Audits

Audit Objectives

In audits, we evaluate a unit or system of the university to determine whether internal controls adequately mitigate risks, processes are efficient and effective, and the unit complies with applicable rules and regulations. The purpose of the audit is to facilitate positive change.

Selection of Audit

Audits are selected on the basis of a risk assessment of the university. Areas with higher risk are those with cash collections, large volume of transactions, past internal control concerns, complex operations, systems significantly impacting university operations, greater potential for negative publicity, and extended time since last audit.

University Audit has the authority to audit all areas of the university, per our charter that was approved by the University President. University Audit has unrestricted access to university records, data, personnel, and physical property relevant to performing audits, reviews, advisory services, and investigations.

Audit Process

Planning and Entry Conference
The audit begins with planning the audit and meeting with management at an entry conference. At the meeting, we explain the audit scope and objectives, discuss the timing of the audit, and ask about any concerns of management. The auditor next obtains background information, reviews applicable regulations, and discusses with management the area’s mission, objectives, and higher risk issues.

Review of Internal Controls and Tests of Transactions
In this phase of the audit, the auditor meets with staff and management to understand the unit’s procedures and internal controls. The auditor identifies controls that reduce risk, as well as any missing controls.

Then the auditor tests a sample of transactions, with emphasis placed on higher risk items. Audits of revenues and expenditures typically include tests of revenues, purchases, PCard purchases, property, travel, and payroll.

Draft Report and Exit Conference
The auditor first meets informally with management of the area to discuss probable report comments to ensure the comments are accurate and that the recommendations are feasible. Then the report is drafted and sent to management for review prior to discussion at the exit conference.

Final Report
The final report reflects changes discussed at the exit conference as well as management’s plan for corrective action. The report is officially addressed to the University President, with copies to applicable administrators and to the Board of Trustees.

Audit Follow-up

We track audit recommendations in a database, following-up with management to determine whether the recommendations were actually implemented. The planned action dates determine the timing of our audit follow-up:

*Planned Action Date*	*Follow-up Date*
July through December	Following January
January through June	Following July

To perform the follow-up, the auditor inquires about progress in implementing the recommendation and reviews a limited sample of transactions.