|Internal Auditing- Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. - Definition of Internal Auditing, Institute of Internal Auditors, 2017|
Internal Audit Process
Internal Audit Plan - An audit plan is established each fiscal year which consists of risk-based audits, any required audits and special audit requests of management or the Board. The audit plan may be revised during the year if priorities, risks or audit resources change. Investigations or special reviews are added to the plan as needed.
Audit Notification - If your department or institution is selected for audit, the auditor will send a letter or other notice of the planned engagement. The letter may include a list of documents (e.g., budget, organization charts, policies) needed before the audit begins to gain an understanding of the department.
Engagement Planning - Planning steps performed by the auditor include reviewing information provided; identifying statutory, policy, grant, contract or other requirements; assessing the risks for the department; determining the scope of the audit work to be performed and developing the objectives of the audit and an audit program. The audit program includes the procedures to be performed during the audit, such as sampling of transactions, interviewing staff about processes, observing workflow activity, or verifying data, designed to meet the planned objectives.
Entrance Conference - The auditor will schedule a meeting with senior management and other key staff of the area to be audited to discuss the audit scope, timeframe, any scheduling concerns and documents or data that will be needed. The auditor will ask about any areas of concern and staff should feel free to share information about matters they feel should be reviewed.
Audit Fieldwork - After the entrance conference, the auditor may update the audit program based on additional information provided and will begin fieldwork. The fieldwork consists of performing the procedures outlined in the audit program, evaluating the effectiveness of internal controls, and summarizing the results of the procedures performed. The auditor will have questions for management and staff about the activities under review and will consult with them throughout the process about procedures or potential resolutions to any issues identified.
Exit Conference - An exit meeting will be held to discuss the results of the audit and management's responses. The meeting will provide management with the opportunity to discuss any issues or concerns about the results of the audit.
Draft Report - The results of the audit procedures will be summarized and a draft report prepared. The report will include an introduction about the department or program under review as well as the objectives and the scope of the audit. A section on the results of the audit will include any findings, recommendations or observations identified during the audit and an overall conclusion on the results. Upon receiving the report, carefully review it and discuss any questions or errors with the auditor. Management will be asked to provide a written response to each finding or recommendation in the report. The response should state whether management agrees or disagrees with the item, the corrective action that will be taken and the expected date the action will be completed.
Final Report - The final report, with management's responses, will be distributed by Internal Audit to the Chancellor or President and the management responsible for the area audited. An executive summary of the report will be provided to the Audit Committee of the Tennessee Board of Regents. The report will also be distributed to the Comptroller of the Treasury, Division of State Audit.
Follow-up Review - The auditor maintains a list of issues needing corrective action and will return to perform additional procedures near the expected completion date, to verify the actions have been taken. A list of open audit issues is provided to the Audit Committee each quarter to report the status of these items.