Audit and Consulting Services Overview of Audit Process
Audit and Consulting Services
Overview of Audit Process
Risk-Based Audit Plan Cycle
Approve Plan
Develop Audit Plan
Prioritize Projects and Assess Resources
Perform Risk Assessment
Conduct Research and Gather Information
Define Audit Universe
Standard Audit Process
Monitoring
Reporting
Fieldwork Testing
Risks and Controls
Gain an Understanding
Planning
Ong
oing
Clie
nt C
omm
unic
atio
ns
Standard Audit Process• Send audit announcement• Identify contacts• Hold entrance conference
Planning
• Identify relevant regulations• Review applicable policies, procedures, and
business processes• Understand audit area goals and objectives
Gain an Understanding
• Document and analyze risks and controls• Finalize audit objectives and scope• Develop audit program
Risks and Controls
Standard Audit Process• Execute audit program (testing)• Communicate status regularly• Hold meetings with management as
necessary
Fieldwork Testing
• Draft report and send to department or business unit management
• Hold exit meeting• Send final draft to relevant leadership• Issue final report to Chancellor
Reporting
• Track the status of management action plans through implementation
• Perform procedures to confirm status• Provide a monthly status report to
leadership
Monitoring
Internal control is a process, effected by the Board of Trustees, administration, and management designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
• Effectiveness and efficiency of operations• Reliability of financial reporting• Compliance with applicable laws and
regulations
Source: Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Internal Controls
Serious Acts of Dishonesty or Fraud
III.H.3.4. Internal Supervisor Reporting
Each College supervisor has a duty to know what is considered Serious Act of Dishonesty or Fraud, and establish appropriate operating rules or manuals that will help identify such conduct. Each College supervisor must report this conduct to the Internal Audit Department.
Serious Acts are defined in III.H.3.2.