Presentation is loading. Please wait.

Presentation is loading. Please wait.

San Francisco State University

Published byHenry Francis Modified over 7 years ago

Similar presentations

Presentation on theme: "San Francisco State University"— Presentation transcript:

1 San Francisco State University
We Make Great Things Happen

2 Audit Process 101 Preparing for an Audit
San Francisco State University

3 Internal Auditing within the CSU System Introduction
The Agenda Internal Auditing within the CSU System Introduction Report Details Reporting Phase Campus Response Management Agreed Upon Response Process Overview The Audit Process Audit Initiation and Entrance Conference Audit Planning Phase Follow-Up Procedures The Matrix Follow-Up Procedures Submitting Supporting Evidence Fieldwork Testing Phase San Francisco State University Helpful Tips Strategies for Successfully Completing an Audit Exit Conference(s) and Reporting Reporting Phase

4 - The Institute of Internal Auditors
Introduction Types of Audits Auxiliary Organizations – every three years Delegations of Authority – every five years Construction – as needed Special Investigations – as needed Subject Areas – annually; include the following subjects: sensitive data, international programs, financial aid, student health centers, risk managements and insurance, credit cards, athletics administration, police services, lottery funds, contract and grants, facilities management, etc. “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” - The Institute of Internal Auditors The Office of Audit and Advisory Services (OAAS) works with CSU campuses and Office of the Chancellor executive management to identify high-risk areas within the CSU system, and creates an annual audit plan using a risk assessment methodology. OAAS conducts the following audit types: Auxiliary Organizations, Delegations of Authority, Construction, Special Investigations, and Subject Areas. San Francisco State University

5 Understanding CSU Audits
The Audit Process Understanding CSU Audits

6 Process Overview Exit Conference(s) Reporting Initiation Follow-Up
The Audit Process Initiation Audit notification Questionnaire and Request for Documents Request for initial meeting with key staff members Fieldwork Auditor will conduct on site and off site audit testing Exit Conference(s) Informal and/or formal meeting to discuss the auditor’s observations and audit results Reporting Several drafts are crafted with opportunities for the client to review and give feedback Follow-Up Client will communicate to the Vice Chancellor Chief Audit Officer (VCCAO) in writing on the progress of implementing corrective actions Slide represents a basic overview of the audit process. Audit notification - approximately 6 weeks advance notice prior to the start of the audit. An entrance letter is sent to the campus President approximately 2 weeks before the audit start date. SFSU A&AS’s role in the process is to facilitate the audit initiation phase and coordinate the campus response that will appear in the final report. San Francisco State University

7 Audit Initiation and Entrance Conference
Audit Planning Phase Preliminary Survey, Research, and Audit Program Internal Control Questionnaire / Request for Documents (ICQ RFD) Document Review Scope and Objectives are Finalized Entrance Conference Audit Objectives Approx. Time Schedules Primary Contact(s) Auditing Testing/Fieldwork Reporting Process Preliminary Survey, Research, and Audit Program ICQ RFD - Preliminary survey primarily consists of client completion of the internal control questionnaire and document request (ICQ RFD). This survey helps evaluate internal controls related to the recording of business transactions, safeguarding university assets, compliance with university policies, and promotion of operational efficiency. Document Review –could include: prior OAAS audit history, organization/staff chart, policies and procedures, contracts and agreements, and other pertinent data. Scope and Objectives – foundation for building the audit program, an action plan that documents what procedures an auditor will follow to validate that an organization is in conformance with compliance regulations. Within the audit program, audit tests and applicable criteria are identified for each objective. Entrance conferences - typically held at the start of fieldwork on each campus San Francisco State University

8 Fieldwork Fieldwork: Internal Control / Transaction Testing
Testing Phase Fieldwork: Internal Control / Transaction Testing The auditor may perform a variety of audit techniques including: Inspections and observations of processes Interviews and inquiries of personnel Transaction testing of reports, invoices, and other types of records Performance of computations, comparisons, and other types of analysis A Status Meeting will be scheduled during fieldwork to discuss audit progress/challenges, request additional information, or present preliminary findings. Fieldwork –auditors are looking to verify that procedures are or are not being followed and that the level of compliance with internal controls is adequate. Meaning that internal controls described in the preliminary survey stage are actually in place and functioning as intended. Status Meeting – at some point during fieldwork the auditor will schedule a meeting with key staff members San Francisco State University

