University of Minnesota
University of Minnesota
http://www.umn.edu/
612-625-5000
Office of Internal Audits
For reporting misconduct:     UReport »
Home
West Bank Office Building

University of Minnesota

Office of Internal Audit

1300 S 2nd St, Suite 510
Minneapolis, MN 55454

612-625-1368 (phone)
612-625-1512 (fax)

The Audit Process

At the University of Minnesota, the Office of Internal Audit promotes the concept that an audit is something we accomplish together with you, the audit client. We believe in the importance of developing a partnership with you throughout the audit process. This allows us to provide assurance on the effectiveness and efficiency of your processes, and assist you by focusing on areas you may want to prioritize to reach your unit’s goals.

Following are the steps of the audit process and specific examples of how your active involvement will enhance the audit process and the resulting product (i.e., recommendations to reduce risks and improve your ability to fulfill your mission).

Prior to Entrance Conference
When we notify you about an upcoming audit of your unit, or if you have requested an audit, we ask that you supply information regarding financial, operational, and information system documentation unique to your unit so we can get to know your unit and its operations. If you are aware of other information that would be helpful to us as we review your operation, we ask that information also be provided.

Entrance Conference
At the entrance conference, we describe the audit process and ask that you share any internal control concerns you have regarding your unit. This is an opportunity to request audit review and assessment of issues important to management.

Planning
With input from you and the information you have provided, we begin the audit planning process. We meet with your unit’s management from various areas (e.g., finance, human resources, IT) and may go over an internal control questionnaire to better understand each area’s existing controls. Most audits will also include an employee survey. When planning is complete we send you an engagement letter and audit work plan and ask that you review the plan and suggest revisions, if needed. Ask questions if you don't understand why certain activities have been included or excluded. There are no secrets to our audit scope or process, and your input at this point is particularly valuable. However, the audit work plan may change slightly if additional areas of risk are identified during testing.

Testing/Fieldwork
Much of our testing is accomplished “behind the scenes” using sources such as EFS and the Perceptive Content imaging software; however, we also spend time in your unit asking questions and interviewing appropriate staff as needed to clarify processes and ask questions regarding our test results. As we share test results with management, we ask that you review the preliminary results and begin thinking about possible corrective actions.

Exit Conference and Reporting
After our testing has concluded, we provide you with a draft audit report with our results. All issues raised will have recommendations, which are our suggestions on how to remediate the issue. When you have had a chance to review the draft report, we hold an exit conference with you and any of your staff you’d like to include, during which you may make suggestions for any changes or enhancements. Keep in mind this review is vital to ensuring the accuracy of the report.

Developing the Management Action Plan
We ask units to offer solutions to the issues addressed, assign individual(s) responsible for seeing that the solution has been attained, and to project realistic time frames for completion of the recommendations made. Your involvement is particularly critical to ensure the corrective action taken is the best solution to the control issue addressed.

The Final Audit Report
After we have reviewed the draft report with you and you have provided your management action plan, we issue a final report and executive summary. Copies of the report and/or the executive summary will be distributed to the President of the University, the Board of Regents, the Legislative Auditor, the University’s external auditors, and other interested parties. The final audit report is a public document.

Control Chart
As part of the audit report, we prepare and include a control chart. The control chart is a visual representation of the areas where our testing has indicated control processes are operating effectively or where improvements are needed to increase the effectiveness and efficiency of your internal control environment. This bar chart will indicate what areas are “Essential” and “Significant” to improving internal control, as well as, areas we reviewed that have sufficient controls.

Post-Audit Survey
After the final report has been issued, we send you a post-audit survey where you may rate our performance and your satisfaction with the audit process; your feedback helps us continually improve our processes.

Recommendation Follow-up
Three times per year, we perform follow up on audited units that have audit recommendations rated as “Essential” that are not yet fully implemented, and update the Audit and Compliance Committee as to the status of your corrective actions. We contact your unit and ask you to provide information on any outstanding items; it is helpful for you to be proactive in monitoring and reporting the status of corrective action internally. The primary benefits of the audit are not realized until effective corrective action is taken to address the underlying issue, which may vary from our recommendation or even from your original management action plan.

As you can see, the audit process is optimized with your active participation and input. Again, to this end, we look forward to partnering with you throughout this process to improve and sustain University controls, accountability and oversight.

Back to top