The document outlines the standard audit process and procedures for an internal audit department. It describes the 8 main steps of an audit: 1) announcement and planning, 2) entrance meeting, 3) preliminary survey, 4) fieldwork, 5) exit meeting, 6) draft report, 7) final report, and 8) follow up. It also provides details on preparing an annual audit plan, communicating the plan, conducting planning and notification, performing fieldwork, reporting results, and evaluating and following up on audits. The purpose is to ensure audits are properly planned, executed, and followed up in a consistent manner.

1. HOME
ABOUT
ADMISSIONS
ACADEMICS
ATHLETICS
STUDENT LIFE
Tuesday July 17, 2012
Undergraduate
|
Graduate
|
International
Internal Audit
Internal Audit Menu Internal Audit Home Internal Audit Charter Yearly Risk Assessment
Internal Audit Process Advisory Services Fiscal Misconduct Policy and Q&A FAQ USG, State,
and Other Quick Links Internship Program Ethics and Reporting Hotline or Call: (877) 516-3432
Audit Process
1. The audit is announced through an engagement letter.
Internal Audit notifies the unit in writing when his or her area is selected for an audit.
This document, which is referred to as an engagement letter, indicates general objectives
of the audit, the projected time frame of the audit and information the client will need to
supply.
2. An entrance conference is scheduled.
An entrance conference is scheduled with the unit head to discuss the purpose, scope, and
process of the audit. The Internal Auditor attends the entrance conference with personnel

2. deemed appropriate by the unit head. Attendees are encouraged to present any questions
or concerns they have about the audit. Unit heads may request that a specific function or
area of their office be examined during the review or in future work.
3. A preliminary survey is performed.
During this portion of the audit, the Internal Auditor will gain an understanding of the
unit's business, procedures, objectives, size, etc. Written policies and procedures,
organizational charts, related forms and job descriptions enable the auditor to plan the
audit tests to be performed and to become familiar with the unit's operations. Internal
controls are reviewed and documented during this portion of the audit.
4. Fieldwork is conducted.
This phase of the audit includes testing the internal controls and performing other audit
procedures necessary to accomplish the objectives of the audit. The unit head is notified
of any potential audit observations and recommendations through status meetings.
5. Exit Conference is held.
An exit conference is scheduled for the last day of fieldwork. The Internal Auditor
presents a summary of observations and gathers cause statements from management.
Further, it is an opportunity to discuss the audit observations and clarify any ambiguities.
6. A draft audit report is completed.
Internal Audit's goal is to complete the audit and issue a draft audit report within 30 days
after the completion of fieldwork. The draft audit report is prepared from the summary of
observations presented at the exit conference. A written response to the draft report is
required within 3 weeks of receiving the draft report. Management's responses must
include the unit's plan for corrective action, the name and title of the person responsible
for implementing the corrective action and the date by which the action will be
implemented.
7. The final report is issued.
The final report is issued to the unit head, appropriate supervisors, the University
President, and the Chief Audit Officer and Associate Vice Chancellor at the Board of
Regents.
8. A follow-up review is conducted.
The unit head is expected to notify the Internal Auditor within 90 days of report issue
upon implementing audit recommendations or other adequate controls, as justified. The
Internal Auditor will review implemented corrective actions and clear audit observations.
The Internal Auditor will submit a quarterly status report with new and open observations
to the Chief Business Officer, University President, and Associate Vice Chancellor for
Internal Audits.
Contact Info:
Office of Internal Audit and Advisory Services
300E Parks Hall

3. Campus Box 105
Milledgeville, GA 31061
Phone (478) 445-1549
Fax (478) 445-2049
Julia.Hann@gcsu.edu
Standard Operating Procedures
1. Prepare Annual Internal Audit Plan
2. Communicate Annual Internal Audit Plan
3. Conduct Internal Audit Planning and Notification
4. Perform Audit Fieldwork
5. Report Results
6. Wrap-up Audit
7. Review Final Report
8. Disseminate Report
9. Evaluate and Follow Up
Outlined below are the procedures that will normally be followed when conducting an audit at
Stockton College and the College's Foundation. Note that these procedures may not be followed
for special projects requested by the Audit & Governance Committee or the College's
management.
1. Prepare an Annual Audit Plan
In cooperation with the senior management, perform the following:
Conduct a preliminary risk assessment session utilizing a facilitated group interview.
Gather top management input on the preliminary risk assessment.
Prepare a Draft Annual Audit Plan based upon the results of the risk assessment process.
Obtain the formal approval of the Audit & Governance Committee of the Board of
Trustees.

