University of Alberta

Audit Process

Audit Selection

Audit projects are selected based on a formal risk-based planning process lined to the University’s enterprise-wide risk management process.  The Board Audit Committee approves the projects.  The process is designed to ensure audit resources are allocated to areas where a review would benefit the University.

To accommodate requests that are received throughout the year, a percentage of resources are left unallocated. To request audit involvement please contact our office. These requests are typically made through the Vice President, Dean, Director, Chair, or other senior administrator.

 

Conducting an Audit

An audit is normally conducted in four phases, during each stage in the audit process staff from the units involved will have the opportunity to participate. The process works best when management and Internal Audit have a solid working relationship based on clear and continuing communication.  If there are any concerns about the process, clients are encouraged to direct the concerns to the auditors or the University Auditor, Internal Audit Services.

The following briefly outlines the process phases:

Audit Planning

  • An approach letter outlining the preliminary objectives and scope of the review is sent to the responsible Vice-President or senior manager.
     
  • An entrance meeting is held to introduce the audit team and outline the preliminary objectives.
  • More detailed information regarding the area is gathered (through interviews, documentation review and research) to develop an engagement plan and terms of reference for the project.
     
  • Terms of reference, outlining key elements of the audit project, is sent to senior management for endorsement.

 

Audit Fieldwork

  • Fieldwork concentrates on gathering the information necessary to assess the adequacy and effectiveness of controls, risk management and governance processes. 
  • Auditors typically gather information through this phase by talking with staff, reviewing procedures and business processes, and conducting tests to meet the objectives of the audit.
  • The fieldwork stage concludes with a list of significant findings from which the auditor will prepare a draft of the audit report.
  • In the conduct of their work, Internal Audit Services staff members are authorized to have unrestricted access to all functions, records, property, and personnel.

 

 Audit Reporting

  • An exit conference is held with senior management of the area under review to outline the audit findings and ensure all relevant facts were considered.
  • An audit report is drafted and include the major recommendations.  Recommendations that do not address significant risks will be dealt with less formally through a management letter.
  • The draft report is provided to senior management for fact validation.  Once a response is received, a second draft will be provided soliciting management’s plans to address the recommendations (for inclusion in the final report).  Meetings will be scheduled as required to facilitate this process.
  • Once the report is finalized, it is distributed to senior management and the Office of the Auditor General of Alberta.
  • An overview of reports is provided to the Board Audit Committee.

 

Audit Follow-up

  • Once the audit is completed, Internal Audit Services periodically requests an update on progress made in implementing recommendations. 
  • In certain instances, it may be necessary to revisit the area to ascertain whether the corrective action taken is achieving the desired results. 
  • Reports of follow-up activity are provided to the Board Audit Committee.