Responsibilities
- Perform reviews for all ASU System operations and programs to ascertain whether university resources are employed efficiently and effectively, and results of operations are consistent and aligned with the university’s goal and objectives.
- Perform reviews and evaluations of the university’s system of internal controls to ensure controls are adequate.
- Determine compliance with relevant state and federal regulations and generally accepted accounting principles.
- Provide management advisory services and perform audits and reviews as requested by management.
- Follow up to ascertain that appropriate action is taken on reported issues.
- Coordinate audit planning and scheduling activities with the external auditors.
Risk Assessment
Risk assessment is the identification and analysis of risks to the achievement of the university’s established objectives. The risk assessment model utilized by Internal Audit weighs each departmental area on the basis of four (4) business risks and produces a relative risk factor. Some risk factors considered when prioritizing audits include the complexity and size of the operation, personnel turnover, and results of previous audits.
Audit Plan
Audits with the highest risk factor are given the highest priority when developing the audit plan to ensure Internal Audit’s resources are allocated appropriately. Specific requests by Administration and Legislative Audit may also impact the plan. Some areas require more frequent audit or review, while others may only need to be reviewed every few years. The audit plan is updated annually and reviewed with the ASU system president, trustee audit liaison, and executive vice president.
Audit Process
Unless unusual circumstances or the audit objectives necessitate a “surprise audit,” management of the area being reviewed is contacted in advance to discuss the timing, scope, and objectives of the audit. For most reviews, the audit process consists of four phases: Planning, Fieldwork, Audit Report, and Follow-up Review.
Audit Phases
(1) Planning
All departments selected for a review will be officially notified in writing of the tentative date of the audit, except in the case of a "surprise audit." An entrance conference is held with the departmental management to discuss the general objectives of the review. Fieldwork is scheduled and any special managerial concerns that need to be addressed may be defined at this time. An Internal Control Questionnaire is completed to assist the auditor in reviewing the department's internal control structure. The results of this review are utilized to evaluate the adequacy of controls and to determine the type of tests performed in the fieldwork stage.
(2) Fieldwork
During the fieldwork, Internal Audit performs the actual review of departmental procedures and controls. Interviews may be conducted with key personnel and other employees to obtain an understanding of the department’s operations. Significant operational processes will be identified and reviewed for efficiency and effectiveness during this process. Compliance testing of departmental records may also be performed. Internal Audit makes every effort to consider employee workloads to avoid any conflicts with deadlines. Upon completion of the fieldwork, any audit findings and the action to be taken is summarized and discussed with management.
Our Goal: No surprises.
(3) Audit Report
The review is culminated with a formal report that includes the scope and objectives of the review, the significant issues identified, and related recommendations for improvement. The report is first issued in draft form to departmental management only. An exit conference is then scheduled to discuss the report and to verify that it is factual and complete. After the conference, any necessary revisions, as well as management’s responses, are incorporated into the report. The final report is then distributed to the board of trustees, ASU system president, executive vice president, chancellor, vice chancellor for the division, departmental management, and other appropriate personnel.
After our report has been presented to the board of trustees, any documents, notes, draft reports that are a part of our Audit working papers are open to public inspection. In some cases, that may include the identities of those individuals that we interview. Please be assured that it is the goal of Internal Audit to gather facts, identify areas that need improvement and present recommendations to the system president and board of trustees. Your participation in this process is both encouraged and appreciated by the leadership of the ASU System.
(4) Follow-up Review
Internal Audit will follow up on outstanding issues on a quarterly basis to ensure that the action plans have been implemented in a timely manner and to keep executive management informed.
Feedback to Us
Within one week of issuing the final report, an e-mail request is sent to the departmental director to complete a Client Evaluation form located at:
https://forms.office.com/r/fzzP7fvenZ?origin=lprLink
These evaluations help the Internal Audit staff determine areas for improvement in our operations and procedures. The online audit evaluation is automatically returned to Internal Audit upon completion.