At Valdosta State University we use a risk-based approach to determine what we will audit. Risks include many factors including the dollar volume and liquidity of the area under consideration, the reliance on information technology, regulatory compliance and public scrutiny as well as organizational change and economic transition, and the length of time since the last audit. Our risk assessment process consists of the following three steps:
- collecting information from multiple sources, analyses, and measures;
- fusing collected information into potential risks; and,
- assessing potential risks by likelihood, impact, breadth, and velocity.
If you are selected for audit, we will notify you in advance and send you an engagement letter outlining the objectives of the audit. The audit follows the steps outlined here:
- Opening Conference
- Internal Audit conducts an opening conference with the Vice President/Director, management, and key staff members of the area being audited to discuss the audit process and potential areas of risk. The conference is a participative forum that encourages input from participants and is designed to establish a team-orientated relationship with our audit customers.
- Work Team Meetings
- Internal Audit invites staff and management to a collaborative meeting before audit fieldwork begins. During the meeting, participants work together to identify the key processes of the area being audited, the risks associated with those processes, and the internal controls that are or should be in place to reduce the risks associated with those processes. Additional staff and management help the auditor(s) determine the most reasonable and practical ways to perform testing of processes, expenditures, and internal controls.
- The fieldwork phase consists of performing audit activities to satisfy the scope and objectives of the audit. General fieldwork procedures typically include:
- Interviews with staff and management
- Examination of supporting documentation
- Review of internal controls processes
- Inspection of safeguards over assets
- Inspection of safeguards over information
- Implementing Management Action Plans during an audit
- Throughout the audit, the auditor will provide information to management regarding areas where there are opportunities for process improvement. If management is able to successfully implement the action plans before the completion of the audit, the audit report will note that corrective action has been taken. However, if management is unable to implement agreed-upon action plans before completion of the audit, we will conduct an exit conference to discuss the outstanding action plans, obtain agreement regarding the best way to report the observations, determine the most reasonable and practical way to implement the remaining action plans, and an estimated date of completion for the action plan. The audit observations and related management action plans will be documented in the final audit report.
- After the draft audit report is written, it will initially be shared only with management of the area that was audited. Internal Audit will solicit feedback from management to determine if they agree with the content and format of the draft audit report and if they have any suggestions to improve the report.
- After all agreed-upon revisions have been made to the draft audit report, the final audit report will be distributed to the area’s Vice President/Director, VSU’s President, the Board of Regents’ Chief Audit Officer and Executive Director of Internal Audits, and other stakeholders as appropriate.
- Customer Satisfaction Survey
- Internal Audit is continually seeking opportunities to improve our customer service. As a result, after the final report is distributed, we will request the managers and staff of the area that was audited to complete our Customer Satisfaction Survey, which is available on our website. Generalized results of the survey are also used to support our annual Institutional Effectiveness Report.
- Follow-up on audit findings
- Findings are reviewed quarterly by VSU’s Audit Director and the Board of Regents staff. The Board auditors will request explanations for recommendations that are not implemented in a timely manner, according to the estimated completion dates provided by management.
Last Updated: 8/29/2013