Information For
More Information:
  • myWM
  • Directory
  • Blogs
  • Maps and Directions
  • W and M A to Z Index
Search W&M


Departments & Offices » Internal Audit » Internal Audit Policies and Procedures

Internal Audit Policies and Procedures

Professional Development

The Director is responsible for the Office’s professional development as required by the professional standards. The Office will pay for professional organization memberships, such as the American Institute of Certified Public Accountants (AICPA) and the Institute of Internal Auditors (IIA), at the discretion of the Director.

Office Security

The Office is equipped with a motion detection alarm system with an audible alarm. The alarm system is connected to the William and Mary Police. The individual offices are secured by deadbolt locks not keyed to the campus master key system. Every effort must be made to maintain the security of the Office.

Risk Assessment

The Office performs risk assessments in accordance with the professional standards.

Annual Work Plan

The Director asks senior management for projects to include in the Annual Work Plan. The Director develops a draft Plan based on senior management’s requests, the risk assessment, and the Director’s judgment. The draft is presented to the Board of Visitors’ Audit Committee for review and approval. The Director will evaluate subsequent management requests in light of the risk assessment.

Engagement Letter

Use an engagement letter only when necessary. The initial contact is crucial, so please be clear, concise, and friendly.

Entrance Conference

Explain who we are and that we work for the Board of Visitors. Explain the audit process: risk, the Annual Work Plan, field work, draft reports, final reports, and final report distribution. Ensure the manager knows he/she will see the draft report first. Ask if we may help evaluate operations for compliance, efficiency, or in any other way.

During the Audit

Develop a good professional relationship with the manager and staff such that they are comfortable contacting you for advice or to discuss a problem.

Audit Documentation

Audit documentation must conform to the professional standards. Auditors should consider the current documentation conventions defined by the Director while documenting work, but are not restricted to them - innovation is encouraged, particularly in the development of electronic documentation. Consider making as much of your documentation electronic as possible, using the audit program as a “hub” to reference and link supporting documentation. Scan paper documents when appropriate. All documentation is reviewed by the Director.

Reports and Memos

Reports are used when there are significant findings; memos are used when there are not. Distribute the same report to all parties - from the manager to the Board. Distribute memos as you and the Director think appropriate. Include positive comments in reports and memos.

Quality Assurance and Improvement (QAI) Program

External assessments should be conducted in accordance with the professional standards by qualified, independent, and external reviewers. Results will be communicated to the Board of Visitors’ Audit Committee and senior administrators. Internal assessments should be conducted in accordance with the professional standards. Deviation from the professional standards must be reported to the Board of Visitors’ Audit Committee and senior administrators.

W&W weather vane

The College of William & Mary

Williamsburg, VA. Contact us.

© 2009 The College of William & Mary
All Rights Reserved.