You hear that the auditors are coming to conduct an entrance conference or fieldwork at your department. You may ask,
The most successful audit projects are those in which you, the audit client, and Internal Audit have a constructive working relationship. Our objective is to have your continued involvement at every phase so you understand what we are doing and why, while trying to minimize disruptions of your daily activities.
Although every audit project is unique, the audit process is similar for most audits and consists of the same phases. There are five phases of our audit process, each one requiring the involvement from you, our audit client. In the annual audit plan phase, your supervisors, department chairs, deans, and executive management complete a risk assessment questionnaire. During planning, we work with you to understand and learn about your area so that we can develop step to evaluate the processes and controls currently in place. Fieldwork consists of specific testing steps we perform to identify whether the controls are mitigating the risks. Reporting of our results takes place through a transparent reporting process involving you, the audit client. Finally, follow-up is where we come back to you after a period of time to reassess the progress made against your agreed upon management responses. Each of the following sections describes the above phases in more detail.
Every other year we conduct a University-wide risk assessment in the spring. We interview the supervisors, department chairs, and deans of each department utilizing a standardized questionnaire. This questionnaire identifies specific risk criteria within six general areas of risk:
We have developed the questions to attempt to objective determine the amount of risk in the department relative to each risk criteria. Each individual criteria is given a score from one (low risk) to five (high risk) and the sum of all those scores determines the department’s risk ranking. We evaluate those departments with high-risk rankings and develop the annual audit plan. We present the proposed annual audit plan to the President and the Fiscal Affairs and Audit Committee of the Kansas Board of Regents for review and approval.
The planning phase is extremely important to the success of the overall audit. During the planning phase we:
It is during this phase that we gather relevant information about your department in order to obtain a general overview of your operations and internal controls and perform transaction testing. During fieldwork, we determine whether the controls identified are operating efficiently and are adequately controlling the risks identified during the planning phase. During the fieldwork we:
During the reporting phase, we schedule several meetings, preliminary close meetings and a final close meeting.
When the fieldwork is complete, we schedule the first preliminary closing meeting with you and your staff to discuss the audit results. During this meeting, we discuss our findings and recommendations. Typically, this information is in the format of a finding spreadsheet. This is an opportunity to help us better understand any results that require more context or to explain those we may have misinterpreted. Our recommendations are just that, recommendations based on our knowledge of the subject or a best practice we identified during our research of the audit area.
At the conclusion of this meeting, we request that you provide us with your management responses to our audit findings and suggested recommendations. Your management responses are usually required back to us within 2 weeks. Your management response is either:
As you can see, this meeting is very important because we seek your agreement or disagreement to each audit finding and recommendation, and your opinion as to the reasonableness of each recommendation. We do not want a recommendation of which the cost outweighs the risk. We want the recommendations to mitigate the risk identified but also for them to work with you, not against you.
Between the first and second preliminary meeting, we draft the audit report based on the information in the audit finding spreadsheet. At this point, we adjust the wording if necessary to make the report sound more like an audit report and less like a spreadsheet. We also give an overall opinion regarding the audit results. Once we receive your management responses, we include them in the draft audit report. We send you the draft report for your review.
Once we have received your management responses and you have reviewed the draft report, we meet with your direct supervisor to discuss the draft audit report. We discuss the audit findings, recommendations, and your management responses. We make any revisions recommended during the second preliminary close meeting to the draft audit report.
The final close meeting is very similar to the second preliminary meeting except the President and Vice President of your area are in the meeting to discuss the draft audit report. We discuss the audit findings, recommendations, and your management responses. At the conclusion of the meeting, we request the approval of the draft audit report. We receive the approval of the draft audit report via email. We change the draft report into a final report and send it electronically to you, your supervisor, your Vice President, and the President.
As part of our self-evaluations program, we ask you and/or your staff to comment on our performance. We send you an email with a link to our post-audit survey after the final close meeting. This survey helps our department evaluate our strengths and weaknesses and foster future improvements in our audit process.
Once a year in April or May, we perform audit follow up. During audit follow up, we send you an email requesting you provide us with the status of your management responses. We want to know if you have implemented the recommendations. Sometime we request more information from you to test whether you have completely implemented the recommendations. We create a report of the number of outstanding recommendations. The report is issued to the President.
As we have pointed out, during each phase in the audit process you have the opportunity to participate. There is no doubt that the process works best when we have a solid working relationship based on clear and continuing communication. Many departments extend this working relationship beyond the initial audit. Once we have worked with you on a project, we have an understanding of the unique characteristics of your department’s operations. As a result, we can help evaluate future changes or modifications in your operations.