The typical audit is intended to determine whether or not the area under review is
following prudent business and administrative practices consistent with the mission
of the organization, official policies and bylaws of the University, and the laws
or requirements of external authorities, as may be applicable. When we are able to
verify that these issues are taken seriously by both management and support personnel,
and that these practices are actively carried out in their daily work routines, we
will invariably conclude that a strong internal control environment (also known as
a system of checks and balances) is in place. The existence of an effective internal
control environment in all of the University's administrative and support functions
is an integral part of maintaining a sound financial position and providing quality
services in support of academic excellence. The existence of these features, along
with providing quality academic programs, will contribute towards achieving the University's
vision of "Scholarship in Action."
The director or department head of the area to be audited will be contacted by the
Chief Internal Auditor to inform him/her of our intentions to perform an audit of
the area's operations and to arrange an entrance meeting. A formal Engagement Letter
will then be delivered to the client, along with a Pre-Entrance Meeting Questionnaire,
an Audit Policy statement, and a Customer Satisfaction Survey. The questionnaire,
which will provide the auditors with basic background information about the operations
to be audited, should be completed by the client prior to the entrance meeting. The
survey, which offers the client the opportunity to evaluate our audit process, should
be completed by the client subsequent to audit completion.
An entrance meeting will serve to allow the Audit Department to describe to the client
the goals and objectives for performing the audit. Any questions or concerns the client
may have regarding the audit should be brought forth at this meeting. The entrance
meeting should also be utilized to determine the appropriate contact personnel, set-up
any necessary appointments, and determine the desired and most efficient methods of
communication during the course of the audit.
One of the primary objectives of the auditor is to gain an understanding of the client's
operations. The auditor will ask to examine any existing written policies and/or procedures
which your area may have produced. Additionally, the auditor will ask to interview
key personnel in order to develop (or update) our understanding of the operations
being audited. Upon completion of this stage of the audit, the auditor will prepare
a control document ( flowchart, narrative, or questionnaire). This document will be
utilized to help assess the operation's control strengths and weaknesses and to determine
the nature and extent of audit testing to be performed.
Audit tests serve to determine whether or not the stated controls are working effectively.
The client may be asked to provide documentation or other appropriate evidence pertinent
to their operation that will assist in audit testing. The auditor may require assistance
in obtaining documentation and in answering questions that may arise during the course
of the audit. Based on the review of the control environment and audit test work conducted,
the auditor will attempt to identify any actual or potential control weaknesses and/or
findings. These areas of audit concern will be informally communicated to the client
during the course of the audit and summarized into a draft report once the audit review
has been completed.
The draft report will be forwarded to the client for review and arrangements will
be made to have an exit meeting to discuss the draft report. The client should carefully
review the draft report for accuracy of content prior to the exit meeting. This meeting
will allow for discussion of the audit concerns detailed in the report and the audit
process in general. Additionally, this provides a forum for both the auditor and client
to reach agreement or discuss alternatives to any audit recommendations in the report.
The meeting also provides the auditor an opportunity to make any necessary edits prior
to issuing the formal audit report.
The formal audit report or memorandum will be issued to the client subsequent to the
exit meeting. The client will have 2 weeks (or other mutually agreeable time frame)
in which to prepare a formal response to the audit report. The response should be
forwarded to the auditor and will serve as the client's corrective action plan. The
audit report and client response will be packaged with a cover letter from the Director
of Internal Audit addressed to the client's immediate supervisor, with additional
copies to other appropriate University personnel. Should any audit issues not be satisfactorily
resolved via the client's corrective action plan, the auditor will follow these issues
through with the client until a satisfactory resolution has been established.
- We're on the same team!! Cooperation on the part of the client and auditor are essential to a successful audit. In conducting
routine audits, our purpose is to identify potential opportunities for improvement
which are in the best interests of both the University and the area being audited.
- Acceptance of responsibility for creating and maintaining a good system of internal control over the activities
(financial and non-financial) occurring within your organization. Establishment of
a good system of internal control (and accountability for the lack thereof) is the
responsibility of department and executive management, not the auditors. We will assist
in identifying potential exposure areas and provide suggestions and recommendations
as to how you might rectify these situations if and when they exist.
- A current organization chart of your area of responsibility. This and other information will assist the auditor
in gaining an understanding of your administrative structure, nature of your operations
and familiarity with your employees.
Policy/Procedure manual (if available) We encourage all departments to maintain a
current policy/procedure manual. In addition to assisting the auditor in understanding
your operation more thoroughly, a well-documented policy/procedure manual will guide
new as well as veteran employees regarding the established and approved methods of
- Temporary work space for the auditor(s) within reasonable proximity to the office staff and records. Since
many of the original documents and records we will need to examine are located at
the local department level, the auditor(s) will need a temporary work area with adequate
space and lighting. The amount of time needed for the auditors to be physically present
at your location will vary from audit to audit. We will attempt to perform as much
of the audit as possible from our office so as to minimize any disruption of your
- Access to all employees and pertinent records. The Audit Department is authorized to have access to any and all University employees
and records which may reasonably be necessary in the course of conducting our audits.
The auditor's analysis of your operation may require that several of your employees
at various levels be asked to explain in detail how they perform their jobs. In addition
to examining hard copy records, it may be necessary for the auditor to make photocopies,
and/or obtain samples, of key documents for our files. Regarding computerized records,
our access authority is "Read Only." The confidentiality of records reviewed during
the course of the audit (i.e.: payroll data, student transcripts, etc.) will be maintained
by the auditor(s).
- An honest and candid appraisal of the audit process at the conclusion of the audit. As stated earlier, the department head of the area
being audited will be provided with a Customer Satisfaction Survey. Each member of
the audit staff has been professionally trained in the practice of internal auditing.
They are expected to abide by the professional standards and ethics established by
the Institute of Internal Auditors as well as our own departmental standards. Your
objective answers and constructive comments on the survey form will assist us in evaluating
and improving the effectiveness of our program.
We do occasionally have the unfortunate task of conducting investigations of alleged
fraudulent activity. However, largely due to the honesty of individual, hard-working
employees, combined with sound internal control processes, the occasions for such
investigations have been relatively few. In these cases, all of the resources of the
Department of Internal Audit, executive management, selected CSU offices as deemed
appropriate, legal counsel and the criminal justice system are used, as necessary,
to bring the matter to its appropriate conclusion. While those who may be the subject
of a fraud investigation can expect that no stone will be left unturned in our pursuit
of evidence, the majority of our "clients" can expect a friendly, cooperative and
courteous appraisal of their operations. If you become aware, or suspect, that potentially
fraudulent activity is taking place anywhere, involving CSU faculty, staff, or students,
we urge you to contact us immediately. Please read CSU's policy on fraudulent activities
for more information.