9 Exit Conference(s) and Reporting
Reporting Phase Informal Exit Preliminary Draft Feedback / Revisions Formal Exit (if desired) Minor Findings Letter* Incomplete Draft Campus Response Final Report Public Report Informal Meeting – opportunity to informally communicate preliminary survey team findings and provide an opportunity for the interchange of information, especially if there are differences of opinion. Preliminary Draft – initial report draft to be reviewed by client and auditor Feedback / Revisions- client provides feedback that impacts the next round of revisions. Advise auditor of any factual errors (provide supporting evidence), misrepresentations, or issues with language and tone of report. Formal Exit – The client has the option to forgo the formal exit conference, or to request scheduling of a formal exit conference to discuss the results. A "Client Satisfaction Survey" will also be given to the client audit contact. Minor Findings Letter - If the client decides to forgo the formal exit conference, he/she may still request minor changes to the audit report, which will be discussed with the relevant audit management and proposed to the vice chancellor and chief audit officer (VCCAO) for approval.  Incomplete Draft - After the formal exit conference or acceptance of option to forgo the formal exit conference, the client will receive a copy of the incomplete draft report and, if needed, a formal report of minor findings.  Campus Response – Final opportunity to provide feedback to observations/audit results. Within 15 days, the client must respond only to the recommendations in the draft report. The 15-day reply period begins on the date the letter and report are submitted to the client. All replies must include a corrective action plan with a time estimate for completion for each finding. Final Report - The responses will be included with the audit report and forwarded to the chancellor with the VCCAO’s recommendation for acceptance. Public Report - Once accepted by the chancellor, a final campus report is posted on the OAAS website.  Notification letters providing a link to the audit reports are sent to the Board of Trustees, California State Auditor, Committee on Higher Education, Joint Legislative Audit Committee, Joint Legislative Budget Committee, Department of Finance, and Legislative Analyst’s Office.  In addition, each of the campus presidents and the CSU Advocacy State Relations department receive s with a link indicating that reports have been posted to the OAAS website. San Francisco State University *Findings determined to be of a minor nature will be removed from the report and included in a letter submitted with a revised report.

10 Exit Conference(s) and Reporting
Reporting Phase Preliminary Draft First draft report sent to the campus for review approximately 4 weeks after fieldwork is concluded. At this stage, revisions can still be made if necessary. The campus has 7 days to provide comments/questions. Feedback / Revisions- Opportunity to advise auditor of any factual errors (provide supporting evidence), misrepresentations, or issues with language and tone of report. Incomplete Draft - After the formal exit conference or acceptance of option to forgo the formal exit conference, the client will receive a copy of the incomplete draft report Campus Response – Final opportunity to provide feedback to observations/audit results. Within 15 days, the client must respond only to the recommendations in the draft report. All replies must include a corrective action plan with a time estimate for completion for each finding. Final Report - The responses will be included with the audit report and forwarded to the chancellor with the VCCAO’s recommendation for acceptance. Incomplete Draft Second draft report sent to the campus. Incorporates any agreed-upon changes. Campus responses are due within 15 days of receipt of the draft. San Francisco State University Final Report Incorporates the campus responses, is ed to the campus President, and is published on the OAAS website.

