The annual audit areas are selected by PwC using a risk-based approach, incorporating a review of the strategic risk register and a review of the annual risk assessment of the University’s audit universe.  During the planning stages all Audit Sponsors are consulted before the annual audit plan is approved by the University Executive Board and the Audit & Risk Committee.

The timing of your audit (i.e. the quarter period) will have been discussed and agreed with the audit sponsor to ensure it is held at an appropriate time in the academic year. Careful consideration is given during the planning of audits to make sure any audit activity is coordinated and conducted in a way that minimises disruption to you, your team and your day-to-day business.  The scoping meetings held with you will outline the timelines for the audit and your involvement will (in most cases) be limited to the start and end of the audit process, to allow PwC to conduct their fieldwork.

Your department or Faculty must provide all information requested by PwC as promptly and as accurately as possible, including responding to follow up queries.  PwC will provide access to a secure online portal for key documentation (which will have been agreed during your scoping meeting and listed in your Terms of Reference) so it is important that information is provided in line with the timescales to allow the audit to keep to the agreed timescales.

You may also be required to attend a fieldwork session, which is a conversation about your role and your work.  This will be held online (via Teams) and will last approximately 1 hour.  You will be consulted prior to the session to make sure it is held at an appropriate time for you to attend and once agreed with all parties, you will be responsible for attending and participating fully.  

Yes, the University’s contract with the PwC specifically covers confidentiality and requires access to sensitive business information.   PwC also provide access to the Connect Portal which is a secure system for the upload of documents.  In some cases, PwC will arrange a Teams call to allow you to show them systems and records and this will be agreed as part of the planning and scoping of the audit. 

Once the audit has concluded, the draft report is initially shared with the Audit Sponsor, the Audit Lead and the Head of Internal Assurance, along with any agreed key stakeholders.  Once the content of the report has been finalised and actions agreed, the report will be shared with members of the Vice Chancellors Group, the University Executive Board and the Audit & Risk Committee.

Once the audit has been completed and actions have been agreed, your audit actions will be added to the PwC TrAction system, which is an online tool used for monitoring audit actions.  You are then required to ensure that any agreed actions are completed within the agreed timescales and you will need to upload evidence and progress to the TrAction system before any actions can be marked as completed.

Yes, all staff new to internal audits and the PwC TrAction system (which is an online tool used for monitoring audit actions) will be trained in how to use the system.  We have also created an online user guide which can be found here

No.  While identifying discrepancies and areas of non-compliance is part of internal auditing, its primary goal is to add value and improve an organization's operations. It provides insights and recommendations to enhance processes, controls, and governance, not just to criticize or find faults.

The findings of internal audits are meant to be constructive, providing a basis for improvement and better decision-making. They aim to identify potential issues before they become serious problems, not to assign blame.

External and internal audits serve different purposes. External audits focus on financial reporting accuracy for stakeholders, while internal audits assess a wide range of operational, strategic, and compliance risks and controls. Both are important for a comprehensive review of an organization's health and performance.

Modern internal auditing covers a wide range of areas beyond finance and accounting, including IT, cybersecurity, operations, and compliance. Auditors often have diverse backgrounds and expertise to address the varied risks an organization faces.

While ensuring compliance is a significant aspect of internal auditing, its scope is much broader. It also involves evaluating risk management strategies, governance processes, and operational efficiencies