Audit ProcessAlthough every audit project is unique, the audit process is similar for most audits and consists of the same phases. During planning, we work with you to understand and learn about your area so that we can develop steps to evaluate the processes and controls currently in place. Fieldwork consists of specific testing steps we perform to identify whether the controls are mitigating the risks. Reporting of our results takes place through a transparent reporting process involving you, the audit client. Finally, follow-up is where we may come back to you after a period of time to assess the progress made against your agreed upon management responses. These phases are discussed in more detail below.
The audit of most areas (other than special requests) is based on periodic Risk Assessment. This assessment may include input from management and staff in identifying risks.
The planning phase is extremely important to the success of the overall audit. During the planning phase we:
- Gather relevant background information about your department or processes within your department via: your strategic plan, your policies and procedures, your job descriptions, Association of College and University Auditors resources, and internet searches
- Review the background information we gathered to understand your department’s goals and objectives
- Conduct an opening meeting with you to provide education about the audit process, obtain your list of high risks affecting your department, and obtain your general concerns about your department
- Develop the audit scope and objectives for your audit, and provide you with the audit scope and objectives
- Develop the audit program – an outline of the fieldwork steps necessary to achieve the audit objectives
It is during this phase that we gather relevant information about your department in order to obtain a general overview of your operations and internal controls and perform transaction testing. During fieldwork, we determine whether the controls identified are operating efficiently and are adequately controlling the risks identified during the planning phase. During the fieldwork we:
- Conduct inquiry interviews with you and/or your staff to obtain an understanding and documentation of your departmental policies, processes, and related internal controls
- May observe you and/or your staff performing their daily operations and obtain copies of your documentation
- Review supporting documentation for your historic transactions based on a sample selection
- Keep you informed of the process and any findings we may have, if possible
At the end of fieldwork, a draft report is prepared stating our audit scope, details on audit findings, and our recommendations. The draft report will be discussed with you at the exit conference to verify that we have correctly stated the facts concerning each audit finding and to get input from you regarding our recommendations. After that, a draft report with a Management Response section after each of our recommendations will be provided for your response. Management responses should include corrective action plans, parties responsible for carrying out the corrective actions, and implementation dates.
A final report incorporating your responses will be issued to senior management.
Depending on the audit findings we may conduct a follow up review. During audit follow up, we will send you an email requesting you provide us with the status of your management responses. We want to know if you have implemented the recommendations. Sometimes we request more information from you to test whether you have completely implemented the recommendations. We create a report of the number of outstanding recommendations. The report is issued to senior management.
Things To Remember During An Audit
- Please provide documentation in a timely manner.
- If a request is outside of your responsibilities, point us to the person able to assist us.
- It is okay if you do not know the answer to a request; let us know so we can determine the right person to talk with.