11 Reporting Details Reporting Phase Audit reports typically include observations, recommendations, responses, and general information. Observation – What is occurring? Recommendation – What should be done? Response – What you will do and when? General Information – Background, scope, criteria, and audit team Observations, Recommendations, and Responses Observations – Also referred to as a finding or condition. Opportunity for improvement supported by facts and test results. Describes what occurred and the significance of the occurrence. Recommendation - Auditor suggestion. Focuses on what needs to be done, not how to do it. Response – Management is required to give a response General Information Background – organizational/department research Scope – Describes what the audit team reviewed and tested, including the time period of the audit focus Criteria – List of laws, regulations, contracts, agreements, best practices, executive orders, board resolutions, policies or procedures, and similar documents or statements by management reviewed during the course of audit work Audit Team – who worked on the audit San Francisco State University

12 Management Agreed Upon Response
Campus Response Management Agreed Upon Response The response should include a .pdf cover letter or memo addressed to the Vice Chancellor and Chief Audit Officer (VC/CAO), be signed by appropriate staff, and indicate the method of submission for follow-up supporting evidence. The body of the response should include: Each recommendation as stated in the audit report. An indication of concurrence and a response (i.e., corrective action plan) for each recommendation. Anticipated implementation date for each response OR a statement of the corrective action that has already been implemented (send supporting evidence separate from the audit response). Signed Cover Letters – Campus Reports – Campus president or vice president of administration and finance (with a c: to the president) Chancellor’s Office (CO) Reports – Responsible vice chancellor for CO audits (with a c: to the executive vice chancellor/chief financial officer) Body of the Response – A Word template of the audit recommendations will be sent via to the designee appointed by the campus president/vice chancellor. The use of the template is strongly encouraged to maintain consistency within all audit reports. Generally, the anticipated implementation date should be within six months from the report date. If the date exceeds six months, special approval is required from the VC/CAO, and the audit manager may contact the campus to obtain an explanation as to the reason for the delay. If an audit response indicated that a recommendation has been completed, the supporting evidence may be sent with the response or uploaded to the campus SharePoint site. San Francisco State University Submit to

13 Management Agreed Upon Response
Campus Response Management Agreed Upon Response The response should include a .pdf cover letter or memo addressed to the Vice Chancellor and Chief Audit Officer (VC/CAO), be signed by appropriate staff, and indicate the method of submission for follow-up supporting evidence. Supporting documentation files should: Be included as attachments to the response or uploaded to the campus SharePoint site under Follow-Up Submissions Include the recommendation number in the name. For example: 1a_Conflict of interest policy 1b_COI 2a_Executed Trust Agreement San Francisco State University Submit to or Campus SharePoint site

14 Management Agreed Upon Response
Campus Response Management Agreed Upon Response OAAS Reviews the response for appropriate signature and completeness of the corrective action plan Campus Receives an whether the response will be forwarded to the VC/CAO for acceptance or the response does not meet expectations. Incorporates the response into a final report draft and posts the report to the OAAS website. Campus president is notified via of the posting and provided a copy of the final report Public The report becomes a public document and is posted to the Status Report on Current and Follow-Up Internal Audit Assignments (Status Report). Campus – If a revised response is needed, the campus will be given one week to provide the revision. The response will not be accepted by the VC/CAO until the OAAS determines that it addresses all required elements. San Francisco State University

15 Follow-Up Procedures The Matrix Audits are added to the “Matrix” that is presented to the audit committee at each Board of Trustees meeting. The matrix is a status report that shows the total number of recommendations and number of recommendations still outstanding for each completed audit. For long outstanding recommendations, the campus president may need to be informed of the reason why in case s/he gets called upon during the meeting to explain. San Francisco State University As the campus completes corrective action for each recommendations in the report and submits proof of this corrective action (follow-up), the matrix is updated. Follow-up submissions are due two weeks before each BOT meeting in order to be processed and included in the matrix presented to the committee.

16 Management Agreed Upon Response
Campus Response Management Agreed Upon Response How to Submit Supporting Evidence The campus can begin to submit follow-up to clear report recommendations once the final report is issued. Supporting evidence should: Only be sent via U.S. Mail or a delivery service Received by the OAAS no later than two weeks before a Board of Trustees meeting for inclusion on the Status Report. Be organized in an easy to follow format The OAAS reviews the supporting evidence and s the campus or CO contact concerning recommendation closure or additional support requirements. The Status Report is updated. San Francisco State University

