Internal Auditing

Audit Cycle Synopsis

The following steps are followed in most audits conducted:

Selection of unit to be audited is based on:

  • Input from President, Vice Presidents, Business Officers and other University management level personnel.
  • Level of Risk: Volume of activity, stability of management/staff, last time audited, public relations exposure, external regulatory requirements.

Notification to Auditee through Vice President — Allows for input into the audit process by the Vice President or other appropriate intermediaries.
Entrance Conference — Scope/objectives and purpose of audit are explained. Allows for auditee input into the audit process.

Field Work — Auditor performs work. Findings/recommendations are shared with auditee as audit progresses. 

Work Paper Review
— Director or audit manager reviews work papers and interacts with auditee and University management as audit progresses.
Draft Report — Sent to auditee via email for review and discussion at the Exit Conference.
Exit Conference
— Contents of draft report discussed and agreement reached on any necessary changes. Also provides an opportunity to discuss the format for the response.
Auditee’s Written Response — Via the web portal.

Final Report — Email and hard copy sent to auditee with their response incorporated. Email copies sent to appropriate intermediaries.  

Follow-Up Memo — After two months, follow-up memo sent to request update on any outstanding findings/recommendations.
Follow-up Audit/Review — Within 12 months, the implemented recommendations may be reviewed for their effectiveness.