Home FAQs
Frequently Asked Questions

1. What is internal auditing?

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

2. What is Value for Money Audit about?

Value for money (VFM) audit is concerned with evaluating the three 'Es':

Economy Buying the resources needed at the cheapest cost

Efficiency Using the resources purchased as wisely as possible

Effectiveness Doing the right things and meeting the organisation's objectives

3. What is Internal Control?

Internal control is a process, effected by Board / Council, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

• Effectiveness and efficiency of operations

• Reliability of financial and management reporting

• Compliance with applicable laws, regulations and policies

4. Are Internal Auditors Responsible for Internal Controls?

Management is responsible for maintaining an adequate system of internal control. Internal auditors independently evaluate the adequacy of the existing internal control systems by analyzing and testing controls. The Directorate of Internal Audit Makerere University makes recommendations, based on their reviews, to management to improve controls.

5. How are Reviewed Areas Selected?

An annual Internal audit plan is developed based on set criteria. Input is solicited from Management, Heads of Units, Internal Audit and Audit Committee. This plan is reviewed and approved by the Audit Committee. The Internal audit plan is a companied by schedule of planned audit activities showing units and staff to undertake the assignments.

6. What type of reviews are performed?

  1.  Financial Reviews - evaluate the accounting and reporting of financial transactions, including commitments, authorizations and receipts, and disbursement of funds.
  2. Compliance Reviews - determine the degree of adherence to laws, rules and regulations, policies, and procedures.
  3. Operational Reviews - examine operating information and the means used to identify, measure, classify, and report such information; review the means for safeguarding assets; ascertain if results are consistent with management's objectives and goals and if the operations are being carried out as planned; appraise the economy and efficiency with which resources are employed; and review the systems established to ensure compliance with policies, procedures, plans, laws, and regulations.
  4. Management Information Systems (MIS Reviews) - evaluate system input, output and processing controls, backup and recovery plans, and system data and physical security.
  5. Projects Reviews – evaluate project implementation, management and evaluation, adherence to terms and conditions of the agreements/contracts/memorandum of understanding. We review conformity with prescribed reporting forms, formats, timeframe for the implementation of the project and technical report or output .

7. Why and how was our department chosen for audit?

The Directorate of Internal Audit develops an annual audit plan based on adequacy of controls, risk management and governance processes in the University. We solicit views from our staff, management, heads of units and audit committee members through discussions during this planning process. An audit may be specifically selected because of the associated risk. The audit plan is presented to the Audit Committee and approved.

8. Are auditors looking for fraud when performing audits?

According to Standard 1220 of the International Standards for the Professional Practice of Internal Auditing, internal auditors have a responsibility "to exercise due professional care in performing audit work to the degree that fraud may be present in activities covered in the normal course of audit work." As part of the assurance activities, Internal Auditors watch for potential fraud risks, assess the adequacy of related controls and make recommendations for improvement. However, it is management's responsibility to identify potential areas of risk and to be aware of the possibility of fraudulent acts in these areas.

9. Where do I get more information on the policies, regulations, rules, and procedures applicable to my operations?

The Makerere University website provides access to all University system Policies and Regulations as well as links to each Unit and University policies. The Directorate of Internal Audit website also provides helpful links to information. Some Units have their own Intranet sites which detail policies and procedures for their specific areas.



Address: 3rd Floor, Main Building
Tel: +256 414 532 475
Email: audit@ia.mak.ac.ug
Website: www.ia.mak.ac.ug