La lecture en ligne est gratuite
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres
Télécharger Lire

Internal Audit Process - Website Version 2

De
5 pages
Arkansas State University Summary of Internal Audit Process Introduction: The purpose of this document is to explain some of the functions and processes of the Internal Audit area for the Arkansas State University System . The goal for Internal Audit is to make the audit process as smooth as possible. University Departments are encouraged to contact Internal Audit for advice on internal control procedures, improving efficiency and productivity, or to share concerns regarding possible irregularities. All sensitive information received will be kept confidential to the extent possible. An on-line web-site for reporting issues can be located at http://www.asusystem.edu/internalaudit/report_issue.php Internal Audit Mission: We support Arkansas State University in the pursuit of its mission by evaluating the adequacy of the internal controls, accuracy of financial records, and compliance with standard accounting practices, governmental and state regulations, and university policies and procedures. We value integrity and ethics, sound prudent business practices, initiative, and leadership. Organizational Structure: Internal Audit is an area within the ASU System Operations office and services the campuses of the Arkansas State University System. There is one and one-half FTE dedicated to performing internal audits (Assistant Vice Chancellor for Administration (50%) and Senior Internal Auditor (100%). The Assistant Vice Chinistration ...
Voir plus Voir moins
Arkansas State University
Summary of Internal Audit Process
Introduction:
The purpose of this document is to explain some of the functions and processes of the
Internal Audit area for the Arkansas State University System .
The goal for Internal Audit is
to make the audit process as smooth as possible.
University Departments are encouraged to
contact Internal Audit for advice on internal control procedures, improving efficiency and
productivity, or to share concerns regarding possible irregularities.
All sensitive information
received will be kept confidential to the extent possible.
An on-line web-site for reporting
issues can be located at
http://www.asusystem.edu/internalaudit/report_issue.php
Internal Audit Mission:
We support Arkansas State University in the pursuit of its mission by evaluating the
adequacy of the internal controls, accuracy of financial records, and compliance with
standard accounting practices, governmental and state regulations, and university policies
and procedures.
We value integrity and ethics, sound prudent business practices, initiative, and leadership.
Organizational Structure:
Internal Audit is an area within the ASU System Operations office and services the campuses
of the Arkansas State University System.
There is one and one-half FTE dedicated to
performing internal audits (Assistant Vice Chancellor for Administration (50%) and Senior
Internal Auditor (100%).
The Assistant Vice Chancellor for Administration reports to the
Vice President for ASU System Operations.
Audit Selection Process:
A.
Risk Assessment
Risk Assessment is the identification and analysis of risks to the achievement of the
University’s established objectives.
Internal Audit’s resources must be allocated in a way
that the areas with the highest risk exposure are given top priority for review.
The degree
of risk associated with an area can be measured in financial terms, in terms of activities
that affect the delivery of important services to the University community, or activities
regulated by external bodies.
Some risk factors considered when prioritizing audits include the complexity and size of
the operation, personnel turnover, and results of previous audits.
Some areas require
more frequent audit or review, while others may only need to be reviewed every few
years.
The Risk Assessment Model is used as an aide in determining and prioritizing risks.
The
model is distributed to the Executive Management of the University System for
completion. An example of a Risk Assessment Form is located at the following URL:
http://www.asusystem.edu/internalaudit/Risk%20Assessment%20Model.pdf
B.
Types of Audit
Audit projects can normally be categorized as one of the following:
Financial Audits – accounting and reporting
Operational Audits – efficiency and effectiveness
Compliance Audits – with policies, procedures, and governmental regulations
Special Requests (Investigate Engagements) - thefts, losses, allegations
Follow-up Engagements – review of original report exceptions and/ or
findings
C.
Audit Plan
After completing the annual risk assessment analysis, an audit plan is developed utilizing
the following criteria to make the selection:
1.
Risk assessment analysis,
2.
Legislative audit recommendations,
3.
Dollar amount of resources or areas with large cash transactions,
4.
Areas not completed on previous years’ plan, and
5.
Special management requests.
The audit plan generally includes a total of 6-7 audits to be performed during the fiscal
year and is presented to the Vice President for ASU System Operations for approval.
The Audit Process:
Working with the Client
Even though each audit project is unique, the audit process is similar for most
engagements and normally consists of four phases:
Planning, Field Work, Audit Report,
and Follow-up Review.
Client involvement is critical at each stage of the audit process.
As in any special project, an audit results in a certain amount of time being diverted from
a client’s usual routine.
One of the key objectives of our area is to minimize this time
and avoid disrupting the client’s on-going activities.
1.
Planning Phase
Announcement Letter and Entrance Conference:
The head of the department
or area being audited is informed in advance, through an announcement letter
from the Director, that an audit has been scheduled.
This letter communicates the
scope and objectives of the audit and the auditor(s) assigned to the project.
One
or more entrance conferences are held to provide the opportunity for the audit
team and the department members to meet each other and discuss the overall
purpose and objectives of the audit.
