What to Expect During an Audit
Generally, an audit begins by a communication from a representative of Office of Audit, Risk & Advisory Services to the department head or financial officer to schedule an introductory planning meeting. In planning meeting(s), members of the audit team and departmental representatives will discuss the key functions of the department or operating unit. Management’s assistance and collaboration during planning is critical. The planning meeting discussions(s), along with industry research and financial analyses by Audit, Risk & Advisory Services provide the basis for identification of the business risks and audit approach development. When scheduling audits, Audit, Risk & Advisory Services will work with management to ensure that the audit will have as little impact on day-to-day operations as possible.
Members of the audit team will schedule an entrance conference with departmental representatives to formally discuss the objectives of the audit and define the scope of the audit. In addition, the team will provide management with information on planned audit procedures and often make a request for information needed to start the review.
Evaluating Internal Controls
The control assessment involves a series of process related questions which are customized for the operations and functions described in planning and are directed to the responsible personnel identified in planning. Members of the audit team may revise the planned audit approach based on the outcome of the control assessment. See Control Self-Assessment for the type of questions to be discussed.
The audit team will conduct tests to assess the effectiveness and efficiency of key processes and controls.
Communication of Audit Findings
The audit team will communicate audit findings to the department throughout the course of the review.
Upon the conclusion of testwork, the audit team issues a draft report. The draft report outlines the objectives of the audit and the resulting conclusions drawn from the audit.The audit team will provide and discuss the draft report with operating management.
Developing a Management Action Plan
The team will request management to provide a written response to the recommendations in the audit report. Management action plans should include steps that have been or will be taken to address the recommendations suggested to correct issues identified in the audit report. For actions that have not been taken, management should include a targeted date for when the revised procedures will be implemented. The action plan will be included in the Final Report issued to the appropriate Vice Chancellor and other members of Senior Leadership.
Exit Conference/Final Report
If necessary, a final meeting (exit conference) will be held to discuss the audit results and the management action plan. The audit team will distribute the final report to the responsible Vice Chancellor and other members of Senior Leadership, as deemed necessary.
As a part of Audit, Risk & Advisory Services' self evaluation program, we will ask the department to comment confidentially on our team’s performance. This feedback has proven to be very beneficial to us and we have made improvements to our processes as a result of departmental suggestions.
Approximately three months after receiving the report, the responsible Vice Chancellor or delegate may request a status report of actions taken in response to the audit report. The Action Plan status update should be forwarded to the requested area, rather than to Audit, Risk & Advisory Services. Additionally, Audit, Risk & Advisory Services may perform a subsequent follow-up review, as deemed necessary.