Selection: Audit plans are based on a comprehensive risk assessment, including risks identified
by the Board of Trustees, the Commissioner and the Institutional Executive Officer.
Planning: During the planning stages of an audit, the lead auditor will review any prior audits
of the unit, research applicable policies and procedures and any state/federal laws
and regulations. Once an objective and scope of the audit are determined an audit
program will be developed. The lead auditor will notify the head of the unit and schedule
an entrance conference. There will be some cases where an entrance conference is not
scheduled depending on the nature of the audit.
Entrance Conference: The head of the unit being audited may at his/her discretion invite other management
to attend. During the entrance conference, the lead auditor will discuss the objective,
scope and timing of the audit. The auditor may discuss certain planned audit procedures
and may have an initial request for information. The auditor will also answer any
questions that management may have concerning the audit.
Fieldwork: This is where the audit team will gather information about the unit by interviewing,
observing processes, confirmations, analyzing data, and performing tests of controls
(including testing technology controls). The audit team will determine the adequacy
and efficiency of internal controls of the unit's operation. The audit team will also
incorporate best/good practices to evaluate if processes are operating efficiently.
The audit team will try to schedule on-site fieldwork visits at a time where there
will be minimal distraction from the day-to-day operation of the unit.
Observation(s): The auditor will document any observations during his/her fieldwork. During the fieldwork,
the auditor may discuss observations with management or give periodic progress updates
to management.
Preliminary Report and Discussion: The auditor prepares a report. The report contains the purpose, scope, and results
of the engagement and, most likely, has recommendations for management to consider.
The report contents are discussed with management as many times the best solution
to an observation comes from management.
Management Corrective Action Plan: Management is given an opportunity to review the content of the report and is requested
to provide a written management corrective action plan. Once the auditor has received management's responses they are included verbatim into
the final report.
Exit Conference: An exit conference is held to discuss any final details of the audit.
Final Report Distribution: The final report will be distributed to the unit dean/chair/director, his/her immediate
supervisor, President of the University, Vice President of the unit's area, Vice President
for Finance and Administration, Associate Vice President for Finance/Controller, and
the System Director of Internal Audit at the Institution of Higher Learning.
Follow-up: The Office of Internal Audit tracks all issues identified during the engagement.
A follow-up review is conducted approximately six months after the issue date of the
audit report.
Feedback: The Office of Internal Audit will request management complete an evaluation of their
experience during the audit and working with the auditors. We encourage the completion
of this evaluation as it will provide valuable feedback for use in our continuous
efforts to improve the quality, efficiency, and effectiveness of our audits.