Internal Audit Department
What We Do

As the Internal Audit branch of the Office of Audit and Risk Services, it is our duty to assist and serve members of the University in the effective execution of their responsibilities by providing them with analysis, appraisals, information, counsel and recommendations pertaining to the activities reviewed and by promoting effective internal controls, sound business practices and continuous improvement.

A risk-based internal audit work plan is developed annually with input from various stakeholders and presented to the Audit Committee for approval at the annual fall Audit Committee meeting. The internal audit work plan summarizes the internal audits that will be performed during that audit cycle.

A typical internal audit consists of:

Notification Letter

Internal Audit Notification Letters are issued to departments that are included in the annual internal audit work plan. The departments are notified of the impending audit including (i) the estimated commencement date, (ii) the purpose of the engagement, and (iii) other applicable dates.

Opening Meeting and Planning

An introductory meeting is scheduled to discuss the audit including objectives, timing, resource requirements, and the audit reporting process. In the planning phase, the auditor gathers an understanding of the unit including applicable processes and associated risks through a review of relevant information including policies and procedures, budgets, strategic plans, departmental objectives, key performance indicators etc. Utilizing this information as well as other internal audit tools and resources, a formal audit program is prepared.

Fieldwork

The audit program is executed during fieldwork.

Fieldwork consists of the following:

interviewing key personnel;
observing and documenting business processes;
examining records and supporting documentation;
performing various analytics;
evaluating the completeness, accuracy and propriety of records and transactions;
perform applicable testing;
review controls, procedures and safeguarding of assets;
evaluate for efficiency and effectiveness;
assess compliance with University policies and procedures, statutory requirements &
other best practices

Preliminary audit findings will be discussed with the department contact throughout the fieldwork phase.

Closing Meeting and Reporting

At the completion of field work, a closing meeting is scheduled. A draft findings report is prepared and issued in advance of the closing meeting. The draft report is then updated to reflect any changes as discussed at the closing meeting, if applicable. Management is then requested to provide the "Management Action Plan" for the report at a date two weeks after the closing meeting date. Once an acceptable "Management Action Plan" has been submitted, the final report is issued to the associated report distribution list as noted on the audit report. Audit reports are presented to the Audit Committee of the Board of Governors three times annually.

Monitoring

Internal Audit follow-up matrixes are issued to departments with pending remedial action items three times yearly requesting a status update on the items. Based on the responses provided in the follow-up matrixes, additional audit work may be performed if necessary which could include site visits. Continuous monitoring will cease once all remedial actions have been adequately implemented.

TOP