Audit Cycle Synopsis

The following steps are followed in most audits conducted:

Selection of unit to be audited is based on:

• Input from President, Vice Presidents, Business Officers and other University management level personnel.

• Level of Risk:  Volume of activity, stability of management/staff, last time audited, public relations exposure, external regulatory requirements.

Notification to Auditee through Vice President — Allows for input into the audit process by the Vice President or other appropriate intermediaries.
   
Entrance Conference — Scope/objectives and purpose of audit are explained.  Allows for auditee input into the audit process.

Field Work — Auditor performs work.  Findings/recommendations are shared with auditee as audit progresses. 

Work Paper Review — Director or audit manager reviews work papers and interacts with auditee and University management as audit progresses.
    
Draft Report — Sent to auditee via email for review and discussion at the Exit Conference
    
Exit Conference — Contents of draft report discussed and agreement reached on any necessary changes.  Also provides an opportunity to discuss the format for the response.
    
Auditee’s Written Response — Within 30 calendar days via email and hard copy.  

Final Report — Email and hard copy sent to auditee with their response incorporated.  Email copies sent to appropriate intermediaries.  

Follow-Up Memo — After two months, follow-up memo sent to request update on any outstanding findings/recommendations.
    
Follow-up Audit/Review — Within 12 months, the implemented recommendations may be reviewed for their effectiveness.