Audit Process

Selecting Audit Projects

Audit areas can be selected in two ways.

• Audit projects are selected based on a formal risk-based planning process linked to the University's enterprise-wide risk management process. The Board Audit Committee approves these projects.
• Projects can be requested as a percentage of audit resources that are left unallocated. For requests for audit involvement please contact our office here. These requests are typically made through the Vice President, Dean, Director, Chair, or other senior administrator. There is a process used to ensure that these projects are in areas where a review would benefit the University. The Board Audit Committee approves the involvement of Internal Audit Services in any additional projects.

Conducting an Audit

An audit is normally conducted in four phases and during each phase in the audit process staff from the units involved will have the opportunity to participate. The process works best when management and Internal Audit have a solid working relationship based on clear and ongoing communication.

If there are any concerns about the process, those involved are encouraged to direct their concerns to the auditors or to the University Auditor, Internal Audit Services here.

Listed below is the process for the four different phases of an audit.

1. Audit Planning

• An approach letter outlining the preliminary objectives and scope of the review is sent to the appropriate Vice-President or senior manager.
• An entrance meeting is held to introduce the audit team and outline the preliminary audit objectives.
• More detailed information regarding the area is gathered (through interviews, documentation review and research) to develop an engagement plan and terms of reference for the project.
• A Terms of Reference document, outlining key elements of the audit project, is sent to senior management for endorsement.

2. Audit Fieldwork

• Fieldwork concentrates on gathering the information necessary to assess the adequacy and effectiveness of controls, risk management and governance processes.
• Auditors gather information by talking with staff, reviewing procedures and business processes, and conducting tests to meet the objectives of the audit.
• This stage concludes with a list of significant findings identified by the auditor in a draft audit report.
• In the conduct of their work, Internal Audit Services staff members are authorized to have unrestricted access to all functions, records, property, and personnel.

3. Audit Reporting

• An exit conference is held with senior managers for the area under review to outline the audit findings and ensure all relevant facts have been considered.
• An audit report is drafted and includes the major recommendations. Recommendations that do not address significant risks will be outlined in a management letter.
• The draft report is provided to senior management for fact validation. Once a response is received and any changes made, a second draft is provided soliciting management's plans to address the recommendations (i.e. for inclusion in the final report).
• Meetings will be scheduled as required to facilitate the completion of an accurate report.
• Once the report is finalized, it is distributed to senior management and to the Office of the Auditor General of Alberta.
• An overview of reports is provided to the Board Audit Committee.

4. Audit Follow-up

• Once the audit is completed, Internal Audit Services periodically requests an update on progress made in implementing recommendations.
• In certain instances, our office will revisit this area to ascertain whether the corrective action taken is achieving the desired results.
• Reports of follow-up activity are provided to the Board Audit Committee.

---