1. What does the Internal Audit Office do?
  2. How do you select areas for review?
  3. Why might I, or someone else, request an audit?
  4. What should I do if an external agency contacts me and wants to conduct an audit or review of our department, operation, or grant?
  5. What should I expect when an audit is being performed on my department?
  6. How will audit findings be reported?
  7. How do I get a copy of the University's audited financial statements?
  8. What are Internal Controls?
  9. Who is responsible for Internal Controls?
  10. What is considered fraud?
  11. Where do I report waste, fraud, or abuse?

1. Q: What does the Internal Audit Department do?

A: The Internal Audit Office performs financial, operational, EDP, and compliance reviews of departments, colleges, and processes throughout all University of Montana campuses.(Back to Top)

2. Q: How do you select areas for review?

A: Most areas are selected on an annual evaluation or risk assessment performed by the Internal Auditors. However, some audits are based on specific requests by UM's Administration, management, and/or the Legislative Auditor. (Back to Top)

3. Q: Why might I, or someone else, request an audit?

A: There are many benefits to performing an audit. If someone in your office has recently assumed new responsibilities, an audit can review the current procedures and assess whether the internal controls in your department are adequate. It can also be very beneficial when new computer systems have been installed. An audit is a good way to ensure that your policies and procedures are effective and efficient. In addition, having an outsider review your organization offers an independent opinion free of internal influences. (Back to Top)

4. Q: What should I do if an external agency contacts me and wants to conduct an audit or review of our department, operation, or grant?

A: The Internal Audit Office serves as campus liaison with all external auditors/representatives. It is the responsibility of the affected administrator to notify Internal Audit. Email Kathy Burgmeier in Internal Audit: BurgmeierKA@mso.umt.edu. Your email should include the name of the agency conducting the audit/review, name and phone number of a contact person, dates of the proposed audit/review and any specific information the external agency is requesting. (Back to Top)

5. Q: What should I expect when an audit is being performed on my department?

A: See Internal Audit Procedures. (Back to Top)

6. Q: How will audit findings be reported?

A: You and your staff will be kept informed of the auditor's findings throughout the course of the audit. At the conclusion of the audit, you will be able to review a draft of the report before the final version is issued. A copy of your department's response to the audit findings is included in the final audit report. Final audit reports are distributed to the Vice President of Administration and Finance, the President, the appropriate Executive Officer, and you and your management staff. (Back to Top)

7. Q: How may I get a copy of the University's audited financial statements?

A: You can email Beverly Hawkins-Llewellyn in the Internal Audit Office: HawkinsLlewellynBH@mso.umt.edu. You should include the name, title, address and phone number of the person requesting the financial statements. If the request for financial statements is related to grants, please include the name of the Principal Investigator/Program Director and, if applicable, the grant index code. (Back to Top)

8. Q: What are internal controls?

A: Internal controls are designed to provide reasonable assurance regarding the achievements of objectives in the following categories:

  1. Effectiveness and efficiency of operations
  2. Reliability of financial reporting
  3. Compliance with applicable laws and regulations

Internal controls are the process you and your staff, as well as the University's administration, develop to administer your area efficiently and effectively. Internal controls may be rules of procedures; for example, certain steps must be followed in processing disbursement checks. They can also be informal; for example, you may control access to administrative records by locking them in a file drawer.

There are three types of controls: preventive, detective, and corrective.

  • Preventive controls are installed to prevent possible undesirable outcomes before they happen.
  • Controls that identify the undesirable outcomes when they do happen are detective controls.
  • The last type of control is corrective, and is used to make sure that corrective action is taken to reverse undesirable outcomes, or to make sure that they do not happen again.

Good internal control systems should include:

  1. Individual accountability
  2. Independent monitoring
  3. Approval and authorization
  4. Segregation of duties

These control elements protect individuals, as well as the university as a whole, from loss. Without these controls, errors can arise and go unnoticed.(Back to Top)

9. Q: Who is responsible for internal controls?

A: Everyone in your department is responsible. The department head is ultimately responsible for internal controls in the department and should take ownership of the internal control system. The department head is responsible for setting the "tone at the top" by providing leadership and direction. Additionally, since all employees generate information that affects internal controls, they should all be responsible for communicating upward any problems of noncompliance, policy violations, or unlawful actions. (Back to Top)

10. Q: What is considered to be fraud?

A: Fraud can be defined as (1) a misappropriation of the university's assets, or (2) the manipulation of its financial data to benefit the perpetrator. It can be for the benefit and gain of an individual, or for the benefit and gain of an organization. These benefits and gains may be direct, as in receiving money or other assets, or indirect, as in receiving promotions and other benefits.
Fraud includes the following five crimes:

  1. Bribery
    Bribery is the receiving or offering of anything of value with the intent to influence an official in the performance of, or failure to perform, the lawful duties of that official.
  2. Conspiracy
    Conspiracy entails an agreement between two or more parties to knowingly and overtly commit a crime or to achieve, illegally, an objective that itself is not unlawful.
  3. Embezzlement
    Embezzlement is the unlawful conversion of entrusted property pursuant to a trust relationship. It is a breach of financial responsibility.
  4. Extortion
    Extortion is the unlawful obtaining of property through the wrongful use of actual or threatened force or fear.
  5. Forgery
    Forgery is the false writing or altering of an instrument, such as a check or receipt, with the intent to defraud.

(Back to Top)

11. Q: Where do I report waste, fraud, or abuse?

A: If you suspect misuse and/or theft of university assets, or if you have concerns about the efficiency and effectiveness of university operations, please contact:

Internal Audit Office
University Hall 018
University of Montana
Missoula, MT 59812-4032

phone: (406) 243-2545
email: BurgmeierKA@mso.umt.edu


Legislative Auditors Hotline
P.O. Box 201705
Helena, MT 59620-1705

Hotline 800-222-4446

(Back to Top)