Step 1: Define Audit Objectives
Prior to the audit, AMAS conducts a preliminary planning and information gathering phase. The assigned auditor defines the audit objectives and likely scope of the audit. The auditor starts to develop the audit program to define the audit testing procedures. This step occurs after the audit has been assigned and where applicable, typically involves a review of the results from the last time an audit of the area occurred.
Step 2: Audit Announcement
Once the audit objectives have been defined, AMAS formally issues an audit engagement memo to the management of the area that will be audited. The memo’s distribution list may include senior administration officials that have responsibility for the university unit. The purpose of the memo is to introduce the objectives of the audit, to detail the planned review process, and to set the expectations for the course of the audit.
Step 3: Audit Entrance Meeting
AMAS initially meets with the auditee to discuss the audit scope and subsequent audit steps. At this meeting, the auditee should provide an overview of major programs and operations, relevant contact names, relevant policies and procedures, and other information that will assist us in the fieldwork. We will also discuss the expected length of the audit.
Step 4: Fieldwork
AMAS gathers information and performs audit testing in order to gain an understanding of internal controls; we examine documents and other records for evidence to determine whether effective internal controls are in place. During the audit fieldwork, we may also perform detailed testing of transactions; evaluate compliance with existing university policies and adherence to external regulations; and review system related controls for data integrity and completeness. The auditor will request additional information and documents as needed.
Risk Issue Levels: During the course of audit work performed, identified risks are rated within our work papers as High, Moderate or Low. This ensures consistency in reporting audit findings and to ensure the significance of each finding is rated per agreed upon criteria and level of concern. The risk level is recalculated over the course of the audit to reflect established internal controls that mitigate risk. The residual risk level helps AMAS determine whether the controls are adequate and if a recommendation is necessary to mitigate the risk further.
Step 5: Reviewing and Communicating Results
If AMAS identifies potential control weaknesses, policy or procedural violations, or other areas of concern during the course of the fieldwork, they are discussed with the auditee. Throughout the audit, the auditor will discuss any observations with management in order to ensure that any identified issue and associated risks are fully understood and to obtain agreement on proposed recommendations. The results of the audit, once confirmed, are communicated in the audit report.
Step 6: Audit Exit Meeting
At the conclusion of the fieldwork, AMAS formally meets with management to discuss our observations and audit recommendations that will be contained in the audit report. Recommendations are discussed and agreed upon by both parties to ensure that the management response is reasonable and achievable (and in most instances when the corrective action will occur).
Step 7: Audit Report
Management is expected to review audit issues and recommendations for completeness and accuracy and prepare a formal response and action plan.
AMAS issues the formal audit report which is used to inform senior university administrators and auditee management about any identified concerns and control weaknesses, and where and how these areas should be addressed. All audit reports are summarized in a separate report to the Trustee Audit, Risk and Compliance Committee.
Post Audit
Audit Survey
Following the issuance of the final audit report, the responsible management may be asked to complete a Post Audit Survey to help AMAS evaluate the effectiveness of the audit process, including audit planning and communications, auditor professionalism and performance, audit timing, and relevance of the report recommendations.
If you have been recently audited by our department and would like to provide feedback, please complete our online survey.
Follow-up Audits
If any significant audit findings were included in the final audit report, AMAS conducts a follow-up audit within six to twelve months after the original audit was completed . At that time, AMAS will request information concerning the status of agreed-to corrective actions by management.
Return to top
FAQs
Audit Process
- Step 1: Planning. The auditor will review prior audits in your area and professional literature. ...
- Step 2: Notification. ...
- Step 3: Opening Meeting. ...
- Step 4: Fieldwork. ...
- Step 5: Report Drafting. ...
- Step 6: Management Response. ...
- Step 7: Closing Meeting. ...
- Step 8: Final Audit Report Distribution.
