Audit Process
What to Expect During an Audit
If you find yourself on the receiving end of an internal audit project (i.e. an audit or review), knowing what to expect may ease your mind.
The process flow includes four stages.
Stage 1: Planning Stage
- Complete a pre-planning meeting with key process owners to define the scope and objectives of the project
- Issue a formal scope and notification document to the audit client
- Perform interviews of audit client personnel to gain an understanding of the processes
- Request documents for testing
- Document internal control risks
Stage 2: Execution Stage
- Collect, analyze and document the audit client’s process and procedures
- Review, by the audit client, process narratives
- Perform substantive tests (audits only) based on documented internal control risks
Stage 3: Reporting Stage
- Draft a report, including all findings
- Perform an exit conference with audit client to discuss findings and determine acceptance of recommendations or acceptance of risk
- Distribute the agreed-upon report to the President
- Issue the report to the chairperson of the Finance & Budget Committee and the Board of Regents (audits only)
Stage 4: Follow-Up Stage
- Provide feedback to Internal Audit in an annual survey to help us improve our processes
- Respond to inquiries from Internal Audit regarding the status of agreed up action items in the completed audit
How to Prepare for an Audit
Many people dread the thought of going through an audit, but the overwhelmingly negative connotation is largely undeserved. Contrary to popular belief, audits are not intended to elicit terror. Instead, audits are designed to improve the efficiency and security of major processes and actually strengthen confidence in the department leaders. Think of the audit as an invaluable tool to improve your department.
Now that the upcoming audit seems a little less intimidating, let’s discuss the steps department leaders can take to make the audit process a little easier.
- Request cooperation. Notify employees of the upcoming audit and ask for their cooperation in answering questions and demonstrating departmental processes. The more information we have, the more we can help your department.
- Gather important information. Specific information will be reviewed by Internal Audit as a part of the planning process, including a current organizational chart, job descriptions for key personnel, and any other department-specific information that is not readily available on the website. (E.g. newsletters, recent audits from outside regulators, etc.)
- Review departmental policies. Verify that important departmental policies and procedures reflect current practices. If you find that the policies and procedures are outdated, take steps to update them.
Internal Audit exists to add value and improve the operations of the University. We look forward to getting to know you, learning about your processes and strive to help you achieve greater results.
Audit & Management Review Services
Internal Audit offers a variety of services, including full audits and less resource-intensive management reviews. All products will provide opportunities for improvement but audits require agreed upon action plans and are distributed to Board of Regent members. All audit and management review reports are distributed to WKU President's Cabinet members.
Audits are selected based on an annual evaluation of risks in areas across the University. Managers may request audits and/or management reviews to assess specific department processes and procedures, review internal controls or to investigate suspicious activity.
Audit vs. Management Review
Internal Audit Tasks |
Audit |
Management Review |
Interview key personnel to understand risks, controls and processes |
X |
X |
Perform substantive testing to determine effectiveness of controls |
X |
- |
Provide recommendations for improvements in a report |
X |
X |
Document agreed upon action plans in the report |
X |
- |
Distribute completed audit report to the President and the President’s Cabinet members |
X |
X |
Distribute completed audit report to the Board of Regent Members |
X |
- |
Request updates on action plans until complete |
X |
- |
Types of Audits
Most of the engagements completed by WKU Internal Audit are integrated audits and include components of the other audit types, including financial, compliance, operational, information technology, and governance.
- Financial Audits address questions regarding internal controls, accounting, and the propriety of financial transactions. Most audits are integrated and encompass financial, operational, compliance and information technology audits.
- Compliance Audits determine the degree of adherence to laws, regulations, policies, and procedures of the University, the Commonwealth of Kentucky, the federal government, and other regulatory agencies such as the NCAA
- Operational Audits review the use of resources and procedures/practices in the department being audited to determine if goals and objectives are being met in the most effective and efficient manner. A key component of operational audits is to assess the internal control environment of the unit to manage and mitigate inherent risks.
- Information Technology Audits evaluate system procesing controls, data security, physical security, physical security, systems development procedures, contingency planning, and system requirements.
- Consulting and Advisory Services are requested by management, President's Cabinet or Board of Regents members and ecompass a wide range of activities. Examples of consulting and advisory engagements include assessing proposed processes, recommending improvements to existing processes, analyzing controls built into developing systems, etc.
- Special Investigations are performed in response to allegations received by our office through the University's
hotline or other internal and external sources.
- Governance processes relate to the procedures used by an organziation to provide oversight of risk and control processes administered by management. Audits assess how well policies, procedures, and management administer or control the university tomeet the Board of Regents' expectations and the University's mission.
Internal Audit
Wetherby Administration Building - G21
Bowling Green, KY 42101
(270) 745-8799
Some of the links on this page may require additional software to view.