Internal Audit Process - Website Version 2

5 pages

English

Internal Audit Process - Website Version 2

Efta - Traceymc

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

5 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Arkansas State University Summary of Internal Audit Process Introduction: The purpose of this document is to explain some of the functions and processes of the Internal Audit area for the Arkansas State University System . The goal for Internal Audit is to make the audit process as smooth as possible. University Departments are encouraged to contact Internal Audit for advice on internal control procedures, improving efficiency and productivity, or to share concerns regarding possible irregularities. All sensitive information received will be kept confidential to the extent possible. An on-line web-site for reporting issues can be located at http://www.asusystem.edu/internalaudit/report_issue.php Internal Audit Mission: We support Arkansas State University in the pursuit of its mission by evaluating the adequacy of the internal controls, accuracy of financial records, and compliance with standard accounting practices, governmental and state regulations, and university policies and procedures. We value integrity and ethics, sound prudent business practices, initiative, and leadership. Organizational Structure: Internal Audit is an area within the ASU System Operations office and services the campuses of the Arkansas State University System. There is one and one-half FTE dedicated to performing internal audits (Assistant Vice Chancellor for Administration (50%) and Senior Internal Auditor (100%). The Assistant Vice Chinistration ...

Informations

Publié par	Efta
Nombre de lectures	18
Langue	English

Extrait

Arkansas State University

Summary of Internal Audit Process

Introduction:

The purpose of this document is to explain some of the functions and processes of the

Internal Audit area for the Arkansas State University System .

The goal for Internal Audit is

to make the audit process as smooth as possible.

University Departments are encouraged to

contact Internal Audit for advice on internal control procedures, improving efficiency and

productivity, or to share concerns regarding possible irregularities.

All sensitive information

received will be kept confidential to the extent possible.

An on-line web-site for reporting

issues can be located at

http://www.asusystem.edu/internalaudit/report_issue.php

Internal Audit Mission:

We support Arkansas State University in the pursuit of its mission by evaluating the

adequacy of the internal controls, accuracy of financial records, and compliance with

standard accounting practices, governmental and state regulations, and university policies

and procedures.

We value integrity and ethics, sound prudent business practices, initiative, and leadership.

Organizational Structure:

Internal Audit is an area within the ASU System Operations office and services the campuses

of the Arkansas State University System.

There is one and one-half FTE dedicated to

performing internal audits (Assistant Vice Chancellor for Administration (50%) and Senior

Internal Auditor (100%).

The Assistant Vice Chancellor for Administration reports to the

Vice President for ASU System Operations.

Audit Selection Process:

Risk Assessment

Risk Assessment is the identification and analysis of risks to the achievement of the

University’s established objectives.

Internal Audit’s resources must be allocated in a way

that the areas with the highest risk exposure are given top priority for review.

The degree

of risk associated with an area can be measured in financial terms, in terms of activities

that affect the delivery of important services to the University community, or activities

regulated by external bodies.

Some risk factors considered when prioritizing audits include the complexity and size of

the operation, personnel turnover, and results of previous audits.

Some areas require

more frequent audit or review, while others may only need to be reviewed every few

years.

The Risk Assessment Model is used as an aide in determining and prioritizing risks.

The

model is distributed to the Executive Management of the University System for

completion. An example of a Risk Assessment Form is located at the following URL:

http://www.asusystem.edu/internalaudit/Risk%20Assessment%20Model.pdf

Types of Audit

Audit projects can normally be categorized as one of the following:

•

Financial Audits – accounting and reporting

•

Operational Audits – efficiency and effectiveness

•

Compliance Audits – with policies, procedures, and governmental regulations

•

Special Requests (Investigate Engagements) - thefts, losses, allegations

•

Follow-up Engagements – review of original report exceptions and/ or

findings

Audit Plan

After completing the annual risk assessment analysis, an audit plan is developed utilizing

the following criteria to make the selection:

Risk assessment analysis,

Legislative audit recommendations,

Dollar amount of resources or areas with large cash transactions,

Areas not completed on previous years’ plan, and

Special management requests.

The audit plan generally includes a total of 6-7 audits to be performed during the fiscal

year and is presented to the Vice President for ASU System Operations for approval.

The Audit Process:

Working with the Client

Even though each audit project is unique, the audit process is similar for most

engagements and normally consists of four phases:

Planning, Field Work, Audit Report,

and Follow-up Review.

Client involvement is critical at each stage of the audit process.

As in any special project, an audit results in a certain amount of time being diverted from

a client’s usual routine.

One of the key objectives of our area is to minimize this time

and avoid disrupting the client’s on-going activities.

Planning Phase

Announcement Letter and Entrance Conference:

The head of the department

or area being audited is informed in advance, through an announcement letter

from the Director, that an audit has been scheduled.

This letter communicates the

scope and objectives of the audit and the auditor(s) assigned to the project.

One

or more entrance conferences are held to provide the opportunity for the audit

team and the department members to meet each other and discuss the overall

purpose and objectives of the audit.

Tentative dates for fieldwork will be

scheduled and issues or processes that members of the department would like

included, or special concerns that need to be addressed in the Internal Auditor’s

scope of the work, may be defined at this time.

