Our goal during the audit process is to create a constructive, collaborative working relationship with you and your staff. Our objective is to have your involvement at every stage so that our audits can fulfill the mission of our department, meet your expectations and add value to your operations.
Audit’s role includes monitoring, assessing, and analyzing organizational risk and controls as well as reviewing and confirming compliance with policies, procedures, and laws. Working in partnership with management, our internal auditors provide the board of supervisors, the audit committee, and executive management assurance that risks are mitigated and that institutional governance is strong and effective. When there is room for improvement, we make recommendations for enhancing processes, controls, policies, and/or procedures.
Although every audit is unique, the audit process is similar for most engagements and normally consists of four stages: Planning, Fieldwork, Reporting and Follow-up.
During this phase we gather information about your processes. We start out with understanding the strategic objectives of your area. We then identify and assess the risks to achieving your objectives, and review and evaluate the existing internal control structure. The individual steps that compose the planning include:
- Initial contact to announce the audit
- Conduct entrance conference to provide you with an overview of the audit process and answer questions
- Provide initial documents such as the internal control questionnaire, requests for documentation, etc.
- Conduct a risk assessment meeting to identify objectives and risks, and rank risks based on impact and probability
- Interview key personnel to gain an understanding of the process flow of major processes in the audited area, as well as identifying controls
- Develop the audit program and final scope
Fieldwork concentrates on audit steps to test controls. During this phase we determine whether the controls identified during the planning stage are operating properly. The fieldwork stage concludes with audit findings and recommendations that may be included in a draft audit report. We make sure you are aware of potential issues as soon as they are identified. All issues will be discussed with you before they are included in the report.
At the end of fieldwork, a draft report is prepared with our conclusion on the adequacy of the control process in the audited area and details on audit findings and recommendations. The draft report will be discussed with you at the exit conference. After that, the draft report will be provided for response. Management responses should include corrective action plans, responsible parties and implementation dates. A final report incorporating your responses will be issued to your Senior Management and the Audit Committee of the Board of Supervisors.
If there were audit findings, we will follow up with you near the corrective action completion dates you provided in your response. Once we verify that corrective action plans have been implemented, we will close the audit finding. Past due findings where corrective actions have not been implemented are reported to your Senior Management and the Audit Committee every other month.
We work together with you to:
- Determine the operating, compliance, and financial reporting objectives of your department;
- Identify the areas of risk where an error, irregularity, or inefficiency is likely to occur;
- Document the existing control processes and propose potential enhancements; and
- Control significant risks; those with reasonable likelihood of occurring and large potential impact.
Things to remember during an audit
- We prefer to work alongside you if there is space. Working from your area/department will improve the quality and timeliness of our work.
- We are professionally obligated to review documentation to support our conclusions, if documentation is not available we can’t conclude work was performed.
- Please provide information requests in a timely manner.
- If a request is outside of your responsibilities, point us to the person able to assist us.
- It is okay if you do not know the answer to a request; let us know so we can determine the right person to talk with.