A typical audit is comprised of four stages: planning, fieldwork, reporting, and follow-up.
During the planning phase, we notify you of the audit through an announcement letter. An auditor will contact you to set up an audit planning meeting. The purpose of the meeting is to discuss the audit process and review the scope and objectives of the audit, discuss any concerns or suggested scope items, and discuss risks inherent to the unit.
In this phase the auditor gathers relevant information about the unit in order to obtain a general overview of operations and internal controls and performs transaction testing. It is during this phase that the auditor determines whether the controls identified during the preliminary review are operating properly and in the manner described by the client. These procedures usually test the major internal controls and the accuracy and propriety of the transactions.
As the fieldwork progresses, the auditor will discuss any significant findings with our audit customer. Hopefully, the audit customer can offer insights and work with the auditor to determine the best method of resolving the finding. Upon completion of the fieldwork, the lead auditor will summarize the audit findings, conclusions, and recommendations and review them with our audit contact.
Our principal product is the final report in which we express our opinions, present the audit findings, and discuss recommendations for improvements. After the fieldwork is completed, Internal Audit will meet with the unit's management team to discuss the findings, conclusions, and recommendations. The auditor prepares a draft report, taking into account any revisions resulting from the closing meeting and other discussions. The report consists of several sections and includes: the distribution list, scope and objectives, overall assessment, and our findings and recommendations. We issue the draft report to unit management only, along with a management memorandum detailing any less significant findings.
We request that management provide written responses to the draft report comments, indicating how and when the recommendations will be implemented. Once the management responses have been received, Internal Audit incorporates the responses into the draft report, creating the final report. The final report is distributed to the unit's reporting supervisor and other appropriate members of the University's senior management. This report is primarily for internal University management use. All audit information should be treated as confidential and is reported only to those within the University who need to know.
Finally, as part of Internal Audit's self-evaluation program, we ask clients to comment on Internal Audit's performance. This feedback has proven to be very beneficial to us, and we have made changes in our procedures as a result of clients' suggestions.
Internal Audit will perform a follow-up review to verify the recommendations included in the final report have been implemented.