Each audit process is different, but the process of auditing is generally similar. It usually consists four stages: Planning, Preliminary Review, Fieldwork, Audit Report, and Follow-up. Each stage of the audit requires client involvement. Audits, like any other special project require that some time be taken from the staff of your department. This time should be minimized and not disrupt ongoing activities.
These are the 4 phases of the audit process:
The planning phase involves contacting audit clients and gathering relevant background information to get a better understanding of the area being audited. This phase also includes the definition of audit objectives and the creation and implementation of an audit program. This is the blueprint that will guide the audit and help achieve the audit objectives. To ensure that the audit objectives are met, most cases will include a risk assessment of each department or function.
Notification letter – Audit clients are notified by mail when their area is selected to be audited. However, some audit work may require little notice or even no advance notice. This letter is sent out to the audit area’s executive officer, as well as to the Chairperson or Director. Sometimes, the auditors will receive a preliminary questionnaire or a list of documents to help them understand the unit.
Entry Meeting – It depends on the type and amount of work involved in an audit, a meeting with the head and administrative staff may be set up. Meetings in person are preferable, but it is possible to do so via telephone or another method if needed.
The following events will be held at the Entrance Meeting:
- Discuss the scope and objectives of the audit
- The reporting process and audit methodology will be described.
- The estimated timing and resources required are identified. Any potential issues (vacations or deadlines, for example) should be brought up. Any issues that may impact the audit’s success should be raised at this point
- All questions regarding the audit and/or process will be answered
It is important to get input regarding any concerns or risks that should be addressed in the audit.
Fieldwork is the evaluation phase of an audit. This includes testing transactions, records, resources and assessing compliance.
The audit team may need to interview departmental staff and review records and practices. However, we will make every effort to minimize disruptions and work with clients to ensure that the audit process is as smooth as possible.
The length of an audit depends on its scope. A limited scope audit may only take a few weeks, while a broad scope audit may take several months. Access to records and personnel, as well as the time taken to respond to audit requests, can all impact the length of an audit.
Audit clients will be kept informed about the audit process throughout the audit through regular status meetings or communications. As soon as possible, the audit team will make every effort to communicate with audit clients about their audit observations, potential problems, and proposed recommendations. Sometimes, clients may need to be contacted directly by the audit team to validate or determine the root cause of the problem and to discuss possible solutions.
Every audit ends with a written report. It contains details about the scope, objectives, results, improvements, client responses, and corrective actions.
Draft Report Audit reports are usually prepared in draft form. Distribution is limited to the immediate area manager so that the report can be reviewed before being distributed.
If there are any recommendations, the client of an audit is asked to provide written responses detailing the following:
- The corrective action plan is designed to address the root cause of the problem.
- The person who is responsible for corrective action implementation
- A date for implementation is expected.
These answers will be included in the final audit report that is sent to the appropriate University administration level. Priority issues and recommendations are reported and followed by the UT System until they are implemented.
Exit meeting – An exit meeting is held if necessary to address any concerns or questions the audit client might have regarding the audit results. Also, it will resolve any other issues that may arise before the final audit report can be released. The audit team, chairperson and director of the audited entity, along with any other individuals that the audit client would like to invite, are usually present.
After the client audit has completed their exit meeting, the draft report will be distributed to the Vice President, Dean and other executive levels responsible for the function or department for review and comment.
Final Audit report – This final audit report is addressed directly to the University President. Copies are also sent to the appropriate levels of University management, to the Board of Regents and to the UT System Audit Office and other state agencies.
Sometimes, corrective actions required to resolve audit issues will not be taken until the final audit report is completed. Follow-up on previously reported recommendations will be done in these instances to verify that corrective actions have been taken and the expected results achieved. Based on the severity and nature of the audit issue being addressed, follow-up activities may include interviews with staff, review of updated documentation or procedures, or re-auditing processes that led to the audit issue.
At each Quarterly Institutional Audit Committee (IAC), a summary of all open findings will be presented. The responsible person must send a letter to the IAC explaining why they did not meet the deadline and when they will be complete. The responsible person must explain to the IAC why the date was missed twice.
Management and the Board of Trustees at Case Western Reserve place assets at risk in order to meet established goals and priorities. The Office of Internal Audit Services has a key function. It is responsible for understanding, auditing, and reporting to the Board of Trustees on how the risk is being managed. The management of the internal audit function is a key part. This includes knowing which areas to audit and where resources can be allocated.
Each year, the Office of Internal Audit Services conducts a comprehensive risk assessment of all university management centres, operating units and major departments to identify areas of potential danger. An Audit Plan is then developed from this assessment and submitted to the Audit Committee for approval.
It addresses high-risk areas and allocates time for special projects. The university’s senior executives are interviewed and data analysed to update the risk assessment every year. Any changes made to the university’s risk assessment may be reflected in the audit plan.
The Audit Plan should be dynamic and adaptable to changing environments. This is what we believe will serve the university best. If your department or management center has a need for our services please contact us.
The Office of Internal Audit Services will determine the level of assistance that we can provide based on your needs and the time required to complete them. We will provide guidance and advice for any project that you are working on.
Most cases will result in notification to you or your department when audits are being conducted.
- Expect to be able to comprehend the purpose and objective of the audit
- You can share your concerns and ideas about the audit
- Expect respect and courtesy
- Expect to be asked to provide financial and departmental documentation. Some may be confidential.
- Confidential information will remain confidential
- All questions will be answered honestly
- You will receive a draft of the Final Audit Report before it is released
Preparing for an Audit
- All requested materials and records should be available when requested
- Organise your files to minimize interruptions in your day
- Complete files
- Please be available for the audit.
- If requested, provide work space for auditors
Step 1: Planning
The auditor will review any prior audits done in your area as well as professional literature. The auditor will also review applicable statutes and policies to prepare a basic audit plan.
Step 2: Notification
The Office of Internal Audit Services will inform the relevant department or department personnel about the upcoming audit. An opening meeting will then be scheduled.
Step 3: Open Meeting
The meeting will be attended by management as well as any administrative personnel who are involved in the audit. As well as the audit plan, it will be discussed what the audit is all about. Based on the information received during this meeting, the audit program could be modified.
Step 4: Fieldwork
This includes both the testing and interviews with departmental personnel.
Step 5: Report Writing
A report is prepared after the fieldwork has been completed. The report contains information such as the scope and objective of the audit, background, findings, and suggestions for improvement or correction.
Step 6: Management Response
The management of the area audited will receive a draft audit report for review. They can then respond to the recommendations with their responses. The management response should include their correction plan.
Step 7: Closing the Meeting
This meeting is with the department management. This is will include management responses and the audit report. The place for clarifications and questions. And will include information about any other audit procedures that were not covered in the final report.
Step 8: Distribution of the final audit report
The final audit report, including management responses, is distributed after the closing meeting to the department personnel involved in audit, the President, Chief Financial Officer and Chief Provost of CWRU, as well as CWRU’s outside accounting firm.
Step 9: Follow up
The Office of Internal Audit Services will conduct a follow up review approximately six months after the audit report has been issued. This review will determine whether corrective actions have been taken.