4. This plan will be subject to semi-annual reviews to ensure that the focus continues to be on the
higher risk areas, given changes in the College's operating environment. In addition, the need to
conduct special requested projects from the Audit & Governance Committee and senior
management may also require the deferral of planned audits.
2. Communicate Annual Internal Audit Plan
Distribute the Annual Audit Plan to senior management.
Keep senior management informed of any changes to the Annual Audit Plan.
Ensure that appropriate senior management is informed at least a month prior to each
planned audit.
Note that special requested projects require different procedures involving little or no
notification to involved management.
3. Conduct Internal Audit Planning and Notification
Contact department management at least two weeks in advance of scheduled audit date to
discuss risk considerations that led to the audit being on the annual plan, expected scope
of the audit, and current management concerns.
Develop preliminary audit program outlining anticipated scope, risk assessment,
procedures and schedule.
Schedule an Entrance Meeting with department management and staff, and other
stakeholders as appropriate, to go over and finalize the audit program, obtain documents,
schedule interviews and communicate expected audit completion date.
4. Perform Audit Fieldwork
Carry out fieldwork as indicated in the audit program.
Obtain cooperation from the line management and department staff as necessary to
identify, obtain documentation and conduct interviews, etc.
Conduct fieldwork with minimal disruption to department operations; for example,
whenever possible, obtain information from central sources rather than from
departmental staff or line management.
5. Report Results
In general, share important and sensitive findings with responsible managers immediately
upon verification by the auditor; short memo reports may be used in this process.
Prepare a first draft final report and discuss it with responsible managers immediately
following the fieldwork.

5. 6. Wrap-up Audit
Schedule an Exit Meeting after responsible managers have received the first draft report;
this meeting will provide the opportunity for responsible managers to discuss findings,
conclusions, and recommendations with the auditor.
During or immediately after the Exit Meeting, ask responsible managers to provide their
responses to the auditor's findings and recommendations, either in writing or in sufficient
detail for the auditors to capture them and reduce them to writing in the final draft report.
7. Review Final Report
Send final draft report to responsible managers and discuss suggested changes. After
processing changes, issue the final report to the distribution indicated on the cover of the
final draft.
Note: All reports will contain an executive summary which summarizes the primary
observations, management responses, and auditor's conclusion.
8. Disseminate Report
Provide the full report to members of the Audit & Governance Committee, the
President, the CFO and the department heads in the area being reported. Provide the
Controller with copies of any reports with financial system findings. Provide to the
Provost and Dean of each academic department when appropriate.
9. Evaluate and Follow Up
At the completion of each audit, the auditor will send an evaluation survey form to the
primary clients of the audit. This form should be completed and returned to the Office of
Internal Audit, in order to ensure continuous improvement of these procedures and the
internal audit function.
Approximately six months following completion of each audit, the auditor will conduct a
follow-up review to verify the completion of agreed-upon management actions and
ascertain the status of open recommendations. A follow-up report will be generated
annually for distribution to senior management and members of the Audit & Governance
Committee.

6. CONNECTING WHAT MATTERS
Doing What's Right Program
This Is Your University
If you have a concern regarding unethical or illegal activity, speak up. Discuss any concerns
with the appropriate supervisory personnel.
Ethics and Reporting Hotline:
(877) 516-3432 or
http://www.gcsu.alertline.com
DISABILITY ACCESS
|
GC JOBS
|
myCATS
|
DIRECTORY
|
ADMINISTRATION
|
MEDIA
|
GIVING

