Internal Audit Process
Standards for the Professional Practice of Internal Auditing define internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.”
The Internal Audit function (according to the Business Procedures Manual of the Board of Regents of the University System of Georgia) is to “Provide an independent appraisal of financial, operations, and control activities. Auditors report on the adequacy of internal controls, the accuracy and propriety of transactions, the extent to which assets are accounted for and safeguarded, and compliance with institutional policies and government laws and regulations. Additionally, Internal Audit is responsible for providing analysis, recommendations, counsel, and information concerning the activities reviewed.”
Internal Audit is responsible for supporting VSU management in meeting its governance, risk management, internal controls and compliance responsibilities while helping to improve organizational and operational effectiveness and efficiency. We accomplish this objective through consulting services, workshops, and of course performing internal audits. We conduct various types of audits including:
Operational – Operational audits are comprehensive examinations of a unit or organization to evaluate its performance, as measured by management’s objectives. An operational audit focuses on the efficiency, effectiveness, and economy of operations.
Financial – Financial audits determine the accuracy and propriety of financial transactions.
Compliance – Compliance audits determine whether, and to what degree, there is conformance to certain specific requirements of policy, procedures, standards, or laws and governmental regulations. The audit focuses almost exclusively upon detailed testing of conditions.
Loss/Fraud – Loss/fraud investigations are conducted to determine existing control weaknesses, assist in determining the amount of loss/fraud, and recommend corrective measures to help prevent and detect subsequent recurrences.
Presidential Transition Audit – Presidential Transition audits are used to inform an incoming President of any major control, financial, and/or operational issues and risks that may need to be addressed at the outset of the new campus administration.
Information Technology – IT audits evaluate the accuracy, effectiveness, efficiency and security of electronic and information processing systems that are in production or under development.
At Valdosta State University we use a risk-based approach to determine what we will audit. Risks include many factors including the dollar volume and liquidity of the area under consideration, the reliance on information technology, regulatory compliance and public scrutiny as well as organizational change and economic transition, and the length of time since the last audit. Our risk assessment process consists of the following three steps:
- collecting information from multiple sources, analyses, and measures;
- fusing collected information into potential risks; and,
- assessing potential risks by likelihood, impact, breadth, and velocity.
If you are selected for audit, we will notify you in advance and send you an engagement letter outlining the objectives of the audit. The audit follows the steps outlined here:
Internal Audit conducts an opening conference with the Vice President/Director, management, and key staff members of the area being audited to discuss the audit process and potential areas of risk. The conference is a participative forum that encourages input from participants and is designed to establish a team-orientated relationship with our audit customers.
Work Team Meetings
Internal Audit invites staff and management to a collaborative meeting before audit fieldwork begins. During the meeting, participants work together to identify the key processes of the area being audited, the risks associated with those processes, and the internal controls that are or should be in place to reduce the risks associated with those processes. Additional staff and management help the auditor(s) determine the most reasonable and practical ways to perform testing of processes, expenditures, and internal controls.
The fieldwork phase consists of performing audit activities to satisfy the scope and objectives of the audit. General fieldwork procedures typically include:
- Interviews with staff and management
- Examination of supporting documentation
- Review of internal controls processes
- Inspection of safeguards over assets
- Inspection of safeguards over information
Implementing Management Action Plans during an audit: Throughout the audit, the auditor will provide information to management regarding areas where there are opportunities for process improvement. If management is able to successfully implement the action plans before the completion of the audit, the audit report will note that corrective action has been taken. However, if management is unable to implement agreed-upon action plans before completion of the audit, we will conduct an exit conference to discuss the outstanding action plans, obtain agreement regarding the best way to report the observations, determine the most reasonable and practical way to implement the remaining action plans, and an estimated date of completion for the action plan. The audit observations and related management action plans will be documented in the final audit report.
After the draft audit report is written, it will initially be shared only with management of the area that was audited. Internal Audit will solicit feedback from management to determine if they agree with the content and format of the draft audit report and if they have any suggestions to improve the report. After all agreed-upon revisions have been made to the draft audit report, the final audit report will be distributed to the area’s Vice President/Director, VSU’s President, the Board of Regents’ Chief Audit Officer and Executive Director of Internal Audit, and other stakeholders as appropriate.
Customer Satisfaction Survey
Internal Audit is continually seeking opportunities to improve our customer service. As a result, after the final report is distributed, we will request the managers and staff of the area that was audited to complete our Customer Satisfaction Survey, which is available on our website. Generalized results of the survey are also used to support our annual Institutional Effectiveness Report.
Findings are reviewed quarterly by VSU’s Audit Director and the Board of Regents staff. The Board auditors will request explanations for recommendations that are not implemented in a timely manner, according to the estimated completion dates provided by management.