What Occurs During and Audit?
Timeline
Once an audit is assigned, the auditor responsible will contact you to
advise you of the coming audit and ensure that your workload and
staffing makes such an undertaking feasible at the planned time. When
possible, audits are assigned for a time period that will create the
least disruption for your department.
An entrance conference will be scheduled to introduce the auditor(s) to
your department and discuss the general scope and objectives of the
audit. We will give you the projected timeframe for the audit through
completion; however, there are no guarantees as staff on occasion must
suspend work to deal with special time sensitive assignments. If your
project is delayed because of a special assignment the auditor will
advise you of the delay and keep you appraised of the revised completion
schedule.
Our goal is to provide you a draft copy of the audit report within three
weeks of completion of fieldwork.
Audit stages
- Preliminary Survey
During this stage, the auditor:
- reviews prior audit reports and other existing
information on the client (much of this is done at our
office and will not affect your daily work),
- interviews key employees on how processes work (we try
to work with you on scheduling interviews, but to complete
our work in a timely manner we may cause some disruption),
- assesses whether the processes are functioning as
described (while this does not involve extensive meetings
with you, some interaction with your staff will be required
to clarify points of concern)
- identifies any additional processes that present risks.
This stage identifies the risks the department faces, and the
potential impact (both financial and compliance) such risks might have
on the department and University. The auditor then ranks them for audit
purposes. The approach, selection of, and degree of testing is then
based on these rankings.
- Fieldwork and Testing
During this stage, based on the rankings and findings from the
preliminary survey, the auditor will select the transactions to be
tested for accuracy and completeness. This can include anything from
review of deposit reconciliations to testing supporting detail for
internal transfers or rate calculations. Testing also involves
verification of the accuracy of assertions made during the
preliminary survey to source documentation.
The amount of testing performed is dependent upon the adequacy
of documentation, internal controls in place and test results. An
organization with good internal controls usually requires a limited
amount of testing, but it may be increased if problems are
discovered.
Transactions chosen to be tested are determined using sampling
methods tailored to fit the process under review. Sampling for our
purposes is generally done randomly, and may not be statistical in
nature as that generally entails a substantially larger test. A
statistically valid sample is generally not necessary to assess the
adequacy of a system.
You will be kept appraised of findings during the testing stage
so there are no surprises when the report is issued. Interim
meetings with the client to discuss findings are a part of our audit
process.
- Concluding the audit
Completion of an audit involves more than just issuing the
audit report. In our process it includes:
- write-up of findings and confirmation of these results
with the client,
- issuance of a draft report and the accompanying exit
conference at which potential discrepancies are identified,
discussed, and corrected if necessary,
- issuance of a final report with findings and
corresponding recommendations.
The client is always afforded the opportunity to comment on our
findings, during the audit, at the exit conference and with a formal
response. It is our practice to provide the client the opportunity to
include their response with the final report or following its issuance.
We prefer the response be included in the final report so external
audiences see our client's replies to our recommendations in a single
document.
