Annual Audit Plan Process

On an annual basis, OAC develops its Annual Audit Plan.  First, OAC reviews a variety of information, including senior management’s goals and objectives, applicable laws and regulations, and current industry topics and concerns, to develop an Audit Universe.  Next, interviews are held with key stakeholders across the University, which allows OAC to assess risks.  From this, the Annual Audit Plan is developed highlighting specific audits and projects that will be performed during the year.  The Plan is presented to the Executive Compliance Committee (ECC) and to the Board of Trustees Committee on Audit and Compliance (ACC) for approval.

Internal Audit Process

During the course of the year, OAC works from the Plan to complete the individual projects.  While each project is unique, the core process followed by OAC is the same.  The process is outlined below and discussed at opening conferences:

1.  Risk Assessment & Scope
  • Perform research of audit area
  • Inform client of planned audit
  • Hold opening meeting with client to discuss audit scope
  • Finalize audit scope
2.  Process Review
  • Review policies and procedures
  • Perform preliminary process walkthroughs
  • Discuss preliminary process and controls design observations
  • Plan for fieldwork/testing
3.  Fieldwork/Testing
  • Gather data and documentation
  • Conduct analysis and testing
  • Follow up with client regarding questions
  • Share and validate preliminary observations
  • Prepare draft report including recommendations
4.  Reporting
  • Hold closing conference to discuss and validate draft report
  • Finalize draft report for management response
  • Issue final report to client
  • Discuss final report with ECC and summary with ACC
5.  Follow-Up
  • Solicit suggestions for improvements to internal audit process
  • Periodically follow up on status of management action plans