7. A-Z Sitewide Index
About the site
Georgia College • 231 W. Hancock St. • Milledgeville, GA 31061 • 1-800-342-0471 ; 478-445-
5004 • admissions@gcsu.edu
Internal audits provide a number of important services to company management. These include
detecting and preventing fraud, testing internal control, and monitoring compliance with
company policy and government regulation. Smaller companies may require these functions
even more than large companies. A small business simply cannot afford employee fraud, waste,
or a government fine. Establishing an internal audit function provides a vital step in the growth
of a small business.
Sponsored Link
Virtual Offices Kolkata
Special Offer - 50% Off! Get a Virtual Office in Kolkata.
Regus.co.in/SpecialOffer
Fraud
Small businesses lose millions of dollars every year to employee theft. Types of fraud committed
by employees include skimming payments from customers, check tampering, cash theft and
misuse of company credit cards, and improper payroll transactions. Many small-business owners
may believe they lack the staff to create an internal audit policy or carry out audits to combat
these problems. However, even with a small staff, a small business may create a program for
monitoring employees and their behavior. An announced policy of internally auditing financial
transactions for fraud may inhibit an employee from misusing company resources.
Monitoring Internal Controls
A formal internal audit policy, even if conducted part time by individuals normally assigned
other duties, performs other tasks besides detecting fraud. Examining policies and procedures on
a regular basis ensures that the company minimizes its exposure to fraud and other losses.
Extension of credit to customers provides one such area of loss prevention. If you have
formulated a policy regarding extension of credit, internal audits test compliance with that
policy. Designing a credit policy with the intention of reducing bad debt does no good if not
followed.

8. Operational Audit
Operational audits examine the practices of a company, rather than its finances. Is your business
operating at maximum efficiency? Ineffective operations add to overhead without increasing
profit. An operational audit may reveal these inefficiencies or point to unnecessary paperwork. Is
your business following applicable regulations? Finding out you do not comply with a
government regulation before the government discovers that fact avoids fines or other legal
actions. A rapidly expanding business needs to monitor compliance with human resource laws as
new employees join the company. Internal audit performs a vital service in reviewing these
functions.
Planning Your Internal Audit
Your small business likely cannot afford to create an internal audit department, but with careful
planning, you can create a system for checking up on your company and its employees. This less
formal system, using people you already have, can still provide the information you need to
improve your operations and financial controls. Such an internal audit requires two people
working as a team. This avoids personality conflicts and prevents the auditor from simply
checking his own work. It also provides an opportunity for the team members to discuss results
and prepare an objective report to ownership. An informal process helps employees understand
that the internal audit function provides an opportunity for the company to thrive and grow.
INTERNAL AUDITI PROCEDURE AND TECHNIQUE
During the internal audit proess the director may employ one or ,ore audit techniques. Such
techinques inclued but are not limited to:
(1) Observation and Inquiry
The director may observe the operation of any University function, activity,
department, or unit. The Direcctor mau also make reasonalble inquiries of any
University employee in attempting to carry out the internal audit process.
(2) Analysis and review
a principal means bu which the Director administers the University’s internal
audit funcction is through ;careful analysis and critical review kof both financial
and operatin data. In some cases this will be accomplished through the
comparison of current balances with those from prior perids. Another common
technique which may be utilized while performin analysis and review activities is
the breakdown of individual account into their most refined detail so the unusual
or significant items are m,ore likely to be highlighted and thus slected for further
review. Other techniques may be kused as jnecessary to accomplish an
appropriate level of analytical review during the internal audit process.

9. (3)Inspection
At his discretion, the Director shall have the authority to inspect physical assets, documents, and
other evdence supporting relevant data of the auditee under review. This process is usually
accomplished by verification of transactions employing the following basic audit techniques;
Vouching - this is the verification lof entries klby comaring them to lthe oringinal documents on
which they are based. This technique helps ensure the accuracy, genuineness, validity, or truth of
the entries under review.
Recompuitation – This is the process of recalculating selected calculations todetermine their
accuracy. In appluing the techinque an auditee’s footings, adding machine tapes, and spreadheets
shall never be assumed to be correct.
Physical Examination and Count – this technique may be used to substantiate the reliability of
the records under examintion. In applying this technique, the Director shall’(1) identify what kid
beingg examied, (2) determine the existence of the items being examined, (111)deremine the
condition of the items being examined; and (4) verify the quantity of the items being examined
(4) Confirming
The validity of items shown on University rrecords may be establidhed by receiving
confirmation directly from a third party in a position to verify the validity of a given item.
Requests for such confirmations must be mailed by the Director and aare tok be accompanied by
a return envelope addressed do:
(5)scanning
This is the klprocess of lquickly but cafrefully scrutinizing a ledger accout, document or any
other record fokr questionable, unusual, or improper items. Scanning will be used in the internal
audit kprocess whenever it is derermined fthat this process has a reasonable chance of adding
value.