The audit process is a collaborative process between management and the Internal Auditing staff. Open, direct communications with management and staff is crucial for the success of the audit. Internal Auditing strives to minimize workflow disruptions in departments by scheduling audits during off-peak times when possible.
Internal Auditing staff is authorized to have unrestricted access to all property, personnel, and records relevant to the audit being performed whether University or Foundation related. This authority is granted by the Internal Audit charter which is approved by executive management and the University’s Board of Trustees.
What to Expect During the Audit
Prior to beginning a scheduled internal audit, the Internal Audit Director will inform the department of the upcoming audit through a written engagement letter which outlines the audit scope, objectives or goals, timeframes, and general audit procedures to be followed.
At the beginning of each planned audit, a meeting is scheduled with applicable management and staff to validate the audit scope, objectives, and resources needed. This is also an opportunity for management to express any concerns about the area being audited or identify potential weaknesses in the audited area.
Planning & Fieldwork
To gain a general understanding of key business processes and internal controls in effect, Internal Auditing begins its audit by assessing risk; interviewing departmental staff; and reviewing applicable federal and state laws and regulations, and internal policies and procedures currently in effect for the area being audited.
Audit fieldwork typically consists of reviewing job duties; examining supporting documents; testing transactions; verifying and confirming balances; an evaluation of the effectiveness and efficiency of operations; and an assessment of the management and monitoring systems in effect. Audit findings and recommendations are developed as audit testing procedures are completed.
At the conclusion of the audit, an exit meeting is held to discuss the results of the audit. Individual audit findings and recommendations are reviewed with management during the exit meeting to ensure that all parties understand the results. It is also an opportunity for management to discuss any potential inaccuracies or discrepancies identified in the audit report. Management is requested to respond in writing to the audit findings within 10 business days.
Final Audit Report
An audit report is drafted providing an overview of the scope and procedures of the audit, with an appendix containing a summary of the findings, associated risks, recommendations for corrective action, and management’s responses to the findings and proposed action plans. A preliminary copy of the report is provided to the appropriate respondents to review and sign before the report is issued. Final reports are distributed to the appropriate managers involved in the audit, Senior Executive Cabinet members, and the Board of Trustees audit committee members. Audit reports are also provided to the external audit firms conducting the external audit for the University and Foundation. Audit reports are considered confidential documents.
Customer Satisfaction Survey
Internal Auditing has implemented a quality assurance program to comply with internal auditing standards. After the audit is complete, Internal Auditing will send each auditee a customer satisfaction survey to complete. Constructive feedback is requested to help improve the audit process and identify areas for improvement.
Internal Auditing will perform periodic follow-up reviews to determine if corrective action has been taken as a result of the prior audit. Follow-up will typically occur two times a year or more frequently if warranted. Results of the follow-up review are shared with senior management and the Audit Committee.