What We Do
As the Internal Audit branch of the Office of Audit and Risk Services, it is our duty to assist and serve members of the University in the effective execution of their responsibilities by providing them with analysis, appraisals, information, counsel and recommendations pertaining to the activities reviewed and by promoting effective internal controls, sound business practices and continuous improvement.
A risk-based internal audit work plan is developed annually with input from various stakeholders and presented to the Audit Committee for approval at the annual fall Audit Committee meeting. The internal audit work plan summarizes the internal audits that will be performed during that audit cycle.
A typical internal audit consists of:
Internal Audit Notification Letters are issued to departments that are included in the annual internal audit work plan. The departments are notified of the impending audit including (i) the estimated commencement date, (ii) the purpose of the engagement, and (iii) other applicable dates.
Opening Meeting and Planning
An introductory meeting is scheduled to discuss the audit including objectives, timing, resource requirements, and the audit reporting process. In the planning phase, the auditor gathers an understanding of the unit including applicable processes and associated risks through a review of relevant information including policies and procedures, budgets, strategic plans, departmental objectives, key performance indicators etc. Utilizing this information as well as other internal audit tools and resources, a formal audit program is prepared.
Closing Meeting and Reporting
At the completion of field work, a closing meeting is scheduled. A draft findings report is prepared and issued in advance of the closing meeting. The draft report is then updated to reflect any changes as discussed at the closing meeting, if applicable. Management is then requested to provide the "Management Action Plan" for the report at a date two weeks after the closing meeting date. Once an acceptable "Management Action Plan" has been submitted, the final report is issued to the associated report distribution list as noted on the audit report. Audit reports are presented to the Audit Committee of the Board of Governors three times annually.
Internal Audit follow-up matrixes are issued to departments with pending remedial action items three times yearly requesting a status update on the items. Based on the responses provided in the follow-up matrixes, additional audit work may be performed if necessary which could include site visits. Continuous monitoring will cease once all remedial actions have been adequately implemented.