Audit Process

Audits are conducted to assist management in minimizing risk, as well as assist with other areas such as compliance to laws and policies, efficiency of operations, safeguarding of assets, and detecting and preventing fraud. The main phases of our audit process are listed below.

At the beginning of each fiscal year, Internal Audit prepares an annual audit plan. This plan considers previous audit coverage, time since last audit, complexity of operations, etc. The objective is to audit each entity over time. Priorities are:

  • Utah Board of Higher Education's required audits
  • Tips and EthicsPoint reports
  • Requested and transfer audits
  • Planned audits

 

Phases of an Internal Audit

Audit Process Flowchart

 

 

 

 

 

 

1 - Planning

The planning phase is the first step to understanding your operations and determine the work we want to conduct in the audit. We gather and review background information, including:

  • The needs and objectives of the audit, as perceived by you and your supervisor.
  • Any prior audits.
  • Relevant policies, best practices, procedures, laws, etc.
  • Your website.
  • Your organizational structure, reporting lines, number of employees, FTEs.
  • Your Banner indexes, including total yearly budgets and available balances.
  • Complexity of operations, risk, and department strategic objectives.

Based on this information, we create a draft planning memo. The planning memo includes the audit objectives, scope, and initial questions. The planning phase includes an opening meeting.

Opening Meeting

This meeting will include management and key contacts. The planning memo is sent beforehand and is reviewed during this meeting. The audit’s objectives and scope are discussed. This is an opportunity to discuss any areas that you would like us to focus on, specific procedures you would like us to perform, or areas that should be left out of scope due to previously being audited (such as by an external auditor). We want to include areas that will assist you and your operations.

2 - Fieldwork

We have access to UVU's systems and records. We conduct most of our testing with this access. Field work includes conducting interviews, requesting information and documentation, completing surveys, and observing processes. Answering our questions and providing the documentation can take time, but we strive to minimize the interruption of your daily activities.

3 - Report Drafting and Reporting

We will provide periodic written and verbal updates during the audit. These include any areas of concern and preliminary recommendations. 

Discussion Draft Review

A meeting is held to review the preliminary report. We work with you to ensure the report is accurate. This is an opportunity to discuss our observations and recommendations, and for you to ask questions, provide feedback, and suggest corrections.

Management Response

We will provide a written draft report and you will be requested to provide written responses to each recommendation. These responses indicate what action you plan on taking to address the recommendations and planned completion dates.

Reporting

We provide a written final draft report that includes your responses for your review. The final draft report is distributed to the auditee, divisional leadership, and executive management.

We provide a final report to the Board of Trustees Audit Committee.

This reporting process helps provide an opportunity to address risks and make improvements campus-wide.

4 - Follow up

All audit recommendations will be reviewed to ensure implementation was completed.