Glossary

Audit Findings: Observations noted during fieldwork that are inconsistent with proper practices; findings typically highlight an increased risk to the institution/organization or a failure of controls.

Audit Plan: The annual blueprint for what areas will be reviewed by internal audit, created based on the results of the Risk Assessment.

Audit Scope and Approach: The areas that the audit will address (Scope) and the related audit activities (Approach).

Audit Work Program: Detailed procedures that guide us in the completion of the project.

Design of Controls: How well internal controls would address related risks if the controls operated as intended.

Draft Audit Report: The result of our work, typically in a report form detailing the audit’s background and scope, work performed, summary of observations, and recommendations.

Entrance Meeting: The initial meeting between University Audits and unit management and process owner(s), discussing the audit work to be performed.

Exit Meeting: Review of the draft report with unit management and/or process owner(s) to ensure understanding and agreement among both parties before information is shared with executive management.

Fieldwork: Action steps necessary for us to carry out our work to achieve the objectives of the audit.

Final Audit Report: Version of the audit report, including management’s response, which is presented to the Finance, Audit and Investment Committee and signifies the completion of the audit.

Information Request: List of files, policies, procedures, or other information that we will need to complete our work.

Interviews: Meetings with knowledgeable personnel to better understand the processes and operations of the unit.

Internal Control: A process, including policies, procedures, monitoring techniques, and attitudes, that helps to achieve a desire result.

Management’s Response: Management’s plan for addressing the observations and recommendations included in the report.

Process: Series of activities or tasks that produces a specific outcome (e.g., charging costs to a grant).

Process Documentation: Visual representation of the flow of information or work steps involved in completing specific processes.

Recommendations: Suggested changes or enhancements to policies or processes to strengthen intern controls or improve efficiency and effectiveness.

Risk Assessment: The process of reviewing an institution’s operations and determining the areas of greatest exposure.

Risk Mitigation: Actions taken to reduce the exposure or impact of what could go wrong.

Testing Procedures: Processes for determining the effectiveness of controls and existence of risk(s); may include sample selection, interviews, process walkthroughs, and transaction testing.