficiently and effectively. Internal controls may be rules of procedures; for example, certain steps must be followed in processing disbursement checks. They can also be informal; for example, you may control access to administrative records by locking them in a file drawer.

There are three types of controls: preventive, detective, and corrective.

• Preventive controls are installed to prevent possible undesirable outcomes before they happen.
• Controls that identify the undesirable outcomes when they do happen are detective controls.
• The last type of control is corrective, and is used to make sure that corrective action is taken to reverse undesirable outcomes, or to make sure that they do not happen again.

Good internal control systems should include:

1. Individual accountability
2. Independent monitoring
3. Approval and authorization
4. Segregation of duties

These control elements protect individuals, as well as the university as a whole, from loss. Without these controls, errors can arise and go unnoticed.(Back to Top)

8. Q: Who is responsible for internal controls?

A: Everyone in your department is responsible. The department head is ultimately responsible for internal controls in the department and should take ownership of the internal control system. The department head is responsible for setting the "tone at the top" by providing leadership and direction. Additionally, since all employees generate information that affects internal controls, they should all be responsible for communicating upward any problems of noncompliance, policy violations, or unlawful actions. (Back to Top)

9. Q: What is considered to be fraud?

A: Fraud can be defined as (1) a misappropriation of the university's assets, or (2) the manipulation of its financial data to benefit the perpetrator. It can be for the benefit and gain of an individual, or for the benefit and gain of an organization. These benefits and gains may be direct, as in receiving money or other assets, or indirect, as in receiving promotions and other benefits.
Fraud includes the following five crimes:

1. Bribery
   Bribery is the receiving or offering of anything of value with the intent to influence an official in the performance of, or failure to perform, the lawful duties of that official.
2. Conspiracy
   Conspiracy entails an agreement between two or more parties to knowingly and overtly commit a crime or to achieve, illegally, an objective that itself is not unlawful.
3. Embezzlement
   Embezzlement is the unlawful conversion of entrusted property pursuant to a trust relationship. It is a breach of financial responsibility.
4. Extortion
   Extortion is the unlawful obtaining of property through the wrongful use of actual or threatened force or fear.
5. Forgery
   Forgery is the false writing or altering of an instrument, such as a check or receipt, with the intent to defraud.

(Back to Top)

10. Q: Where do I report waste, fraud, or abuse?

A: If you suspect misuse and/or theft of university assets, or if you have concerns about the efficiency and effectiveness of university operations, please contact: