Getting Audited


Each audit is unique and can take from weeks to several months to complete depending on the objectives and complexity of the review. Once your department or function has been selected for audit, your audit will follow four general stages: Planning, Fieldwork, Audit Report and Follow-up.   If you are selected for an audit the following will generally be the process:


I.                 The Audit is announced through an engagement letter

Internal Audit notifies the President and area to be audited, in writing

II.                Entrance Conference

An Entrance Conference will be held with the client prior to our beginning actual audit fieldwork. Participants in this meeting will include appropriate management representatives as well as other relevant personnel that have knowledge of the process or department being reviewed. Management may identify specific personnel with knowledge of the area under review who should participate in the Entrance Conference. During the Entrance Conference the auditor and client will discuss:

  • Objective and Scope of the review
  • Timing of the audit
  • Contact persons/departments
  • Management Concerns
  • Current Practices

If you have particular questions or concerns you would like us to review during the audit, you can raise these at the entrance conference, so we can adjust our program to include these areas.

III.             Planning

During the planning phase, the auditor establishes the detailed audit program and procedures that will be conducted during the scheduled engagement. Audit procedures are designed to meet the audit objective and scope established for the review.

The auditor obtains a general understanding of the department or process being audited. Typical audit planning activity includes:

  • Review of existing policies, procedures, applicable regulations and laws.
  • Discussion with Financial Operations, Office of the General Counsel or other relevant areas.
  • Obtaining background or historical information regarding organizational and/or departmental performance
  • Analysis of potential risks
  • Communication with the client.

During the planning phase audit staff may utilize questionnaires, surveys or other tools to obtain an understanding of existing procedures and/or controls.

IV.             Fieldwork

During audit fieldwork, auditors will collect, analyze, interpret and document policies, procedures and transactions within an organizational unit. Auditors will perform their work in accordance with the audit program. It should be noted that during the course of fieldwork, internal control weaknesses may be identified that fall outside the original objective and scope of the review. Internal Audit is responsible to report these issues to management to ensure their appropriate disposition and resolution.

Auditors will perform their work in an efficient manner that minimizes department interruptions. Meetings will be scheduled in advance, when possible, and requests for information will be provided to management to facilitate the timely and orderly collection of data.

Interim meetings and updates will be provided throughout the audit to communicate the progress of the audit as well as observations to date. Departmental personnel will have the opportunity to provide input regarding observations and recommendations during the review.

V.           Exit Conference is held.

After the conclusion of fieldwork a preliminary exit conference is held to discuss the audit findings and the suggested recommendations.  After this meeting, the auditor completes work paper documentation and prepares a draft of the audit report.  This draft is provided to the department for review, and a final exit meeting is scheduled to discuss the report and the findings. Internal Auditing requests that the responsible management official provide a written response to each recommendation, to state whether or not the department agrees with the recommendations, the plans for implementation, including a timeline, and any other information to explain the issues.

VI.         Report

The Internal Auditing Department publishes the final audit report with management responses.  The report is addressed to the President of the institution with copies of the report distributed to the Board of Governors of the Colorado State University System Audit Committee, department officials and others responsible for findings and recommendations in the report, the University’s audit liaison, and any other officials deemed appropriate by the Internal Auditing Department.

VII.           A follow-up Review is Conducted

Internal Audit will conduct follow-up procedures to ensure corrective measures have been implemented in a timely and effective manner. Follow-up procedures are generally performed 6 months after the publication of the report, or based on the target date for implementation.. A summary of open audit recommendations is provided to the Board of Governors on a periodic basis.