Frequently Asked Questions
The following will answer some of the questions frequently asked regarding the audit process.
University Auditing and Advisory Services reports to the President of Georgia State University and has a direct reporting relationship to the Chief Audit Officer and Associate Vice Chancellor at the Board of Regents of the University System of Georgia.
It depends on the results of the audit risk assessment and intervening priorities. Based also on audit resources available, a rolling audit plan is maintained and reviewed/approved by the Board of Regents via the Chief Audit Officer and Associate Vice Chancellor.
University Auditing and Advisory Services must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with university goals. We take into account the university’s risk management framework and other input from senior management and the board. We review and adjust the plan, as necessary, in response to changes in the university’s risks, operations, programs, systems, and controls.
It depends on the depth and scope of the engagement. Generally speaking, internal audits will take between 1 to 2 months. Large-scale projects often take considerably longer, and management is kept informed of reasons and progress. Those being audited should make known any negative impact on their operations of the timing of internal audit activity.
Internal audit reports are distributed to the applicable department head and applicable executive management, always including the president, provost, and chief audit officer and associate vice chancellor. Outside auditors sometimes request and receive copies of our audit reports.
An opening conference is held to explain and answer questions about the audit process, gather information, finalize the scope and objectives, and establish a cooperative working relationship with management. During fieldwork, the auditors gain an understanding of operations under review, assess the internal control structure, and perform detailed testing to verify compliance with policies and regulatory standards. Communication during the audit includes alerting management promptly of apparently adverse issues and discussing them with management to assure fairness and accuracy in presentation. The draft audit report goes to management for review and comment prior to publication. Active discussion and interaction with management prior to issuing the final report, including a closing conference unless declined, is standard protocol. The final report, including management responses to issues, serves as the final product of the audit process.
Be honest and open; understand that University Auditing and Advisory Services does serve to assist management. Participate in the planning process and discussions. Identify key contact personnel. Share information to assist auditors in performing an efficient review thereby minimizing disruptions in operations. Voice your opinions regarding areas of weakness, issues of concern, or suggestions for improvement.