Frequently Asked Questions

The Audit and Compliance Committee assists the Florida Agricultural and Mechanical University (FAMU) Board of Trustees in discharging its oversight responsibilities. The Committee’s principal activities include:

• Oversight of FAMU's business risk assessment, by reviewing procedures in place to assess and minimize significant risks.
• Oversight of the University’s internal control structure to review the effectiveness and reliability of its business, financial and information system controls.
• Oversight of the quality and integrity of the University’s financial reporting processes to ensure the balance, transparency and integrity of published financial information.
• Review of the internal audit function and overall audit process.
• Review of the annual audit plan.
• Review of the University’s process for monitoring compliance with laws, regulations and policies. 

Back to top

We handle scheduled audits, investigations and special reviews. We are also responsible for compliance and training.

Back to top

Audit projects can be placed into four categories: financial audits, compliance audits, operational audits and information technology audits.

• Financial audits address questions of accounting and reporting of financial transactions, including commitments, authorizations and receipt and disbursement of funds.
• Compliance audits determine the degree of adherence to laws, policies and procedures.
• Operational audits review operating information and the means used to identify, measure, classify and report such information; review the means for safeguarding assets; ascertain whether results are consistent with management's goals and objectives and whether the operations are being carried out as planned; appraise the economy and efficiency with which resources are employed; and review the systems established to ensure compliance with policies, procedures, plans, laws and regulations.
• IT audits evaluate system input, output and processing controls, backup and recovery plans, and system data and physical security.

Back to top

The Division of Audit has a comprehensive audit plan based on a five-year cycle. While all major activities are scheduled for audit in this cycle, the audit frequency can vary depending upon associated risks. The Audit Committee approves an annual audit schedule to ensure that objectives, scope and allocated audit hours support management goals.

Back to top

The length of the audit varies. The lead auditor assigned to the audit will give a reasonable estimate of the time needed to complete the audit.

Back to top

When an activity is scheduled for audit, an engagement letter is sent to the responsible parties. The auditor will then schedule an entrance conference to discuss the objective and scope of the audit. At this initial meeting, responsible parties should take the opportunity to discuss any concerns or questions they may have about the audit and how they can facilitate the review process.

A typical audit has several stages, including preliminary review, fieldwork and reporting. The auditor flowcharts the system, evaluates the system and its controls, collects data and performs testing, and then documents the work performed and the conclusions reached. At the end, the auditor issues an audit report.

Back to top

Auditors are not specifically searching for the existence of fraud. However, while conducting audits in accordance with the Institute of Internal Auditors’ "Standards for the Professional Practice of Internal Auditing,” improper activities may be identified. A good system of internal controls and a control-conscious organizational environment will reduce this risk.

Back to top

During the audit and at the conclusion of the fieldwork, the auditor will discuss any findings noted during the process. The responsible parties will receive a draft audit report for review and, if required, an exit conference will be scheduled. This conference is an opportunity to discuss the audit findings, clarify any ambiguities and, if necessary, modify the report.

If the report contains recommendations or written responses detailing corrective action, information about a projected implementation date and the responsible party will be required. The response is included in the body of the report. Significant findings are reported to the State University System as well as the Audit Committee and the president.

All audit information is treated as confidential and is reported only to those within the institution who need to know. The final report and response are distributed to appropriate management personnel, the Audit Committee and the president.

Back to top

Internal controls can be categorized as either accounting controls or administrative controls.

• Accounting controls are designed to safeguard FAMU assets and ensure the accuracy of financial records.
• Administrative controls are designed to promote operational efficiency, effectiveness and adherence to FAMU policies and procedures.

The Division reviews the adequacy of both accounting and administrative controls during audit engagements.

Back to top

No. University management is responsible for maintaining an adequate system of internal controls. Internal auditors independently evaluate the adequacy of the existing internal control systems by analyzing and testing controls. The Division of Audit makes recommendations to management to improve controls based on system testing and control analysis.

Back to top

Yes. The Division acts as an in-house consultant on internal control matters and provides guidance on control aspects of new systems and procedures.

Back to top

Yes. You may file a report by using the web or phone. On the web, enter information into the requested fields and submit it. By phone, you are greeted by a trained interviewer who documents in detail the situation you described. You don’t have to give your name and the call is not recorded.

Please direct questions and requests for audits to the Division of Audit at 850-412-5479.

Back to top