The audit process generally follows the steps outlined below. Please click through the tabs in order to better understand the process.
First, area management will receive an email informing them of the upcoming audit.
A kick-off meeting is held with area management and the audit team. The purpose of this meeting is to conduct introductions, address any concerns that area management may have, and discuss the purpose and objectives of the audit.
During planning, research is conducted, key risks are identified, and a preliminary assessment of the adequacy of existing controls is performed. Documentation will be requested and meetings will be held between members of the audit team and area management and staff, to gather information about the area being audited.
Once planning has been completed, an engagement level risk assessment is conducted which determines the focus of the audit. The focus of the audit is communicated to area management by the audit team during this meeting.
After the scope meeting, the audit team will begin fieldwork. Fieldwork typically consists of talking with area staff, testing for compliance with applicable university policies and procedures and laws and regulations, and assessing the adequacy of internal controls.
Throughout fieldwork, the audit team will discuss any potential findings with area management as they arise.
An exit meeting will be held between area management and the audit team once fieldwork has been completed. The results of the audit work and any issues or findings and possible solutions will be reviewed. This is also an opportunity to discuss how the audit went and offer any suggestions that can be used on future audits.
After the exit meeting, the audit team will draft an audit report. The report consists of several sections including the distribution list, a general overview of the area, the purpose and scope of the audit, the overall conclusion, and details describing the findings and recommended solutions. This will be presented to area management for their review and comments.
Once the report is finalized, the audit team will request management responses. The response consists of an action plan to correct the problem and the expected completion date.
Copies of the audit reports are sent to to the department administration, the President, the Executive Vice President, the Financial Vice President, the Controller, General Counsel, the external auditors (PricewaterhouseCoopers) and others, depending on the type of audit.
A summary of the report is provided to the Finance and Audit Committee semi-annually.
Follow-up will occur shortly after the expected completion date. The purpose of following up is to verify that area management has implemented the agreed-upon corrective actions. The auditor may interview staff, perform tests, or review new procedures to perform the verification.