17 Management Agreed Upon Response
Campus Response Management Agreed Upon Response Submission Content The supporting evidence should clearly demonstrate that the recommendation has been implemented. For example: If the recommendation calls for developing policies and procedures, a copy of the policies and procedures should be submitted. If the recommendation calls for preparation of written and/or trust agreements, copies of the executed agreements should be submitted. The OAAS reviews the supporting evidence and s the campus or CO contact concerning recommendation closure or additional support requirements. The Status Report is updated. San Francisco State University

18 Strategies for Successfully Completing an Audit
Helpful Tips Strategies for Successfully Completing an Audit Review the Internal Control Questionnaire. If the topic has been audited before, review prior audit reports: Assign a primary contact or project coordinator at the start of the audit. Be aware of all audit requirements, deadlines, and suggestions. Don’t hesitate to ask questions! Reviewing the ICQ will give departments a good idea of what areas will be reviewed Primary contact - This person will take the lead in coordinating key people/departments in providing the campus response. San Francisco State University

19 Any Questions?

20 Have questions? Need advice?
Contact Us Have questions? Need advice? San Francisco State University Audit and Advisory Services San Francisco State University 1600 Holloway Avenue Administration Building – RM 258 San Francisco, CA 94132 Phone (415) / Website audit.sfsu.edu

Download ppt "San Francisco State University"

Similar presentations

MONITORING OF SUBGRANTEES

MONITORING OF SUBGRANTEES
Preparation of the Self-Study and Documentation

Preparation of the Self-Study and Documentation
(Individuals with Disabilities Education Improvement Act) and

(Individuals with Disabilities Education Improvement Act) and
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
The key steps in an annual cycle Produce the annual work programme Create an annual Internal Audit plan for approval by the Audit Committee, typically.

The key steps in an annual cycle Produce the annual work programme Create an annual Internal Audit plan for approval by the Audit Committee, typically.
U.S. Department of Veterans Affairs Veterans Health Administration Supportive Services for Veteran Families (SSVF) Program SSVF Grantee Uniform Monitoring.

U.S. Department of Veterans Affairs Veterans Health Administration Supportive Services for Veteran Families (SSVF) Program SSVF Grantee Uniform Monitoring.
How to Prepare for a FTCA Site Visit Office Hours

How to Prepare for a FTCA Site Visit Office Hours
IS Audit Function Knowledge

IS Audit Function Knowledge
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Central Piedmont Community College Internal Audit _____________________________ What to Expect When You Are Audited November 2014.

Central Piedmont Community College Internal Audit _____________________________ What to Expect When You Are Audited November 2014.
The Camp Audit “Keep your friends close and your auditor closer”

The Camp Audit “Keep your friends close and your auditor closer”
ASPEC Internal Auditor Training Version 1.0 2013.

ASPEC Internal Auditor Training Version
Effort Reporting: A Departmental Approach to Meeting Audit Requirements Dianne Valdez, MBA, CIA, CISA, CCSA Enrique Valdez Jr., MBA.

Effort Reporting: A Departmental Approach to Meeting Audit Requirements Dianne Valdez, MBA, CIA, CISA, CCSA Enrique Valdez Jr., MBA.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Wetlands Reserve Program Case Study An Overview of the External Audit Process Helping People Help The Land.

Wetlands Reserve Program Case Study An Overview of the External Audit Process Helping People Help The Land.
Considering Internal Control

Considering Internal Control
22 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Internal and Governmental Financial Auditing and Operational Auditing.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Internal and Governmental Financial Auditing and Operational Auditing.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley 26 - 1 Internal and Governmental Financial Auditing and Operational Auditing.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley Internal and Governmental Financial Auditing and Operational Auditing.
Michelle Groy Johnson Quality Improvement Officer Research Integrity Office Tough Love: Understanding the Purpose and Processes of Quality Assurance.

Michelle Groy Johnson Quality Improvement Officer Research Integrity Office Tough Love: Understanding the Purpose and Processes of Quality Assurance.
© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. Quality Assurance José Viegas Ribeiro IGF, Portugal SIGMA.

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. Quality Assurance José Viegas Ribeiro IGF, Portugal SIGMA.

Similar presentations

Ads by Google