Where can I find the Institute document retention policy? I need to know how long certain records must be kept.
Do you work for Georgia Tech?
As a unit head, how may I request the services of the Internal Auditing Department?
Now that the audit is about to be completed, what is the reporting process?
Why do you sometimes recommend actions that are not contained in the Institute criteria?
Why are you conducting follow-up activities when less than a year ago you were conducting the audit?
What if I become aware of fraud, waste or abuse?
Where are you located?
Where can I find the Institute document retention policy? I need to know how long certain records must be kept.
Please refer to the University System of Georgia Record Retention Guidelines at https://www.usg.edu/records_management/schedules. This document provides guidance on the minimum retention time for a particular record. The guidelines are organized in nineteen categories and a search engine is provided for your convenience.
Do you work for Georgia Tech?
Yes, we are Georgia Tech employees. There are two classifications of auditors: internal auditors and external auditors. The Department of Internal Auditing is classified as internal auditors. External auditors can fall in to various categories (e.g., Board of Regents, state, public accounting firms, federal, etc.).
As a unit head, how may I request the services of the Internal Auditing Department?
Management may contact the director or associate directors via telephone or e-mail to request our services for an audit, special review, or advisory services. Your request will be reviewed and the director will determine how we may best meet your needs and coordinate review activities based on our audit plan commitments.
Now that the audit is about to be completed, what is the reporting process?
The auditor typically prepares a draft report that contains observations, conclusion, and recommendations that is shared with the entity being audited. The audit entity is asked to review the draft report and to provide comments on the report’s accuracy, tone, and recommendations. The management’s response to the recommendations is added to the report, and it is issued in final.
Why do you sometimes recommend actions that are not contained in the Institute criteria?
Our objective is to offer suggestions to mitigate identified risks. We believe the head of an Institute organization would want to mitigate identified risks, even though Institute policy might not yet specifically address a given situation.
Why are you conducting follow-up activities when less than a year ago you were conducting the audit?
We have an obligation to Institute management, the Board of Regents, and the professional practice of internal auditing to report progress on actions to implement audit recommendations. We typically perform follow-up calls within six months of an audit.
What if I become aware of fraud, waste or abuse?
We are interested in feedback should you become aware of these situations and would like to have your input. You should submit your concerns via our online hotline.
Where are you located?
760 Spring Street
Suite 314
Atlanta, GA 30332
