Audit Process

What to Expect When Audited

In most cases, expect to receive notification when your department is to be audited. However there may be instances in which we conduct audits without prior notification, i.e., continuous auditing of transactions for anomalies, fraud allegation, etc. During this initial notification, expect to:

  • Understand the audit's purpose and objective(s)
  • Share your ideas or concerns regarding the audit
  • Be treated with respect and courtesy
  • Be asked for various financial and department documentation; some may be confidential
  • Have confidential information remain confidential
  • Answer all questions honestly
  • Receive a draft copy of the final audit report prior to its release

Preparing for an Audit

  • Have all requested materials/records ready when requested
  • Organize files so we minimize disruption of your office
  • Provide complete files and data
  • Please make key personnel available during the time of the audit and communicate any planned absences
  • Provide work space for auditors, if requested

The Audit Process

1

Pre-Planning

The auditor will review any prior audits in your area, professional literature, relevant regulations, applicable policies/regulations and industry best practices.
2

Notification

Internal Audit Services will notify the appropriate department or departmental personnel regarding the upcoming audit and its purpose, at which time an opening meeting will be scheduled.
3

Preliminary Work and Planning

The core of the audit program is developed using knowledge and information obtained during this process. Through interviews with key personnel and walk-throughs of key processes, the auditor will gain an understanding of your operation. Based on this initial assessment of risks and controls, tests of controls will be developed to create the audit program of areas to be tested. The areas of highest risk will be prioritized. 

The auditor will be learning about:

  • The objectives of the operation and major processes
  • The risks that could prevent objectives from being met
  • The controls in place or should be in place to manage these risks
4

Opening Meeting

This meeting will include management and any administrative personnel involved in the audit. The audit's purpose, scope and objective(s) will be discussed. This will include discussion of the areas that will be reviewed.
5

Fieldwork

This step includes the testing to be performed as well as follow-up interviews and walk-throughs with appropriate department personnel as necessary.
6

Report Drafting

After the fieldwork is completed, a report is drafted. The report includes:
  • Objective
  • Scope
  • Background
  • Overall conclusions, including strengths of the operation
  • Findings and recommendations
7

Closing Meeting

This meeting is held with department management. Prior to the closing meeting, a draft report will be submitted to department management for their review. The audit report and management responses will be reviewed and discussed. This is the time for questions and clarifications. Also, department management should suggest any changes or corrections to the draft audit report. Results of other audit procedures not discussed in the final report will be communicated at this meeting.
8

Management Response

At the closing meeting, management will be requested to provide written responses to each audit recommendation. Appropriate responses to audit report observations and recommendations should:
  • Not be a defense or justification as to why the observation noted occurred
  • Be brief, explaining how you will ensure the observation does not reoccur
  • Consider the audience or report recipients, i.e., President and Board of Trustees' Audit, Risk and Compliance Committee
Responses are inserted into the report verbatim, including typos and grammatical errors. So please proofread and try not to be verbose. To ensure accountability, management responses should include the person(s) responsible for implementing the recommendation and the expected implementation or completion date. We recommend respondents work closely with their supervisor to help ensure the response is appropriate and the supervisor is in agreement.
9

Report Distribution

Once all responses are received, the report is distributed to:
  • President
  • Provost
  • Board of Trustees' Audit, Risk and Compliance Committee
  • Vice President for Finance and Administrative Services
  • Controller
  • Audited area's management
  • Others as determined by the Chief Audit Executive