The Audit Process
Deciding What to Audit
Each year, Internal Audit proposes a slate of planned audits to the Audit Committee of the Board of Trustees for approval. We decide which departments to audit by considering:
- The relative risk of various operations throughout the University
- The results of past audits
- Input from Internal Audit team members, the Audit Committee of the Board of Trustees, University administration, department managers, and external auditors
- Requests for internal audit work from trustees or members of management
Audit Kick-Off
In general, if we select your department to be audited, we'll discuss such with senior managers in your office well in advance. While there's never a good time for an audit, there are often particular times that are the worst, and we do our best to avoid those.
We'll schedule a pre-audit meeting with leadership of the area to solicit input as to what areas would be best to address in the scope of the audit. This is a great time to ask questions or raise concerns about the process and how you can help.
Audit Length
Audits can range from days to several months. If we choose to audit your operations, we'll give your area's management an estimate of how long we expect the review to take during our audit planning. We'll also update you throughout the audit process, and let you know of any changes in the timeline
Audit Timeline
Planning
Notify key stakeholders. Determine audit objectives, scope, and timing.
Fieldwork
Test processes, transactions, and controls. Analyze results and validate observations with audit client.
Draft Audit Report
Communicate audit results to the audit client to agree upon results and obtain action plans.
Final Audit Report
Communicate audit results to senior management, the chair of the Audit Committee of the Board of Trustees, and any other relevant stakeholders
Follow Up
Review and report on status of management action plans to ensure they sufficiently mitigated risk to an acceptable level