Tentative dates for fieldwork will be
scheduled and issues or processes that members of the department would like
included, or special concerns that need to be addressed in the Internal Auditor’s
scope of the work, may be defined at this time.
Internal Control Review:
An internal control questionnaire is completed during
this session to assist the auditor in reviewing the department’s internal control
structure.
The results of the internal control review are utilized by the auditor to
evaluate the adequacy of controls and to determine the type of tests performed in
the field work section.
A sample of the Internal Control Questionnaire is located
at URL:
http://www.asusystem.edu/internalaudit/generalICQ.pdf
Audit Program:
Preparation of the audit program concludes the planning phase
process.
This program outlines the fieldwork necessary to achieve the audit
objectives.
Sample Audit Programs are on file in the ASU System Operations
office.
2.
Field Work Phase
During the audit fieldwork phase the auditor carries out the test steps out-lined in
the audit program.
The auditor will select and examine samples of transactions,
observe processes, and conduct additional interviews as needed.
To avoid any
surprises at the end of the audit, the auditor discusses any significant exceptions
or findings with the client.
Hopefully, the client can offer insights and work with
the auditor to determine the best method of resolving the exception/finding.
Usually, these communications are oral.
However, in more complex situations,
memorandums can be written in order to ensure full understanding by the client
and the auditor.
Upon completion of the fieldwork, the auditor summarizes the
audit findings, conclusions, and action to be taken (as agreed upon by both auditor
and client) for the audit report discussion draft.
Our goal:
No surprises.
3.
Audit Report Phase
Draft Report:
After the conclusion of fieldwork, Internal Audit prepares a draft
of the audit report which is provided to department management for discussion
purposes.
The report should contain no surprises for the managers with whom
Internal Audit has been working.
The report is usually formatted with sections
explaining the scope, objectives, and time period of review, the background, a
brief summary of the findings that were identified in the audit with
recommendations for improvement, and a paragraph requesting management’s
response to the report.
Findings and recommendations are attached in
approximate order of priority.
Recommendations that call for response from
managers outside of the audited unit are referred to those managers for response.
Exit Conference:
An exit conference is scheduled among Internal Audit and
relevant managers to discuss the substance and wording of the report and how
management intends to respond to the recommendations.
If there are significant
changes to the draft, a second draft of the report may be issued.
Management’s
written responses to Internal Audit’s recommendations are requested within 30
days of the draft report’s issuance.
Final Draft:
The final version of the audit report acknowledges and incorporates
management’s responses to each recommendation.
The report is directed to the
ASU System President and distributed to the Chairman of the Board of Trustees,
Chancellor of the University, Division Officer, and Department Manager.
Copies
of the report may also be issued to other members of management as deemed
necessary.
The Department Manager is responsible for passing audit information
to key personnel in order to assure the necessary changes are made.
Final internal
audit reports are routinely requested by and provided to external auditors for
review in conjunction with the annual audit of the University’s financial
statements.
Client Comments:
Within one week of issuing the final audit report, an e-mail
request will be sent to the departmental director to complete a Client Evaluation
form located at the following URL:
http://www.asusystem.edu/internalaudit/survey.php
These evaluations help the Internal Audit staff determine areas for improvement
in their operations and procedures.
The online audit evaluation is automatically
sent to Internal Audit upon submission.
4.
Follow-up Review Phase
Follow-up Audit:
After a reasonable period of time has passed for management
to take actions indicated in the departmental response to the audit findings
(usually after one or two years), Internal Audit will schedule a follow-up audit.
The follow-up audit involves outlining the findings and anticipated actions from
the prior audit report and determining if and how each matter has been resolved.
Follow-up audits are typically shorter in duration than operational audits and
involve inquiry of management and some limited test work.
Follow-up audit
reports outline the findings that have been completely resolved, and the
outstanding or new items that have not been addressed.
They are issued in
accordance with the same reporting process that is described above.
Audit Follow-up Report:
Each quarter, the Internal Audit Department prepares
a report which lists the legislative, external, and internal audit findings and
recommendations for review by the executive management of the ASU System.
The report provides a brief description of the finding, original audit
recommendation, response, and the current condition regarding resolution
including a date of completion or projected completion.
A sample of the Audit
Follow-up Report is available in the ASU System Operations office (Appendix
V).
Consultation Services and Training
Internal Audit commonly addresses a variety of issues concerning Arkansas State University
policies, procedures, and internal controls as questions arise.
Once Internal Audit has
worked with a department on a project, the staff has an understanding of the unique
characteristics of that department’s operations.
As a result we can help evaluate the
feasibility of making future modifications to departmental operations and provide referrals to
the appropriate University offices for further information or additional training.
Internal Audit offers training sessions regarding the Internal Audit process at a location on
the Jonesboro, AR campus annually.
A copy of the power-point presentation,
Understanding
the Internal Audit Process
, is located at the following URL:
http://www.asusystem.edu/internalaudit/training/
Un pour Un
Permettre à tous d'accéder à la lecture
Pour chaque accès à la bibliothèque, YouScribe donne un accès à une personne dans le besoin