Skip to main content

Steps of the Process

There are seven steps in the usual audit process from your initial planning meeting to your follow-up review.

Announcement

To benefit from senior leadership’s collective knowledge, we send an announcement letter during the planning phase of all audits. This provides senior executives an opportunity to offer insight that may help provide direction to the planning phase of the audit.

Planning

Our goal is to make the audit process collaborative and a helpful experience for your unit. Our auditors work with you to create a plan for your audit based upon departmental objectives and priorities. We use this step as a way to become familiar with your unit.

We work with your unit to identify the most significant risks and define the scope of the audit. We also solicit input about the audit from university leaders. The risk assessment and audit scope are used to develop an audit program, which is a blueprint for conducting the audit.

Opening Meeting

The opening meeting is an opportunity for the unit being audited to identify those risks they feel are important and things they would want our team to review. Input from the area being audited is very important to the audit process. During this meeting, the audit team provides an overview of the audit process and steps we follow to complete the audit.

Timing and resource requirements are agreed upon with the unit.

Review & Testing

After planning, the auditor reviews and tests the areas identified in the audit program. This work may include, interviewing personnel, observing department activities, testing stated controls for compliance, and reviewing documents. All observations are shared as they are identified.

Closing Meeting

After testing is completed, a draft executive summary (conclusion section in the audit report) and appropriate management advisory memos are distributed to department management. The executive summary details high level observations and provides senior management with Audit Services’ opinion of the unit’s control environment.

In the closing meeting, Audit Services meets with department representatives and other stakeholders to finalize the executive summary and management advisory report(s).

Reporting

After the closing meeting, the final audit report and any necessary management advisory memos are distributed.

  • The audit report provides unit leadership a summary of the audit observations, management’s plans to address observations, and provides some background information on the unit or process audited.

  • Reports are also sent to the president, executive vice presidents, general counsel, associate vice president for finance, controller, and director of internal controls.

  • An audit observation document, which has detailed information on the observations and management’s plans, is shared only with unit leadership.

  • Management advisory memos:

    • Share detailed supporting information for the observations presented in the audit report
    • Address an issue that is outside the scope of the audit but observed during the audit
    • Communicate the results of a limited project or request
    • Provide individual findings to a sample unit that is part of the broad audit scope
    • Refer an issue that is relevant to the area audited but cannot be resolved by that unit to the unit who can help resolve the issue

Management advisories are not part of every audit.

Follow-Up

After the audit report is issued, if you have open management action plans, we will periodically contact your unit to review the status of management’s action plans in advance of the follow-up process.

During the follow-up review, we will verify the completeness and implementation of management’s corrective actions. A follow-up memo is issued at the conclusion of the review.

The timing for the issuance of the memo depends on the observation level of priority:

  • Corrective actions for high-priority observations are expected to be completed within six months of the report issue date unless otherwise indicated in a management action plan.
  • Corrective actions for medium-priority observations are expected to be completed within one year of the report issue date unless otherwise indicated in a management action plan.

We will follow up every six months until all management action plans are implemented.

Audit Services delivers a summary of all audit activity to the Finance, Audit and Investment Committee (FAIC) on a periodic basis. This summary includes information on the status of follow-up actions.