The following are the various stages of the internal audit process for routine audits.
1. Preliminary survey
Once an area is designated for an audit, Internal Audits will contact the appropriate vice president(s) and department head to notify them of the upcoming audit and to advise them that Internal Audits will be gathering preliminary information from Banner (Finance, Human Resources, Student and Advancement) and/or other appropriate systems. Information may also be obtained about the area via interviews, web resources and listservs. If desired by the department head, an entrance interview is held between Internal Audits and the individuals responsible for the area being audited. The internal audit process and the scope and objectives of the audit are discussed at this time.
2. Field work
Depending on the audit, the field work stage may include the performance of system and/or document walkthroughs, process reviews, testing of transactions and/or records, analyses of accounts, and the examination and/or counting of assets. If any control weaknesses or concerns are identified during the field work, the auditor advises the appropriate individuals and collaborates with them to develop solutions. After the field work is completed and the first draft of the audit report is written, the work papers and draft report go through a review process within the Internal Audits Department.
3. Exit conference
A copy of the first draft audit report is provided to the auditee. If desired by the auditee, an exit conference is held to discuss the first draft report in detail. At that meeting any required changes are made to the report to ensure that it is accurate and fairly represents the results of the audit and the area that was audited. Any developed solutions are also agreed upon and refined if necessary.
4. Final audit report provided to the cognizant vice president
After the draft audit report is agreed upon, it becomes a final draft and is sent to the cognizant vice president or provost for their review.
5. Report distribution to the president and the Compliance, Audit, and Risk Committee of the Board of Trustees
After the cognizant vice president/provost has had an opportunity to comment on the audit report, it is sent to the president and Management Audit and Compliance Committee as well as the members of the Compliance, Audit, and Risk Committee of the Board of Trustees.
6. Follow-up audits
Approximately one to five months after the completion of an audit, Internal Audits contacts the appropriate management and staff in the area and performs a follow-up audit to determine that the agreed upon solutions and corrective actions have been implemented and are working effectively. Internal Audits is required to provide the president and the MACC members with a report on the follow-up audits indicating the follow-up audits that have been performed where all solutions and corrective actions have been implemented, the areas that have not yet implemented the required solutions and corrective actions, and the areas that are scheduled to have a future follow-up audit performed. This report is also shared with the Compliance, Audit, and Risk Committee of the Board of Trustees.