Audit Process

During the planning phase , we will notify the Dean, Chancellor, or Administrative Unit Head of the audit via an announcement letter that is issued from the Internal Audit Director. The announcement letter typically requests a meeting to discuss the timing, objectives and scope of the audit, as well as provide the audit client with an opportunity to bring any concerns you may have  to our attention.

The auditors in-charge of the audit will also hold separate entrance meetings with operational management. These meetings typically include the Financial Officer and IT Director for audits that include both financial/operational and IT components; however, they could include additional individuals dependent upon the nature of the audit.

On our end, we use a variety of tools and techniques to gather and analyze information about the operation of the area. We may also perform interviews with other management or staff within the area as part of the risk assessment process.  

Fieldwork will concentrate on testing of procedures, processes and records. It is during this phase that the audit team will determine whether the internal controls are operating effectively, or whether internal controls could be improved in a variety of areas. Some of the fieldwork is accomplished “behind the scenes” through review of documentation filed within University systems (such as SIMBA, SAP Concur, eSteward, Various IT Dashboards, etc.). However, other steps of fieldwork require interviewing management and/or staff in your area, requesting additional documentation, or asking questions regarding completed fieldwork. Your commitment and timely response to audit requests during this phase is very important and will help to ensure a smooth, timely, and successful audit.

Throughout the course of fieldwork, the audit team will keep staff and operating management apprised of any identified issues. At the conclusion of the fieldwork, the audit team will hold an exit conference with operating management. During this exit meeting, the audit team will ensure there is consensus on the identified issues and discuss ways that the area could address the issues.

Upon conclusion of the exit meeting with operational management, and after the audit team and management are in agreement regarding the identified issues, a draft report that includes all identified issues and associated recommendations will be issued to senior management of the unit. At this time, management will have time to review our recommendations and submit responses as to how the recommendations will be addressed.  Once received, the audit team will review management’s responses and may reach out with additional questions or comments. At this time, the Internal Audit Director will hold a closing exit conference with the Dean, Chancellor, or Administrative Unit Head to finalize the management responses.

After management responses have been finalized, the final report is issued. The final report will be addressed to the Dean, Chancellor, or Administrative Unit Head and their immediate supervisor.  In addition, some senior leaders throughout the University are copied on all final reports, while additional individuals may be copied on final reports, as deemed necessary.

Audit Feedback

As required by the Institute of Internal Auditors Standards for the Professional Practice of Internal Auditing, the Internal Audit department must complete ongoing monitoring to evaluate the performance of the internal audit activity. One of ways that Internal Audit evaluates the performance of the internal audit activity is by soliciting and reviewing feedback from audit clients and other stakeholders. Upon issuance of the final report, area executives and operational management will receive a link to an evaluation survey. This will be received via email from the department’s email address, [email protected], with a link for a survey within Microsoft Forms. Your feedback is critical and we appreciate participation in the survey.

Audit follow-up is an integral part of the internal audit process. However, specific follow-up activity depends on the results of the audit. For some issues identified during the audit, management may have indicated in the final  report that the recommended changes have already been implemented and therefore, the issues are considered resolved. For these issues, no follow-up is considered necessary.

However, more often than not, recommendations take time to implement. Under these circumstances, follow-up for the identified issues will be performed six months following the issuance of the final report. The Dean, Chancellor, or Administrative Unit Head to whom the final report was issued will receive a draft follow-up report that requires them to respond to the current status of the issues that have not been previously resolved. Management will provide responses to the open issues and the audit team will review the responses. Additional questions regarding the responses may be asked during this time.

After management responses have been finalized, the final follow-up report is issued. The final follow-up report will be issued to those individuals to whom the final audit report was issued.

If issues are not resolved during the six-month follow-up process, Internal Audit will continue to follow up on those issues which remain open on a quarterly basis via a follow-up memo which is sent to the Dean, Chancellor, or Administrative Unit Head of the audited area.  Audit follow-up will conclude upon resolution of the last remaining open audit issue.   However, it should be noted that based on a memo co-authorized by the Provost and the Senior Vice President for Finance and Business  it is expected that  all issues will be resolved within 18 months from the date of final report issuance.