Audit Process

Audits are conducted to assist management in minimizing risk, as well as assist with other areas such as compliance to laws and policies, efficiency of operations, safeguarding of assets, and detecting and preventing fraud. The main phases of our audit process are listed below.

At the beginning of each fiscal year, the Internal Audit Department prepares an Annual Audit Schedule. This schedule considers previous audit coverage, time since last audit, complexity of operations, etc. The objective is to audit each entity at least every ten years. Priorities are:

  • Utah Board of Higher Education's required audits
  • Tips and EthicsPoint reports
  • Requested and transfer audits
  • Planned audits

 

Phases of an Internal Audit

Audit Process Flowchart

 

 

 

 

 

1 - Planning

The planning phase is the first step to understanding your operations and determine the work we want to conduct in our Audit Program. We gather and review as much information as we can, including:

  • The needs and objectives of the audit, as perceived by you and your supervisor.
  • Any prior audits.
  • Relevant policies, best practices, procedures, laws, etc.
  • Your website.
  • Your organizational structure, reporting lines, number of employees, FTEs.
  • Your Banner Indexes, including total yearly budgets and available balances.
  • Complexity of operations, risk, and department strategic objectives.

Based on this information, we create a draft “Planning Memo.” The Planning Memo shows our initial thoughts on the basic structure of the Audit Program, including the objectives, scope, and initial questions. The Planning phase also includes the Opening Meeting.

Opening Meeting

This meeting will include department management and anyone you feel will be key contacts for Internal Audit during the audit process. The Planning Memo is sent beforehand and is reviewed during this meeting. The audit’s purpose, objectives, and scope are discussed. This is an opportunity to discuss any areas that you would like us to focus on, specific procedures you would like us to perform, or areas that should be left out of scope due to previously being audited (such as by an external auditor). We want to include areas that will assist you and your operations.

 

2 - Fieldwork

This phase begins the audit testing, based on the scope outlined in the Planning Memo and the Audit Program. Most of our testing is conducted centrally, and you may only hear from us periodically. This is also when we reach out to the key contacts for information and documentation related to department processes. Answering our questions and providing the documentation can take time, but we strive to minimize the interruption of your daily activities.

 

3 - Report Drafting and Reporting

After testing is completed, we review the entirety of the Audit Program, all documents received, and all testing conducted. From this review, we start to formulate thoughts on areas that could benefit from a change in processes. These are called “Findings.” We also formulate possible solutions, which are called “Recommendations.”

Discussion Draft Review

A meeting is held to review the preliminary Report. We work with you to ensure the Report is accurate. This is also an opportunity to discuss the Findings and Recommendations, and for you to ask questions,  provide feedback/clarifications, and/or suggest corrections.

Management Response

After the discussion draft review, you will be requested to provide written Responses to each audit Recommendation. These Responses indicate what action you plan on taking to address the Finding(s) and approximately how long it will take you. The action you plan on taking is ultimately your decision and does not have to match our Recommendation—it just has to address the Finding. 

Reporting

After receiving your Responses, and ensuring all questions have been answered, the Report is issued and is distributed according to the objectives of the audit. For most audits, distributions include the audited department, their divisional leadership, executive management of UVU, and members of the Board of Trustees Audit Committee. This reporting process helps provide an opportunity to address risks and improve operations on a campus-wide scale.

 

4 - Follow up Review

After an appropriate period, generally six months to a year after an audit is issued, a follow-up review may be conducted to see how much success you've had implementing your action plan and addressing the Finding(s).