Audit Services works with the unit to be audited to identify the most significant risks and define the scope of the audit. We also solicit input about the audit from university leaders. The risk assessment and audit scope are used to develop an audit program, which is a blueprint for conducting the audit.
To benefit from senior leadership’s collective knowledge, we send an announcement letter prior to the planning phase of all audits. This provides senior executives an opportunity to offer insight that may help provide direction to the planning phase of the audit.
This meeting presents an opportunity to discuss the audit program with department management. Input from the area being audited is very important to the audit process. Timing and resource requirements are identified.
Implementation of the Audit Plan
After planning, the auditor reviews and tests the areas identified in the audit program. This work may include, interviewing personnel, observing department activities, testing stated controls for compliance, and reviewing documents. All observations are shared as they are identified.
Draft Executive Summary and Audit Report
After testing is completed, a draft executive summary and appropriate management advisory memos are distributed to department management. The executive summary details high level observations and provides senior management with University Audit’s opinion of the unit’s control environment.
Audit Services meets with department representatives and other stakeholders to finalize the executive summary and management advisory report(s).
Final Audit Report
After the closing meeting, the executive summary and all appropriate management advisory memos are distributed.
- Management advisory memos are issued to the deans or directors responsible for the departments or processes being audited.
- The president, executive vice presidents, general counsel, associate vice president for finance, controller, and director of internal controls receive an executive summary.
- Audit report is only provided to unit leadership.
After the audit report is issued, Audit Services will periodically check in with the audited unit to review the status of management’s action plans. At one year (or once the management action plans have been implemented, if earlier), and every six months afterwards until the actions are completed, Audit Services will issue a follow-up memo on the status of the audit.