Audit reports communicate audit observations, recommendations, management action plans, and expected completion dates. An audit report is provided to the auditee and their dean or director responsible for the unit or process being audited. The president, executive vice presidents, general counsel, associate vice president for finance, controller, and director of internal controls receive an executive summary. The Board of Regents periodically receives a summary of all audit reports issued. The chief information officer and chief security officer receive all IT audit reports.
Findings are communicated to the unit’s audit liaison as soon as possible. The unit will prepare an action plan to address all reportable findings
Before the executive summary is issued, a closing meeting is held with management and department representatives. The purpose of the meeting is to finalize the executive summary and answer any questions the auditees may have.
Management Advisory Memo
A management advisory memo is usually supplemental to a formal executive summary. They are used to communicate:
- Detailed supporting information for the issues presented to the auditee
- An issue that is outside the scope of the audit but observed during the audit
- results of a limited project or request
- individual findings to a sample unit within the broad audit scope
- An issue that is relevant to the area audited but cannot be resolved by that unit
A follow-up memo communicates the status of management’s actions to address risks identified during the audit. Once all risks are addressed by management’s action plans., a final follow-up memo is issued, closing the audit.
Reporting to the Board of Regents,
University Audits delivers a summary of all audit activity to the Finance, Audit, and Investment Committee (FAIC) on a periodic basis. This summary includes information on the status of follow-up actions. The month after the Finance, Audit, and Investment Committee receives this report, it is delivered to the full Board of Regents.