Business Policies and Procedures Manual
Chapter 30: Finance

Internal Audits

BPPM 30.12

For more information contact:
   Internal Audit

Internal Audit Office

The Internal Audit Office is responsible for an independent appraisal of University operations. Regular internal audits help to protect University management against improper activities and provide constructive suggestions for improvement.

The Internal Audit Office may audit any WSU unit or program.

Internal auditors have no authority over the University operations being audited and are not responsible for any functions of University operating units. An audit does not relieve University administrators and employees of assigned responsibilities.


The objective of internal auditing is to assist all levels of management with the effective discharge of their responsibilities by furnishing them with analyses, appraisals, recommendations, and pertinent comments concerning the activities reviewed. Auditors promote uniform and responsible processing of all financial and functional operations.


University administrators are responsible for providing internal auditors access to all records, property, and personnel relevant to the subject under review.

Code of Ethics

WSU internal auditors discharge their duties in a manner consistent with the Code of Ethics of the Association of College and University Auditors and the Institute of Internal Auditors.

Planning Audits

Except in the case of unannounced cash counts, units are generally notified prior to audits.

The Internal Audit Office determines the audit scope from preliminary review of existing internal controls, administrative functions, procedures, and possible problem areas.

What to Expect

An audit usually consists of a review of cash accountability including: receipting and depositing procedures, receipt inventory procedures, and billing procedures. An audit may also include one or more of the following:

  • Review and appraisal of general business principles and procedural controls over revenues, expenditures, assets, and liabilities.
  • Review and analysis of the adequacy and effectiveness of established procedures and internal control.
  • Verification of compliance with federal and state statutes, regulations, and WSU policies.
  • Evaluation of the organizational efficiency of operations and the accuracy of reports and records.

Draft Report

At the conclusion of an audit, a draft report which includes all findings and recommendations is prepared and submitted to the individual in charge of the audited unit for review, comment, and solicitation of additional information.

Action by Audited Unit

The audited unit is responsible for issuing a written response to the draft report within two weeks.

The response indicates the unit’s agreement or disagreement with the audit recommendations and describes any corrective action already taken.

If necessary, the audited unit may contact the Internal Auditor to request more time to prepare a response or to schedule an optional closing discussion.

Final Report

After the audited unit has responded to the draft report, the auditor prepares the final report and distributes it to the appropriate administrative officials. The final audit report includes the audited unit’s response to the draft audit report and indicates corrective actions already taken, or to be taken, regarding the recommendations.


Depending upon the circumstances, the Internal Audit Office may conduct a follow-up audit to insure compliance with agreed upon corrective actions.

Requesting an Audit

Administrative units may request an audit. The request should be made in writing to the Internal Audit Office. Audits are scheduled in conjunction with existing commitments.


University employees are responsible for notifying the Internal Audit Office of any loss of equipment (see BPPM 20.50), loss or shortage of a till or petty cash fund (see BPPM 30.50 and BPPM 30.51).


University management is responsible for detecting and reporting suspected or known irregularities. The Internal Audit Office coordinates and conducts an investigation of reported irregularities.

Irregularity, as used in this policy, can include, but is not limited to, the following:

  • Violations of state or federal laws or rules.
  • Violations of WSU policies.
  • Abuses of authority.
  • Substantial and specific dangers to public health and safety.
  • Waste or loss of public funds.
  • A dishonest or fraudulent act resulting in financial loss to the University.
  • Forgery or alteration of records or documents.
  • A misappropriation of funds, securities, supplies, furniture, equipment, or any other asset.
  • An irregularity in the handling or reporting of money transactions.
  • Use of University facilities and/or equipment for personal gain.
  • Participation by University employees in transactions that result in economic gain to themselves, their immediate families, or a business with which they are directly associated.

Reporting Options

The following reporting options are available to all University employees for reporting suspected irregularities:

  • Employees may report any suspected irregularities to their department head. The department head should immediately notify the Internal Audit Office in writing. In addition, the department head should also notify the appropriate vice president or vice provost.
    Department managers should not attempt to conduct their own investigations or confront suspected employees.
  • Employees may report suspected irregularities directly to the University’s Internal Audit Office.
  • Employees may report suspected improper governmental actions to the State Auditor’s Office under the state “whistleblower” law. (RCW 42.40) See BPPM 10.20 for University whistleblower procedures and definitions of improper governmental actions.

Not Reported to Internal Audit

The following irregularities should not be reported to the Internal Audit Office, but should be handled as indicated:

Police Services

Police Services should be contacted for situations regarding criminal acts, e.g., burglary, extortion, trespassing, break-ins.

Human Resource Services

Human Resource Services should be contacted for personnel issues , e.g., employee grievances, promotions, reclassifications, performance evaluations, dismissals or related situations.

Student Affairs

The Office of Student Affairs or the student’s academic dean should be contacted for student issues covered under the Student Conduct Code which includes infractions of rules and regulations or misconduct of academic work.

College Dean

The appropriate college or dean should be contacted for issues related to scientific and scholarly research.


The Director of Internal Audit coordinates with the following University departments and state agencies as necessary at the beginning or during an irregularity investigation:

  • Attorney General’s Office for legal assistance.
  • State Auditor’s Office, when evidence indicates an irregularity which may have resulted in a loss of public funds.
  • Human Resource Services when disciplinary action against a University employee may be appropriate.
  • Office of Benefits and Payroll Services and Risk Management Services and Insurance to file claims with insurance companies.
  • Police Services for criminal acts.
Conducting an Investigation

When conducting an investigation of an irregularity the Internal Audit Office:

  • Obtains possession of and safeguards any relevant records related to the investigation.
  • Has the authority and responsibility, after consulting with appropriate management personnel and/or the Attorney General’s Office, to:
    • Conduct a preliminary investigation to determine if an irregularity occurred, the magnitude of the loss, the individuals involved, and if evidence is sufficient to support further investigation.
      If warranted after the preliminary investigation, the Internal Audit Office will undertake prompt investigative action, after coordinating with the State Auditor’s Office.
    • Examine, copy and/or remove all or any portion of the contents of files, desks, cabinets and other storage facilities located on the premises without the prior knowledge or consent of any individual who may use or have custody of such premises or items. This does not include the employee’s personal property unless appropriate legal actions have been taken.
    • Issue a report to the appropriate University officials at the conclusion of the investigation.

Revisions:  October 2004 (Rev. 249); Aug. 1994 (Rev. 95); Sept. 1990 (Rev 83); Nov. 1979 (Rev. 36); Aug. 1976 (Rev. 13); June 1975 – new policy (Rev. 1)