Internal Audit Policy 2 – Audit Process and Procedures

Audit Process

Entrance Interview:

The entrance interview enables the Office of the Internal Auditor to review the objective and scope of the examination with the auditee. In addition, a preliminary survey may be conducted during the interview to gain familiarity with the activity to be audited. Questionnaires may be used in the preliminary survey to ensure sufficient information is gathered, to organize data, and to save interview time.


The bulk of the audit work will be conducted during this phase of the audit process. Information is gathered from tests and inquiries in the field which documents the findings addressed in the audit report. A formal audit program is an integral part of the documentation.

Exit Conference:

The exit conference precedes the distribution of a final audit report. The Office of the Internal Auditor reviews with the auditee an initial draft of the report. The purpose of the exit conference is to inform the auditee of the findings and recommendations of the examination prior to distribution of a formal document. This provides an opportunity to address any inaccuracies that the auditee believes to exist in the findings or other contents of the report.

Audit Report:

The format of the audit report consists of three major parts. The foreword describes the examination by stating the objective and scope of the audit work. Background information about the activity which is the focus of the audit may also be provided. Audit findings and recommendations of the Office of the Internal Auditor are described in the main body of the document. The report concludes with a summary of the audit findings and opinions. Reports may also contain an organization chart, a description of functional responsibilities, or other relevant information concerning the activity examined.

Audit Report Distribution:

The final audit report is addressed directly to the Chancellor. A transmittal letter may be signed by the Chancellor and addressed to the appropriate Vice Chancellor responsible for the activity audited. The transmittal, which is attached to a copy of the audit report, requests a written response to the audit recommendations.

Copies of internal audit reports may be provided to the Vice Chancellor for Business Affairs in support of his responsibilities for monitoring University internal controls. The Office of the State Auditor requests copies of internal audit reports during the annual financial audit of the University. The Audit Committee of the University Board of Trustees is required to obtain quarterly updates from the Director of Internal Audit that report material conditions, the corrective action plan for these conditions, and their final resolution.


Management responses to audit recommendations are reviewed by the Office of the Internal Auditor. A follow-up review may be conducted at a reasonable future date to determine whether corrective action has taken place.

Internal Control

Review of the effectiveness of an organization’s internal controls is an integral part of the audit process. Internal control comprises the plan of organization adopted by the University to provide reasonable assurance that:

  • transactions are authorized
  • transactions are recorded as necessary to maintain accountability for assets
  • access to assets is permitted only with proper authorization
  • operational efficiency is being promoted
  • prescribed University policies are being followed.

General Audit Procedures

Review of an activity by the Office of the Internal Auditor will include the following general audit procedures:

  • Review of organizational charts and job descriptions.
  • Review of documents detailing plans, policies, and procedures.
  • General review of financial reports.
  • Review of individual asset, liability, revenue, and expenditure accounts, as applicable.
  • Review of detailed transaction activity.

These audit procedures, and others deemed appropriate, are used to verify the existence of internal controls and to determine the financial structure and general operating environment of the function under review.