Introduction to the audit processes


Prior to the beginning of the audit, Internal Audit will gather as much information as possible about the department/area to be audited as possible. Prior audits, if applicable, will be reviewed and areas of concern would be highlighted.

The responsible Vice President, Chair, Dean, or Director will be notified of the audit by way of an engagement letter. The letter will provide brief information regarding the audit and the intent to set up an entrance conference to discuss the audit and timetable in more detail. For some annual audits, a more informal process may be followed.

Audit objectives will be determined and formulated prior to the end of the planning phase. After audit objectives are established they will be discussed with the appropriate Vice President, Chair, Dean, or Director.


The next phase of the audit process involves gathering information via interviews with key personnel, review of department manuals, policies and procedures, general operations, etc. This work is tailored to address the audit objectives determined during the planning phase.

When performing tests on items, the Internal Auditor may select audit items via a technique called sampling. Sampling allows the auditor to test attributes and internal control activities by selecting a sample of transactions from a population of data (e.g., payroll checks, Travel Expense Reports) and testing the presence or absence of certain attributes or qualities. For example, a sample of Travel Expense Reports are selected and tested to see whether or not each contains a signature of approval by an authorized signer. Sampling permits the auditor to review a portion of the total population to determine and express an opinion on whether or not the University is in compliance with policies and procedures, assets are being safeguarded and managed appropriately, or grant sponsor requests are being followed. It allows the auditor to gather evidence that the system of internal controls that has been established is actually in place and functioning appropriately.


After technical review and approval by the Internal Audit Director, a preliminary draft report is prepared and sent to the Department Manager for review. This report will contain an executive summary, introduction, statement of objectives and scope, detail of reported findings, summary, and conclusion.

The Department Manager will have the opportunity to review the preliminary draft for errors in fact and will be asked to provide responses and a corrective action plan to address the findings. A final draft report containing the management responses and action plan will then be forwarded to the applicable area Vice President for review and comment prior to final issuance and distribution.

The final report will be issued to senior management.

Follow Up

Follow–up activities will be schedule between 90 and 120 days after the issuance of the final report for departments/areas with significant audit findings. Follow-up activities will focus primarily on the progress made to correct matters reported in the previous audit.


Mission Statement

The Risk Unit is responsible for evaluating loss exposures, assessing liability, handling claims, promoting internal controls and developing effective safety and health programs. The corporate and student insurance plans are managed by this unit.