Upon hearing the term “audit”, it is natural to feel anxious or nervous, and to fear the unknown. Our office hopes this process outline will help ease those feelings, and serve as a beneficial resources that both provides information on the role of our office, the audit selection process, and the typical audit process.
As an auditee, you may feel singled out or wonder why your division, office, or function has been selected for audit. Relax! All University of Wisconsin System activities are subject to audit. To help allocate limited resources within the Office of Internal Audit, the Office utilizes a risk-based approach to identify programs, policies, and practices to be included within the annual Audit Plan, which is subject to review and approval by the Audit Committee of the Board of Regents.
In developing the annual Audit Plan, the Office of Internal Audit seeks input from members of the Board of Regents, University of Wisconsin System Administration management, institution management, among others via surveys and/or discussions to determine which programs, policies, or practices should be audited. Several factors are considered in developing the final audit plan, including whether there have been recent administrative, organizational, or operational changes; whether concerns have been noted in the past; the length of time since the last audit; the number of impacted students or employees; external reporting requirements; the level of annual expenses; the potential for fraud or error; and potential monetary and/or reputational losses if issues are not addressed.
The Audit Process
The Office of Internal Audit recognizes that the audit process will involve your time, and strives to operate in an effective and organized manner in order to minimize disruptions to your division, office, or function. In turn, our office asks for your cooperation and active involvement during the audit process. Through such cooperation, we can collectively ensure the most efficient and effective audit process. While the nature and subject of each audit may be different, the process generally consists of the following:
Initially, you will receive communication from our office informing you of the upcoming audit. Additionally, we may include a request for certain preliminary information to assist in the preliminary planning and research process (e.g., list of key audit contacts, organizational charts, etc.).
Our office will conduct preliminary planning and research related to the subject being audited, outline the scope of the planned audit, and develop a preliminary audit plan.
During the entrance conference, our office will meet with you and discuss the scope and logistics of conducting the audit, including the planned timing. We will also ask questions related to the operations of your division, office, or function, and inquire as to your perception of risks related to the area subject to audit. The entrance conference also provides an opportunity to discuss any questions or concerns you may have related to the audit process.
After the entrance conference, our office will finalize the audit plan and begin fieldwork. Fieldwork typically consists of interviewing staff, reviewing policy and procedure manuals, developing an understanding of business processes, evaluating the design and implementation of internal controls, and testing compliance with applicable System policies, procedures, and laws and regulations. Depending upon the nature of the audit, we may also perform detailed tests of operating effectiveness of key internal controls or compliance procedures over a sample of transactions.
At the conclusion of the fieldwork, our office will begin drafting identified observations and recommendations. To the extent observations and recommendations are identified during fieldwork, our office will confirm supporting details with individuals within the division, office, or function being audited. Additionally, a summary of observations and recommendations will be provided to appropriate parties in advance of the exit conference.
During the exit conference, our office will meet with appropriate individuals within the division, office, or function being audited and review the scope and audit process, discuss the audit results, and provide further information on the reporting process. To the extent observations and recommendations were identified, we will discuss each in detail, and request that a written response to each be prepared. Additionally, we will discuss potential corrective action measures planned or taken thus far. Our office will also strive to provide comments on any commendable practices or procedures observed.
After the exit conference, our office will finalize the audit report. Generally, the final report will include sections related to the engagement purpose, scope, background, observations and recommendations, and management’s response to observations and recommendations. The engagement notification letter highlights planned recipients of the audit report, which generally includes relevant departmental managers and personnel, institution leadership, System leadership, members of the Board of Regents (or designated committees) and, upon request, to the external auditors.
If the audit report you receive contains relatively few minor concern items, then you can feel confident that the practices of your division, office, or function are working effectively. If the audit identifies significant issues, our office will work with you to develop the most practical recommendations for improvement.
To the extent observations and recommendations were identified during the audit process, we will follow-up on the status of corrective actions plans.
Opportunity for Feedback
Once the audit process is complete, you may be contacted by a member of our office to provide feedback to assist us in improving our audit process. Our office is always receptive to comments and feedback, so please contact Steve Mentel, Director, via phone (608.263.4396) or email (firstname.lastname@example.org) to make any recommendations.