First: don't panic! An audit doesn't mean you are doing something wrong—it's an opportunity to confirm the effectiveness of your processes and controls or to identify aspects that would benefit from improved controls.
The most successful audit projects are those in which the client (you and your organization) and Internal Audit have a collaborative working relationship. Simply put, when you are actively engaged in the process, you get more out of it. Our goal is to involve you at every stage of the audit so you understand what is being done and why.
The audit timeline
There is no standard amount of time for an audit. The time it takes to complete one depends on a number of factors, such as the size and complexity of the process being audited. We will provide a tentative timeline at the beginning of your project. You can help meet the timeline by ensuring our audit team has prompt access to the people and documentation we need to complete the review. We make every effort to limit disruptions to your ongoing activities.
Although every project is unique, the audit process generally follows a path that includes planning, fieldwork, reporting, and follow-up. Keep reading to find out what happens during each step.
Planning
You and your senior leadership will receive an announcement that an audit is beginning. The announcement outlines the preliminary objectives of the audit and gives senior leadership an opportunity to offer input that may help with establishing the scope of the audit.
The audit team will meet with your leadership team to get insight into your unit’s strategic objectives. This is also where we will identify timing and resource requirements.
We will gather background information, which includes additional meetings with key process owners or reviewing your unit's documented procedures. At the conclusion of this phase, we review and share our understanding of your unit's key objectives and existing controls. This ensures that our team understands your operations and provides an opportunity for additional discussion or questions. We use this information to develop the audit testing plan.
Fieldwork
Auditors work through the audit plan by testing your unit’s existing controls. This may involve:
Requests for documentation held on site
Meetings with additional staff to document process flows
Comparison of documentation to process narratives
Observing department activities
Review of existing policies or procedures
We will confer with you on a regular basis to discuss potential audit observations, effects, and recommendations. We will share all observations with you as we identify them in order to avoid surprises.
We will meet with you to provide a summary of all of our observations.
Reporting
We will prepare a draft audit report based on the final fieldwork update meeting. We will share and discuss the draft with you and make edits based on the discussion and your feedback.
Your unit’s management will provide a written action plan for each audit observation, including:
Planned corrective actions
Responsible personnel
Target completion dates
If requested, we can have additional discussion of the draft report at a formal audit exit meeting.
We will provide our final report to you, your reporting line leadership, and select executive university leadership (including the president and the trustees).
Follow-up
We value the opinions of clients and stakeholders. After we have finished your audit, we will ask you to complete a client feedback survey. Your input helps Internal Audit continually evaluate the quality of our audit services.
You can also contact our chief audit officer directly to discuss your audit experience.
Approximately six months after you receive our final report we will follow up to determine if corrective actions have been implemented to resolve the original observation. This may involve reviewing processes or performing additional (limited) testing. Delays in action plan implementation are reported to senior management.
Once all observations have been addressed, we will notify you and your reporting line leadership that the follow-up has been completed. This concludes the audit process.
