FREQUENTLY ASKED QUESTIONS
You will find below the answer to the questions which we have been asked frequently, please do not hesitate to contact us at firstname.lastname@example.org should you to ask any question you may have which you do not find in this page.
- What are internal controls?
- Are internal auditors responsible for maintaining CERN 's systems of internal controls?
- Why am I being audited?
- How long will last the review?
- What is expected from me during the review?
- Can I ask internal audit for assistance when I am not being audited?
- Who will receive the final audit report?
- Will I be informed when the audit report is being issued?
- Will I be able to have my point of view in the report?
- How may Internal Audit make recommendations in a field where I AM the expert?
- Who will ensure that recommendations are implemented as agreed?
- What happens if I do not implement the agreed recommendations?
- What is the relationship between internal auditors and external auditors who audit CERN?
- What if I have more questions?
Internal controls encompass a unit's entire set of methods and procedures that are used in the day-to-day activities of the unit. These methods and procedures safeguard the unit's assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed policies. Effective internal control systems are designed to ensure that resource use is consistent with laws, regulations, and policies and that resources are safeguarded against waste, loss, and misuse. (top)
No. CERN's management is responsible for maintaining and adequate system of internal control. Internal audit independently evaluates the adequacy of existing internal control systems by analyzing and testing controls, and makes recommendations to improve controls based on this analysis. (top)
Audit Reports are addressed to the Director-General with a suggested distribution list. The Director General decides who gets a copy of the report. All audit reports are available to the Organization's External Auditors. (top)
Auditees will usually be informed of the audit report's issuance by the Internal Auditor in charge of the review.(top)
Throughout the audit and before the issuance of the report, findings and the draft report are presented and discussed with the auditees. Auditees have the possibility to provide comments and suggestions on the entire draft report. In addition, auditees have to complete details or observations on each recommendations provided in the summary table enclosed as an annex of the audit report. Internal Audit has the final word on the content of the report.(top)
Areas to be audited are determined based on risk based approach. The audit plan is approved by the Director General and executed by Internal Audit. (top)
Audits may last from several days to several months and will vary in length depending on an area's size, complexity, and the specific audit objectives. Not all the time devoted to the audit will be evident to you because of the amount of preparation, analysis, and related work needed to document the effort. The auditor will give you an estimate of the time needed to complete the audit. (top)
During the audit review the aim of the auditor(s) in charge will be to collect a maximum of information on the audited area in order to understand its objectives, the risks associated and to evaluate whether internal controls are in place to mitigate these risks. He/She has a number of tools available including interviews, tests, documentation, on site visits etc. Your role during the review is to help him find the information he/she is looking for, and, should the level of internal control not be optimum, help him find out and formulate recommendations to improve the audited area. Depending on your responsibility in the audited area the auditor (s) may have to call for your cooperation a number of times and will appreciate your availability. (top)
Yes, while our mission is principally accomplished through formal audits, we will be happy to provide you with information and suggestions on controls in specific areas. (top)
You definitely are the person who is the most knowledgeable in the audited area. By education and experience the auditor has acquired a methodology and the related tools which allow him to efficiently assess the level of internal control in an audited area. The auditor is in a position to suggest possible recommendations to improve a sub-optimal level of internal control. However, he will be working with you and will use YOUR knowledge of the audited area to come up with recommendation which have an added value to your business area. (top)
It is the responsibility of the management of the service/department to whom the recommendation has been addressed to implement it. Internal Audit will at least once a year contact auditees to discuss the status of the implementation or non implementation and will send a follow up report to the DG, on the basis of the replies received.(top)
All recommendations might not be implemented as agreed. The situation or context might have changed since the review and the another alternative has been envisaged by the auditee. Internal Audit will report annually to the Director-General the status of all recommendations made. Special attention will be given on the recommendations that are not yet implemented and where the risks remain. (top)
External auditors are appointed by CERN Council for 5 years and are detached in turn from the national supreme audit institutions of each CERN member states. They visit CERN twice during any given year to certify the accounts of the Organization and of the Organization's Pension Fund. In addition, they perform operational reviews within the departments. Internal Audit coordinates work with the external auditors to ensure that no duplication of audit efforts take place. Internal Audit arranges interviews with CERN's staff, coordinates access to the records the external auditors may require and allows them to review relevant work from Internal Audit .(top)