Suite of Services

Project Process

Our project process and purpose is related to the internal control model in that we review:

1. The accuracy and propriety of financial transactions
2. The adequacy of security for the organization's financial information system environment
3. The adequacy of the organization's financial internal control structure
4. Efficiency and effectiveness of operation/ financial business structure and processes
5. The adequacy of compliance with university, state and/or federal rules and regulations

We perform a standard six step model in our routine audits. The project process determines the way the projects are executed at the auditable unit. It was developed and standardized as follows:

1. Understand Project, Client and Inherent Risks including initial client audit meetings
1. The project begins with a kick-off meeting. The internal audit department, the audit methodology, the reporting style, etc., are presented to local senior management.
2. Identify High Risk Areas of Concern which becomes the Audit Focus
1. A detailed project plan is prepared. The planning phase is necessary to understand the local operation and its business risks and to set the audit scope--if not done in advance. The end result is a preliminary risk map with a tailor-made project approach, covering the highest business risks for the operation under review.
3. Perform Audit - Known as "Fieldwork" at the client location
1. The project fieldwork includes the evaluation and testing of processes, internal controls, and systems and procedures in the selected areas, as well as workpaper documentation of the results.
2. Project findings are discussed and confirmed throughout the project and documented in "Audit Observation Memo's."
4. Prepare Deliverables, Finalize Fieldwork and Perform Project Quality Review
1. As part of quality control, internal audit management reviews the work of the auditor to ensure that it meets the quality standards.
2. The project report is written in the field throughout the audit process.
5. Review the Project Deliverables with the Client
1. The project report is finalized by means of a formal closing (exit) meeting. The purpose of the closing meeting is to ensure commitment from responsible senior management and correct prioritization of all actions. The aim is to issue the final report within a few days after the closing meeting.
6. Finalize Audit and Issue Report
1. A standardized internal audit report was developed, consisting of two parts:
1. An 'Executive Summary', designed to give top management and the audit committee an overall assessment of the business risk exposures and the risk management environment.
2. The management action plan, a high level working document for local management that shows the agreed actions that will be taken to rectify any risk management weaknesses identified during the review and the due dates and persons responsible for the implementation.
1. Typical Project Response: We agree with the project finding. The Director agrees to implement an improved and fully documented reconciliation process by the fourth quarter of this fiscal year.
2. The standardized project report is intended to effectively summarize the results of the particular project and inform senior University leadership of overall risks and efforts that will be taken to mitigate those issues.
3. Our standard distribution list helps ensure that the results of audits are brought to the attention of the appropriate University leadership: Chancellor, audit committee, University management, campus management, business unit management and other relevant functions.

Follow - up of the implementation of agreed actions is conducted about one year after the exit meeting. Additional monitoring may be supported by follow-up visits in cases considered necessary by internal audit management, particularly for projects where significant weaknesses were identified.