Internal audit

The Joint Internal Audit Unit is an independent function providing an internal audit service to management and the Councils of Cardiff University, and Swansea University.

This is achieved through the review of the effective operation of financial and operational control systems.

The team aims to provide a high quality audit service based on achieving a high standard of professionalism and expertise in service delivery, and to attain recognition of this within the higher education sector.

The Unit's main function is to carry out the University's approved annual programme of internal audit work.

How the Unit carries out an internal audit

  1. Internal audit assignment objectives, timescales and the report distribution list are agreed with management.
  2. The Unit gathers evidence, completes testing, enquires with key staff and reviews key documents against audit objectives.
  3. The Unit evaluates the results of the audit work and discusses outcomes with management, both throughout engagement and during the closing meeting.
  4. The Unit produces a draft report which is presented to the assignment manager after review by the Head of Internal Audit. Management is required to provide responses.
  5. After responses are received and outstanding queries are addressed, the report is finalised and sent to the agreed distribution list.

Internal audit approach

Internal audit provides assurance which combined with other activities, forms parts of the University’s risk assurance activities. The individual assignment objectives, audit findings and report are shared with local management, senior management and the Audit Committee. The action plan to address the findings are agreed with management and presented to the Audit Committee. In some circumstances these may be presented to the University Council on Council request.

The audit plan has been developed from review of The Way Forward and from consultation with key staff. The three year strategy is agreed with the senior management team and the Audit Committee, and the annual plan is subject to approval as part of the Internal Audit Annual Programme procedures. This is presented to the senior management team and the Audit Committee in June for the forthcoming academic year, to which the annual audit plan is aligned.

The key areas for consideration and inclusion into the strategic plan are summarised in this document. These are based on our understanding of the key risks and strategic aims, the methodology of which is discussed below, in the risk assurance mapping section. The audit areas of interest identified in the strategic internal audit plan will be reviewed as an audit assignment. Thus the strategic plan will be developed into annual plans whereby the internal audit assignments are woven into the risk assurance process.

Risk assurance mapping

The design of the internal audit plan will be integrated into the risk assurance process. The plan will be closely aligned to review risks derived from the strategy and other significant, underlying risks which underpin the activities of the entire institution.

The risks identified against the four thematic areas will form the basis of the planning considerations for the internal audit plan. The four thematic areas are research, education, international and engagement.
The other risks which the internal audit plan will consider include underlying risks which relate indirectly to achieving these objectives. The risks which an institution should consider at a strategic level include human resources, finance, estates, information & communication technology, regulatory & compliance, and corporate governance & risk management.

Internal audit will consider the effectiveness of the mitigating controls identified in the risk register, the value these activities offer the University and consider the unmitigated or unidentified risk exposure. This will be completed through internal audit activities which are predominantly internal audit reviews but may also include other assurance activities such as follow up reviews, participation in governing committee or group meetings and consultancy-type reviews.

Contact us

Please contact us if you have any queries about financial systems and internal control. We also provide specialist audit services related to IT and computers.

Joint Internal Audit Unit

Joint Internal Audit Unit
Cardiff University
Friary House, 2nd Floor
Greyfriars Road
CF10 3AE