Audit projects performed by Internal Audit are conducted in accordance with the professional standards and code of ethics of the Institute of Internal Auditors. The IIA serves over 70,000 members and provides the internal auditing profession with standards, guidance, and information on internal auditing best practices. Audit standards require all work to be performed in a confidential and ethical manner.
Audit projects are initiated as a result of:
- Annual Audit Plan
- Management Requests
- Fraud or Special Investigations
The Annual Audit Plan is developed by Internal Audit. This Annual Audit Plan is based on the results of a high level risk assessment that is designed to address relevant risks that may negatively impact University operations and/or performance. This plan is reviewed and approved by the Board of Trustees and the Chancellor. It identifies the audit projects to be conducted during the upcoming fiscal year; however, it can be amended to include requested reviews, special projects, or changes in priority.
The Audit Process consists of four primary phases:
During the planning phase, the auditor establishes the detailed audit program and procedures that will be conducted during the scheduled engagement. Audit procedures are designed to meet the audit objective and scope established for the review.
The auditor obtains a general understanding of the department or process being audited.
Typical audit planning activity includes:
- Review of existing policies, procedures and applicable regulations
- Discussion with the FinanceOffice
- Obtaining background information regarding the department/process
- Analysis of potential risks
- Communication with the client
During the planning phase the auditor may utilize questionnaires, surveys or other tools to obtain an understanding of existing procedures and/or controls.
Conference will be held with management prior to our beginning actual audit fieldwork. Participants in this meeting will include appropriate management representatives as well as other relevant personnel that have knowledge of the process or department being reviewed. Management is responsible for identifying personnel that should participate in the Entrance Conference. During the Entrance
Conference the auditor and management will discuss:
- Objective and Scope of the review
- Timing of the audit
- Contact persons/departments
- Management Concerns
- Current Practices
During audit fieldwork, the auditor will collect, analyze, interpret and document policies, procedures and transactions within an organizational unit. The auditor will perform their work in accordance with the audit program. During the course of fieldwork, internal control weaknesses may be identified that fall outside the original objective and scope of the review. Internal Audit is responsible to report these issues to management to ensure their appropriate disposition and resolution.
The auditor will perform their work in an efficient manner that minimizes department interruptions. Meetings will be scheduled in advance when possible and requests for information will be provided to management to facilitate the timely and orderly collection of data.
Audit updates will be provided throughout the audit to communicate the progress of the audit as well as observations to-date. Departmental personnel will have the opportunity to provide input regarding observations and recommendations.
A draft audit report will be distributed to management when audit procedures are complete and initial observations and recommendations have been communicated.
An Exit Conference will be held with management to discuss the audit observations, recommendations, and corrective actions once fieldwork is complete.
A Final Audit Report will be issued after the draft report is discussed with management. This report will include management comments to audit recommendations.
Final Audit Reports are issued to the Dean and/or Director responsible for the entity or process being audited. A summary of all audits completed by Internal Audit is reported to the Board of Regents on a quarterly basis.
Internal Audit will conduct follow-up procedures to ensure corrective measures have been implemented in a timely and effective manner. Follow-up procedures are generally performed 6-12 months after the final report is issued. A summary of all follow-up reviews completed by Internal Audit is reported to the Board of Regents on a quarterly basis.
During the course of the audit, management is expected to work proactively with Internal Audit to facilitate the effective and efficient completion of audit procedures.