First: do not panic. An audit does not mean you are doing something wrong—it is an opportunity to confirm the effectiveness of your processes and controls, and to identify aspects of operations that would benefit from improved controls.
The most successful audit projects are those in which the client (you and your organization) and Internal Audit have a collaborative, constructive working relationship. Simply put, when you are actively engaged in the process, you get more out of it. Our objective is to involve you at every stage of the audit so you understand what is being done and why.
The audit timeline
There is no standard amount of time for an audit. The time it takes to complete one depends on a number of factors, such as the size and complexity of the process being audited. We will provide a tentative timeline at the beginning of your project. You can help meet the timeline by ensuring our audit team has prompt access to the people and documentation we need to complete the review. We make every effort to limit disruptions to your ongoing activities.
Although every project is unique, the audit process generally follows a path that includes planning, fieldwork, reporting, and follow-up. Keep reading to find out what happens during each step.
You and your senior leadership will receive an announcement that an audit is beginning. The announcement outlines the preliminary objectives of the audit and gives senior leadership an opportunity to offer input that may help with establishing the scope of the audit.
The audit team will meet with your leadership team to get insight into your unit’s strategic objectives. This is also where we will identify timing and resource requirements.
We will gather background information, which includes additional meetings with key process owners.
We will meet with you to go over our documentation of your unit’s key objectives, significant risks, and existing controls. This ensures that the audit team understands your unit’s operations and provides an opportunity for additional information sharing. We will use this information to develop an audit plan to evaluate the adequacy of client and university controls.
Auditors work through the audit plan by testing your unit’s existing controls. This may involve:
Requests for documentation held on site
Meetings with additional staff to document process flows
Comparison of documentation to process narratives
Observing department activities
Review of existing policies or procedures
We will confer with you on a regular basis to discuss potential audit observations, effects, and recommendations. We will share all observations with you as we identify them in order to avoid surprises.
We will meet with you to provide a summary of all of our observations.
We will prepare a draft audit report based on the final fieldwork update meeting. We will share and discuss it with you, and then make edits based on the discussion and your feedback.
Your unit’s management will provide a written action plan for each audit observation, including:
Planned corrective actions
Target completion dates
If requested, we can have additional discussion of the draft report at a formal audit exit meeting.
We will provide our final report to you, your reporting line leadership, and select executive university leadership (including the president and the trustees).
We value the opinions of clients and stakeholders. After we have finished your audit, we will ask you to complete a client feedback survey. Your input helps Internal Audit continually evaluate the quality of our audit services.
Approximately six months after you receive our final report, we will follow up to determine if your management’s corrective actions have been implemented and have resolved the original observation. This may involve reviewing processes or performing additional (limited) testing. Delays in action plan implementation are reported to senior management.
Once all action plans have been completed, we will notify you and your reporting line leadership that the follow-up has been satisfactorily completed. This completes the audit process.