1. PLANNING
Internal Audit performs an annual risk assessment to identify high-risk areas for potential audits in the upcoming fiscal year. This assessment incorporates feedback from departmental surveys, enabling stakeholders to communicate emerging issues to Internal Audit. The areas analyzed include academic and administrative departments, business operations, auxiliary components, and any other units involved in the GCSU mission.
Several factors influence the level of risk, including regulatory compliance, reliance on technology, financial impact, organizational changes, and audit history.
Risks determine the type of audit conducted, which includes operational, financial, compliance, information technology, fraud or misconduct investigations, and advisory services.
The university president and chief audit officer determine the areas to include in the audit plan, which is then submitted to the USG Chief Audit Officer for final approval.
2. ENGAGEMENT
Internal Audit officially notifies a unit of an audit through an engagement letter that explains the objectives, scope, projected time frame, and requested items.
The Chief Audit Officer will hold an entrance conference with the unit head and other relevant personnel to discuss the process and address any questions or concerns.
3. FIELDWORK
To meet the audit objectives, data collection, interviews, and testing of internal controls and compliance are performed. As necessary, potential audit observations or recommendations are shared with the unit head.
4. REPORTING
An exit conference is held to present a draft report and discuss any findings or recommendations. Management is asked to provide a written response that includes a plan for corrective action, the name and title of the person responsible for its implementation, and the implementation date. The management response is incorporated into the final report, which is issued to all required parties, typically including the unit supervisor, university president, and USG CAO.
5. FOLLOW-UP
Internal Audit will monitor the implementation of recommendations by communicating with the unit head to ensure adequate corrective actions are completed.
More information is available in the USG Business Procedures Manual Section 16.4 Internal Audit/Engagement Process.