Internal Audit

Internal Audit

The role of Internal Audit is to provide independent assurance that the University’s risk management, governance and internal control processes are operating effectively.   

Internal audit:

  • Provides objective insight
  • Improves efficiency of operations
  • Evaluates risks and protects assets
  • Assesses organisational controls
  • Ensures legal compliance

Internal Audit at the University is currently provided by PriceWaterhouseCooper (PwC) who defines and delivers the annual internal audit schedule, working closely with the Corporate Compliance Unit and key University stakeholders.  PwC regularly provides update reports into the University Executive Board (UEB) and the Audit and Risk Committee (ARC).

Who is involved in an internal audit:

  • University sponsor – the VCG member with overall responsibility for the area being audited
  • University audit owner – the UEB member with overall responsibility for the area being audited
  • University action owners – the members of staff who are allocated the audit recommendation (actions) and are responsible for completing it and meeting the deadlines.
  • PwC Auditors – depending on the audit area, PwC will allocate one or more auditors with specialist experience.
  • The Corporate Compliance Unit – the team works closely with PwC and has oversight of the day-to-day implementation of the audit plan, providing internal assurance to the University and the Audit and Risk Committee.

The University is committed to conducting internal audits that includes early engagement with key stakeholders and clear communication throughout the process.  The information provided on this page is to support you through the audit lifecycle, to make the internal audit process run more smoothly, limit the disruption to your business-as-usual activities and increase the likelihood of the internal audits providing accurate and reliable information and outcomes.

We welcome any questions you may have during the audit as we know that clear and continuing communication throughout the audit process creates positive working relationships.  If you have any queries, please contact us at compliance@wlv.ac.uk 

The stages of an internal audit

Click here for the 5 main stages of our internal audit process.

The annual audit areas are selected by PwC using a risk-based approach, incorporating a review of the corporate risk register and a review of the annual risk assessment of the University’s audit universe.  This provides the foundation for the development of the plan which is then further developed through discussion and agreement with the audit area owners and the University Executive Board prior to the approval by the Audit and Risk Committee.

Once the annual internal audit plan is approved, each audit then requires planning, starting from defining the scope and objectives of the audit, to developing the steps required to achieve the objectives. 

The Corporate Compliance Unit will contact the responsible or nominated audit owner(s) at the start of the audit year to identify the most appropriate timing for the individual audit to take place, ensuring that any planned work can be co-ordinated to minimise the impact and disruption to those services being reviewed.

PwC will then hold a scoping meeting with audit owners to identify the scope of the audit. This meeting covers the key areas of service and provision for the unit within the context of any strategic plans in place. It will focus on key objectives and the risks and opportunities that relate to this.

PwC will then provide a term of reference based on the scoping meeting which will reflect the key issues of risk for area that is being reviewed, the timeline for the audit and will also include details of any documentation that is to be provided in advance. This will be sent to audit owners and sponsors for agreement before starting field work.

During the fieldwork period, PwC auditors go through the steps identified in the scoping meeting and the terms of reference. Steps could include conducting interviews with staff, reviewing policies, processes, documentation and data sets and identifying areas of best practice. 

Once the terms of reference are agreed, staff will be asked to provide the agreed information as outlined in the terms of reference. Staff will then be contacted to schedule follow-up meetings which typically last an hour and may include clarifications or requests for additional documentation.

PwC will conduct the fieldwork to meet the agreed terms of reference and endeavour to work in a way that causes minimal disruption.

Once the fieldwork is completed, PwC will conduct a closure meeting with the audit owners and sponsors to discuss the results of the audit.  The closure meeting is also an opportunity for the University to discuss the recommendations that are being proposed. 

After the closure meeting, the audit owners and sponsors have a further opportunity to review the proposed recommendations before providing management comments and feedback.  Once received, PwC will then issue the final report, which is then presented to the Audit and Risk Committee for final approval.

Once the report is approved by the Audit and Risk Committee, all audit recommendations and corrective actions are followed up on to provide assurance that the plans are being implemented. 

All actions are added to the Traction system which is the PwC owned web-enabled tool for tracking the status of internal audits and agreed actions.  Audit and action owners are required to use the system to evidence and confirm that actions and recommendations have been addressed. 

PwC and the Corporate Compliance Unit provide regular audit progress reports to UEB and ARC.

More Information