Skip to main content
Site navigation
Office of Internal Audit

Internal Audit Process

About

The Internal Audit function promotes the concept that an audit is something we collectively work on with you, the audit client. In doing so, we believe in the importance of developing a partnership with you throughout the audit process. This allows us to provide assurance on the effectiveness and efficiency of your processes and assist you by focusing on areas you may want to prioritize to reach your department’s goals.

two people with laptops writing on paper

Steps of Audit Process

The following steps and specific examples of how to be actively involved will enhance the audit process and the resulting product (i.e., recommendations to reduce risks and improve your ability to fulfill your mission).

Prior to Entrance Meeting

When we notify you about an upcoming audit of your area, or if you have requested an audit, we may request information regarding financial, operational, and information system documentation unique to your area so we can get to know your operations. If you are aware of other information that would be helpful to us as we review your operation, we ask that information also be provided.

Entrance Meeting

At the entrance conference, we get to know you and describe the audit process and ask that you share any internal control concerns you have regarding your area. This is an opportunity to request audit review and assessment of issues important to management. We may also discuss potential audit objectives with you at this time. However, the objectives may change after we perform a risk assessment of your area.

Planning

With input from you and the information you have provided, we begin the audit planning process. We meet with key individuals involved in your business processes to gain a solid understanding of your operations. Additionally, we may work with you to complete an internal control questionnaire to better understand each area’s existing controls. Audits may also include an employee survey. When planning is complete we discuss the audit objectives with you and review the key steps we will complete to meet the audit objectives.

This is also a good time to ask questions if you don't understand why certain activities have been included or excluded. There are no secrets to our audit scope or process, and your input at this point is particularly valuable. The audit work plan may change slightly if additional areas of risk are identified during testing.

Testing/Fieldwork

This portion of the audit is what most people think of when an audit is performed; the actual testing of transactions and discussing each process in detail. During this phase, we generally document your processes in narrative or flowchart form. This helps us ensure we have a good understanding of your processes and helps us to identify controls in place (or whether controls need to be implemented). Therefore, we spend time in your area asking questions and interviewing appropriate staff as needed to clarify processes and ask questions regarding our test results. As we share test results with management, we ask that you review the preliminary results and begin thinking about possible corrective actions.

Exit Meeting and Reporting

After our testing has concluded, we hold an exit meeting with you to discuss observations identified, initial recommendations, and solicit additional feedback from you regarding potential responses to our recommendations. Once that meeting is complete, we begin drafting the audit report with our results, including the recommendations to the observations we identified.

Once the report is drafted, we will send it to you for review to ensure all the facts are captured accurately within the report. We will also request you provide your formal responses within the report at this time. This includes offering solutions to the observations identified in the report, assigning individual(s) responsible for seeing that the solution has been attained, and to project realistic time frames for completion of the recommendations made. Your involvement is particularly critical to ensure the corrective action taken is the best solution to the control issue addressed.

Once you have completed your review and responses, we will discuss any changes you feel need to be made and verify your responses resolves the issues identified in the report. After everyone agrees with the language in the report, we will issue the report as ‘Final’ and submit to you as well as everyone ‘up the change of command’ and ultimately to the President of the University as he/she will receive all audit reports.

Recommendation Follow Up

Periodically, we perform follow up to ensure timely implementation of audit recommendations, based on proposed implementation date of each recommendation documented within the audit reports and update senior management and the Institutional Audit Committee as to the status of your corrective actions. We contact your area and ask you to provide information on any outstanding items; it is helpful for you to be proactive in monitoring and reporting the status of corrective action internally. The primary benefits of the audit are not realized until effective corrective action is taken to address the underlying issue, which may vary from our recommendation or even from your original management action plan.

As you can see, the audit process is optimized with your active participation and input. We look forward to partnering with you throughout this process to improve and sustain university controls, accountability and oversight.