Internal Audit Process

Each engagement will include a preliminary review to gather information on the activity under examination.

• This will include performance of a risk assessment. The Risk Assessment will include documenting key control activities and weaknesses in order to determine priorities of the specific internal audit activity.
• For the preliminary review, we may use some, but not necessarily limited to, the following procedures:
  • Discussions with the client
  • Interviews with affected personnel
  • On-site observations
  • Flowcharting
  • Walk-throughs
  • Requesting various documents
  • Review of management reports, prior internal and external audit reports, etc.
  • Consideration of the probability of significant errors, irregularities, noncompliance, and other exposures
• We will develop the audit program at this time. The audit program provides specific, detailed steps/procedures for achieving the audit objectives. Preparation of the audit program concludes the preliminary review phase.

Each engagement will be properly planned and the objectives, scope, timing, and resource allocations will be documented during the planning via a planning memo.

• Every audit will include an entrance conference with appropriate personnel. During the entrance conference, we will discuss the planned objectives, scope, timing, assigned personnel, and communication process.
• We encourage you to ask questions if you do not understand why certain activities have been included or excluded. In some cases, the audit program may change if additional areas or risks are identified.

During testing/fieldwork, the auditor collects, analyzes, and evaluates sufficient, competent evidential matter to support an audit finding or conclusion. Testing/fieldwork will be accomplished by applying the specific audit steps/procedures outlined in the audit program.

Once testing/fieldwork is completed, we will provide management with a preliminary (draft) report with our results. This preliminary report will include our recommendations to management as to how to address the issues found.

Once management has reviewed the preliminary (draft) report, management should provide its written responses to the findings reported.

• Management’s responses should include itemized specific actions planned or taken to resolve the reported finding, including an anticipated timeline for completion if applicable.
• We will schedule an exit conference with management to discuss its responses and resolve any discrepancies.

Internal audit ensures that the results of audits and other services are properly communicated to the appropriate management or operating personnel primarily in the form of written reports.  The final report will include any management responses provided.

• The final report is printed and distributed to the following by the system director:
  • Southern University Board of Supervisors Chair
  • Audit Committee Chair
  • Southern University System President-Chancellor
• This report is primarily for internal university management use. The System Audit Director and the President/Chancellor’s approvals are required for release outside of the university.

After each audit project surveys will be used to obtain information that will allow us to         continuously improve our services.