Internal Control Review:

An internal control questionnaire is completed during

this session to assist the auditor in reviewing the department’s internal control

structure.

The results of the internal control review are utilized by the auditor to

evaluate the adequacy of controls and to determine the type of tests performed in

the field work section.

A sample of the Internal Control Questionnaire is located

at URL:

http://www.asusystem.edu/internalaudit/generalICQ.pdf

Audit Program:

Preparation of the audit program concludes the planning phase

process.

This program outlines the fieldwork necessary to achieve the audit

objectives.

Sample Audit Programs are on file in the ASU System Operations

office.

Field Work Phase

During the audit fieldwork phase the auditor carries out the test steps out-lined in

the audit program.

The auditor will select and examine samples of transactions,

observe processes, and conduct additional interviews as needed.

To avoid any

surprises at the end of the audit, the auditor discusses any significant exceptions

or findings with the client.

Hopefully, the client can offer insights and work with

the auditor to determine the best method of resolving the exception/finding.

Usually, these communications are oral.

However, in more complex situations,

memorandums can be written in order to ensure full understanding by the client

and the auditor.

Upon completion of the fieldwork, the auditor summarizes the

audit findings, conclusions, and action to be taken (as agreed upon by both auditor

and client) for the audit report discussion draft.

Our goal:

No surprises.

Audit Report Phase

Draft Report:

After the conclusion of fieldwork, Internal Audit prepares a draft

of the audit report which is provided to department management for discussion

purposes.

The report should contain no surprises for the managers with whom

Internal Audit has been working.

The report is usually formatted with sections

explaining the scope, objectives, and time period of review, the background, a

brief summary of the findings that were identified in the audit with

recommendations for improvement, and a paragraph requesting management’s

response to the report.

Findings and recommendations are attached in

approximate order of priority.

Recommendations that call for response from

managers outside of the audited unit are referred to those managers for response.

Exit Conference:

An exit conference is scheduled among Internal Audit and

relevant managers to discuss the substance and wording of the report and how

management intends to respond to the recommendations.

If there are significant

changes to the draft, a second draft of the report may be issued.

Management’s

written responses to Internal Audit’s recommendations are requested within 30

days of the draft report’s issuance.

Final Draft:

The final version of the audit report acknowledges and incorporates

management’s responses to each recommendation.

The report is directed to the

ASU System President and distributed to the Chairman of the Board of Trustees,

Chancellor of the University, Division Officer, and Department Manager.

Copies

of the report may also be issued to other members of management as deemed

necessary.

The Department Manager is responsible for passing audit information

to key personnel in order to assure the necessary changes are made.

Final internal

audit reports are routinely requested by and provided to external auditors for

review in conjunction with the annual audit of the University’s financial

statements.

Client Comments:

Within one week of issuing the final audit report, an e-mail

request will be sent to the departmental director to complete a Client Evaluation

form located at the following URL:

http://www.asusystem.edu/internalaudit/survey.php

These evaluations help the Internal Audit staff determine areas for improvement

in their operations and procedures.

The online audit evaluation is automatically

sent to Internal Audit upon submission.

Follow-up Review Phase

Follow-up Audit:

After a reasonable period of time has passed for management

to take actions indicated in the departmental response to the audit findings

(usually after one or two years), Internal Audit will schedule a follow-up audit.

The follow-up audit involves outlining the findings and anticipated actions from

the prior audit report and determining if and how each matter has been resolved.

Follow-up audits are typically shorter in duration than operational audits and

involve inquiry of management and some limited test work.

Follow-up audit

reports outline the findings that have been completely resolved, and the

outstanding or new items that have not been addressed.

They are issued in

accordance with the same reporting process that is described above.

Audit Follow-up Report:

Each quarter, the Internal Audit Department prepares

a report which lists the legislative, external, and internal audit findings and

recommendations for review by the executive management of the ASU System.

The report provides a brief description of the finding, original audit

recommendation, response, and the current condition regarding resolution

including a date of completion or projected completion.

A sample of the Audit

Follow-up Report is available in the ASU System Operations office (Appendix

V).

Consultation Services and Training

Internal Audit commonly addresses a variety of issues concerning Arkansas State University

policies, procedures, and internal controls as questions arise.

Once Internal Audit has

worked with a department on a project, the staff has an understanding of the unique

characteristics of that department’s operations.

As a result we can help evaluate the

feasibility of making future modifications to departmental operations and provide referrals to

the appropriate University offices for further information or additional training.

Internal Audit offers training sessions regarding the Internal Audit process at a location on

the Jonesboro, AR campus annually.

A copy of the power-point presentation,

Understanding

the Internal Audit Process

, is located at the following URL:

http://www.asusystem.edu/internalaudit/training/

Univers
Ebooks
Livres audio
Presse
Podcasts
BD
Documents

Livre audio en ligne - Développement personnel Livre en ligne Tout le catalogue Tous les Intérêts

Internal Audit Process - Website Version 2

YouScribe

Le catalogue

Le service

Les conditions