The Office of Internal Audit schedules audits, advisory services, and departmental reviews in several ways. Most audits and departmental reviews are chosen based on an annual risk assessment which uses such factors as audit sensitivity, internal control structure, last audit performed, public disclosure implications, etc. The Board of Regents or Enterprise management or the Augusta University Health Audit Committee may also request specific audits and reviews.
Because the enterprise is subject to more and more regulation in every facet of our work, the scope of the audit services has expanded beyond financial aspects to cover many areas of the enterprise. Accordingly, the scopes of our audits may include one or more of the following:
The Office also performs advisory services to institution management. These services are usually requested by a department and are intended to assist management in solving specific problems, designing control systems, monitoring new systems development, process improvement or business process re-engineering.
What To Expect In The Audit or Review Process
The audit and review processes are a professionally conducted activity that relies on cooperation, interaction, and open communication between enterprise management and the audit staff for its success. The purpose of an audit/review is to work with management to understand its goals and objectives, analyze risks that might inhibit them from reaching those goals and objectives and evaluate controls that are designed to aid management in managing those risks.
The audit process begins with an Announcement Letter to ensure management is aware of the planned audit. Once the auditors have met with management and staff of the area under review and completed a preliminary review and are prepared to begin fieldwork, an entrance conference is conducted with the department involved. This meeting is conducted to advise management of the scope of the audit, the expected amount of time the audit may take, and answer any questions. The fieldwork follows the Entrance Meeting. Fieldwork includes testing and evaluation of internal controls by interviews, observations, analytical reviews, detail testing and plenty of communication on progress with the audit client.
Audits normally take one to three months, depending on the size of the operation, and the scope of the audit and the staffing assigned to the engagement. Your day-to-day activities should incur only minimal interruption during this time. Our goal is to minimize disruption to the client's operations and provide value in helping auditees meet their goals and objectives.
At the completion of the audit fieldwork, a draft audit report is shared with the audit client management. The issues and or observations should have been shared with the audit client during the fieldwork and therefore the report should not hold any surprises. Once the draft audit report is validated and reviewed by the audit client, management responses are collected and included in so that the final audit report can be transmitted.
In order to ensure risks are managed, the Office of Internal Audit will follow up on all management actions as committed to in the audit report. The follow up will commence after the anticipated implementation date of any management commitment.
When the final audit report is prepared, an exit conference can be scheduled with the management team to ensure all parties involved are aware and understand the auditors conclusions and planned management actions.
A copy of the final audit report is transmitted to the president, the vice president(s), the auditee, and for University audits, a copy is also transmitted to the Board of Regent’s associate vice chancellor for Internal Audit.
The Future . . .
As with other departments on campus, the Office of Internal Audit continuously reviews and assesses its programs and objectives in order to help the institution meet its mission and goals. Any suggestions on how to improve the audit process are always welcome.