Although every audit process is unique, the audit process is similar for most engagements and normally consists of four stages: Planning (sometimes called Survey or Preliminary Review), Fieldwork, Audit Report and Follow-up Review. Client involvement is critical at each stage of the audit process.
What is audit advisory services? ›
Audit and Advisory Services assists university management and the Trustees by conducting and completing independent and objective operational and compliance audits, internal control reviews, investigations, and advisory services to add value and improve operations across the CSU.
What does audit management procedure describe? ›
Audit management is a blend of your audit workflows executed systematically to conduct different audits for your organization. As your organization grows, auditing your activities can get increasingly complex.
What are the 5 stages of an audit? ›
Audit Process
- What happens during an audit? Internal audit conducts assurance audits through a five-phase process which includes selection, planning, conducting fieldwork, reporting results, and following up on corrective action plans.
- Selection. ...
- Planning. ...
- Fieldwork. ...
- Reporting. ...
- Follow-up.
Preparing the Audit Report
The audit report is perhaps the most critical deliverable of the audit process. It provides an independent opinion on the fairness and accuracy of the financial statements.
What questions are asked during a process audit? ›
What to include in a process audit checklist
- Are employees properly trained to operate equipment?
- How are managers accountable for evaluating the proper allocation of resources?
- Do employers consider and implement feedback from employers regarding resources?
- Do employers understand who their customers are?
As for directors, there are four features to consider when evaluating the sufficiency of any risk-based audit plan: culture, competitiveness, compliance and cybersecurity – let's call them the Four C's, for short.
What are the final stages of an audit? ›
The completion stage of the audit is of crucial importance. It is during the completion stage that the auditor reviews the evidence obtained during the audit together with the final version of the financial statements with the objective of forming the auditor's opinion.
What is the difference between audit and advisory services? ›
Interest in compliance vs driving strategy – audit ensures adherence to standards while advisory is more strategic. Risk tolerance and desire for change – advisory tends to involve newer solutions with audit providing steady assurance services.
Advisory is the practice of offering information and advice to other professionals to manage future risks, often based on data modeling and the application of lived experience. It's a long-term relationship that helps a business to proactively prepare for change and uncertainty.
Does audit or advisory pay more? ›
The Big 4 firms pay their consultants over 30% more than auditors. A first-year auditor at Big 4 firms has an average salary of $58,000/year. Meanwhile, entry-level consultants are paid around $80,000-90,000/year.
What are the three major audit procedures? ›
According to this article from Chron, physical inspection, confirmation from a third party, and inspection of records and documents are considered three of the most reliable audit procedures.
What is audit procedure in simple words? ›
An audit procedure is a technique for collecting and analysing data to provide evidence. The audits should use combination of procedures that are appropriate to the subject matter and audit objective and capture a range of data.
Which is the first step in the process of management audit? ›
To complete a management audit, the following procedure may be used: 1. Collection of Information: Management auditors need information in order to appraise various managerial aspects. Therefore, at the outset of the process, a questionnaire should be prepared to collect the necessary information.
What are the seven 7 principles of auditing? ›
The document outlines 7 principles of auditing management systems: integrity and fair presentation as foundations of professionalism; due professional care through diligence and judgement; confidentiality through security of information; independence as the basis for impartiality and objective conclusions; an evidence- ...
What are the 6 cycles of audit? ›
The audit cycle was categorized into six stages4—stage 1, choosing a topic; stage 2, setting target standards; stage 3, observing practice; stage 4, comparing performance with targets; stage 5, implementing change and planning care; stage 6, repeating the audit cycle.
What are the six principles of auditing? ›
Six Auditing Principles are – Integrity, Fair Presentation, Confidentiality, Due profetional care, Independence, Evidence based approch.
What are 4cs in audit? ›
We've always believed that boards should ensure that their organizations maximize the full potential of internal audit. This issue of Board Perspectives discusses the four C's directors should consider when evaluating the sufficiency of any risk-based audit plan: culture, competitiveness, compliance and cybersecurity.
