1. Conduct Enterprise-Wide Risk Management Assessment
• From time to time, in cooperation
with senior management and department management, conduct an enterprise-wide
risk assessment.
• Gather senior management and
department management input, as appropriate, on the enterprise-wide risk
assessment.
2. 2. Prepare Annual Internal Audit Plan
• Prepare a Draft Annual Internal
Audit Plan based upon the results of the enterprise-wide risk assessment
process.
• Obtain comments and formal approval
of the Audit Committee of the Board of Trustees for the Annual Internal Audit
Plan.
• This plan will be subject to
periodic review to ensure that it continually focuses on the University’s
higher risk areas, which may change from time to time. Of course, the need to
conduct reviews or audits of alleged irregularities or special projects for the
Audit Committee of the Board of Trustees and/or the President may require the
deferral of otherwise planned audits.
3. 3. Communicate Annual Internal Audit
Plan
• After formal approval by the Audit
Committee of the Board of Trustees, distribute the Annual Internal Audit Plan
as directed by the Audit Committee of the Board of Trustees.
• Ensure that appropriate senior
managers or department managers are informed in a timely manner prior to each
regularly scheduled internal audit.
• Notwithstanding the foregoing, it
is important to note that reviews of alleged irregularities or special projects
for the Audit Committee of the Board of Trustees and/or the President may
require different procedures involving little or no notification to those
involved.
4. 4. Conduct Internal Audit Planning and Notification
• If appropriate, meet with senior
management and/or department management before the beginning of scheduled
audits to discuss the risk considerations that led to the audit being included
in the Annual Internal Audit Plan, the expected scope of the audit, and current
management
concerns.
• If appropriate, hold an Opening
Conference with senior management or department management and staff and other
stakeholders to go over the audit plan, obtain documents, schedule interviews,
and shape expectations for audit deliverables.
5. 5. Perform Audit Fieldwork
• Carry out fieldwork as indicated in
the Annual Internal Audit Plan.
• Obtain cooperation from senior
management, department management, and department staff, as necessary, in
identifying and obtaining documentation, conducting interviews, etcetera.
• Whenever practical, conduct
fieldwork with minimal disruption to department operations.
6. 6. Report Results
• In general, share important and
sensitive findings with senior management and/or department management, as appropriate,
immediately upon verification; memorandums and/or e-mails may be
used to facilitate this process.
• Immediately following the
fieldwork, prepare a First Draft Final Audit Report and discuss it with senior
management and/or department management, as appropriate.
7. 7. Conclude Audit
• Schedule a Closing Conference after
senior management and/or department management, as appropriate, has received
the First Draft Final Audit Report; this conference will provide an opportunity
for management to discuss findings, conclusions, and recommendations with the
Director of Internal Audit and Tax Compliance.
• During or immediately after the
Closing Conference, ask senior management and/or department management to
provide their responses to the Director of Internal Audit and Tax Compliance’s
findings and recommendations in writing.
8. 8. Review Final Audit Report
• Send the Final Draft Audit Report
to senior management and/or department management and discuss suggested changes
with the appropriate level of management.
• After processing any relevant
changes, issue the Final Audit report to relevant parties.
9. 9. Disseminate Final Audit Reports
Provide the Audit Committee of the
Board of Trustees and the President with periodic summaries of audit findings
as well as complete copies of all Final Audit Reports.
0 Comments