Frequently Asked Questions
We audit processes, not people. Each year, we choose which processes to audit by evaluating several factors:
- Input from management: we consult with managers, area heads, as well as senior administrators on campus
- Risk Assessment: we look at the top safety, operational, financial, IT, and compliance risks that AUC faces. Reputation is a consequence of each of these risks
- Emerging challenges within higher education: we continually monitor developments within higher education and consider information and insight from colleagues at other higher education internal audit organizations
- External forces: we review federal, state, and local regulations that could affect the processes we employ at AUC
Once our evaluation is complete, we present an audit plan that prescribes audit coverage across campus. The audit plan is approved by the President and Audit Committee.
You work hard and have a full plate, so we have designed our work processes to be as easy to manage as possible. The information below will help you plan and prepare for an audit.
For every audit, we will need information that provides a comprehensive overview of the process we are auditing. You can get a head start by compiling information that covers these topics:
- Core objectives and mission statement
- Organizational chart
- Policies, procedures, and process flow
- New initiatives and key priorities
- Supporting systems and applications with flowcharts
- Internal and external reporting
- Internal partners
- Areas that you consider to be a risk or concern
We do our best to coordinate with your unit to minimize disruption. The duration of an audit varies with each project. On average, process audits take two to three months and site visits take one month.
Although the audit spans weeks or months, your involvement may not be required on a daily basis, depending on the phase of the audit. We will discuss the scope and expected timeframe with you during the audit kickoff meeting so that you can plan accordingly.
Audits are a collaboration between our office and your unit. We know that you like to be prepared and informed, so we walk you through the phases of the audit upfront, keep you in the loop as our work unfolds, and preview our results with you. Here are the steps we follow:
Each audit engagement begins with a kickoff meeting in which we issue a memo to establish the objective and preliminary scope of the audit. During the meeting, we discuss any concerns you may have and any processes you would like us to consider. We also ask you to gather background information that will help us conduct the audit. As the planning phase unfolds, we begin to interview members of your team. At the end of this phase, we issue an engagement letter to reconfirm the objective and scope of the audit and establish guidelines for our testing.
During this phase, we continue our interviews, test compliance with policies, and evaluate controls to see if they are effective and efficient. You may be asked to provide documentation to support the audit testing. Throughout this phase, we communicate with you to keep you informed and discuss any concerns with you as we identify them.
The results phase includes several steps:
The draft report features a rating for existing processes and recommendations for any process improvement. The draft report goes to your unit for review so that you can comment on and prepare your management action plan. We attempt to balance risks and costs in our recommendations.
Management Response (Action Plan)
Managers develop an action plan to improve processes or address identified problem areas. The plan summarizes what action will be taken, names of the individuals who will organize and coordinate management actions, and includes a timeline for completion.
We issue the final audit report to the unit head and upper management, depending on the reporting line. Key stakeholders within senior administration receive the report based on the focus of the audit (e.g. area heads, Provost, Vice Presidents)
After the final report, we send a survey to get your feedback about the audit engagement. Your feedback is important because it helps us improve service delivery and ensure audit quality.
We review the management action plan and follow up to see if your team is completing the agreed-upon actions effectively. If your unit has not been able to meet its deadlines, we will work with you to come up with a reasonable timeline to do so. Please keep in mind that it is part of our job to bring unfinished actions to the attention of senior management.
Being audited is an opportunity. An audit by the Internal Audit Office can support your efforts to:
Work confidently and with peace of mind
We identify vulnerabilities in your processes, giving you the chance to make corrections before a serious issue occurs and so you will be prepared and confident in the event of an external audit.
Work more efficiently and effectively
We serve as “a second set of eyes” to evaluate processes in your department and uncover opportunities to improve bandwidth and tackle tasks that may be taking a backseat. We also provide recommendations for new processes, which is especially important as units change and grow.
We support your goal to conduct your processes in an honest and trustworthy manner, and you can reach out to us if you have any concerns.