Internal Audit Unit
Start main content

FAQs

The following sets out some of the most commonly asked questions and their answers about internal audit.  The Internal Audit Unit (IAU) staff will be pleased to answer any additional questions you may have about our Unit or auditing process.


IAU prepares a 3-year rotational audit work plan on an annual basis for review and approval by the Audit Committee.  The audit work plan is prepared based on the results of our audit risk assessment exercise in which functional / operational areas as well as their priority and frequency of audits are determined.

Normally, the auditees's Management will be advised of the scope, objectives and timing of the audit. However, some audits are required to be conducted on a surprise basis.

IAU finds out what systems, procedures and controls are in place and how they are operating by:

  • interviewing staff;
  • reviewing policies, guidelines and procedures;
  • examining documents and records.;
  • performing site visits;
  • conducting evaluation of the internal controls ascertained and analytical review on the information obtained; and
  • confirming with auditee on any observations noted.

An exit meeting will normally be held with the Management concerned to discuss the draft report and obtain agreement to the findings and recommendations. Management comments will be included in the report prior to its formal issue. Several months after issuance of the final audit report, a follow-up audit will be performed to confirm the implementation of the audit recommendations.

Audit reports (including follow-up audits) are issued to the Line Management, with copy to the overseeing Senior Management and President. Audit results, comprising major audit observations, recommendations and management comments, are reported to the Audit Committee on a quarterly basis.

Internal controls are the processes established by Management to safeguard its assets, secure the accuracy and reliability of its records, promote operational efficiency, and ensure adherence to relevant laws, regulations, policies, guidelines and procedures.
No.  The responsibility for establishing and maintaining internal controls rests with the Management concerned.  The IAU’s role is to conduct audits to ensure that the controls established by the Management are adequate, operating effectively and properly complied with.
No.  As all controls cost money, IAU will consider both the costs and benefits when determining whether a control is required.  In some instances, audit recommendations are made to eliminate unnecessary controls or procedures and to achieve cost savings.
IAU has identified some areas for improvement in audit reviews which include mainly the compliance with the University and statutory/regulatory requirements, and the enhancement in the procedures and systems for ensuring the effectiveness and efficiency of operations.  To share with colleagues about the common issues identified in recent audits, IAU has prepared and issued an IAU Newsletter to all PolyU staff on a half-yearly basis via email.  Some work tips and good practices are also shared with colleagues in relation to the audit issues highlighted. You are most welcome to contact us if you have any questions or comments after reading the IAU Newsletters.

We use Cookies to give you a better experience on our website. By continuing to browse the site without changing your privacy settings, you are consenting to our use of Cookies. For more information, please see our Privacy Policy Statement.

Your browser is not the latest version. If you continue to browse our website, Some pages may not function properly.

You are recommended to upgrade to a newer version or switch to a different browser. A list of the web browsers that we support can be found here