Audit Selection Process
How Internal Audit Determines What Types of Reviews to Perform
In the Internal Audit Department, we take a risk based approach to our planning process to ensure that we cover areas of operational significance to Western. The planning process is an interactive undertaking with senior leaders at the University and is used to develop a long-term four-year plan approved by the Audit Committee of the Board of Governors. In order to do this we go through the following process:
University Wide Risk Assessment
- Identify major risks which could impact Western achieving its strategic objectives
- Used as the basic input in the development of the Risk and Assurance Framework
Risk and Assurance Framework
Inventory of Major Activities at Western
Units - Ancillary, Academic Support, Student Support
Assess Inherent Risk
- Identify risk factors
- Assign scores & calculate total scores
- Rank based on score (high, medium, low risk)
Assess Effort / Outcome
- Evaluate potential effort required to complete review (high, medium, low)
- Evaluate potential outcome of review (high, medium, low)
- Rank processes and units based on risk, outcome and effort
- Review with senior leaders
Assess Internal Audit Approach
- Consider the potential role for Internal Audit
- Consider existing monitoring and / or assurance activities provided by other internal or external resources
- Identify audit review types
Develop Four-Year Internal Audit Plan
- Prioritize audit plan based
- Consider Internal Audit Resources available
- Assign projects by year
Develop Annual Work Plan
- Select projects from Four-Year Internal Audit Work Plan
- Add Information Technology, Advisory and Investigation components
- Present to the Audit Committee for approval
Working with Internal Audit
Western’s Internal Audit team plays different roles as auditors, accountants, advisors, analysts and administrators. In these roles, our activities are directed towards supporting Western’s leaders to achieve operational goals and providing assurance to senior leaders and the Audit Committee that we have processes to identify, control, and report on areas of significant risk to the University. We do this by looking at how things have been done in the past and using this information to make improvements that focus on the future. We are working towards changing the way people view the word “auditors”.
In the past, this word may have conjured fear in people’s minds. Our experience shows that most client who may have been initially fearful about their operations being reviewed have been surprised to find that we welcome their input and participation in the audit process and that we are there to assist them to find ways to work smarter rather than harder. The audit process is most effective, when you as our client are actively involved in the entire audit process and help us to understand what is most important to you.
The Audit Process
The following is a high level summary of the different steps our department goes through during the audit process. Your participation during each one of the steps will help ensure that we are most effective in helping you to meet your goals and objectives.
- Initial Meeting – Meeting between Internal Audit and department leaders to discuss the process, direction and scope of the audit.
- Field Work – This will be performed by Internal Audit which involves taking time to understand your unit’s functions and activities. This process also involves the testing and analysis of your unit’s activities. The results are used as the source of input into the audit report. Again it is an interactive process between Internal Audit and your unit’s staff.
- Exit Meeting – Another meeting between unit leaders and Internal Audit to discuss the general results of the review. Depending on the type of review, recommendations may be documented in an audit report and leaders will be asked to respond with a plan of action.
- Final Report – Based on the three previous steps, a final report will be completed summarizing the results of the review and may include recommendations and responses. The report will be provided to key administrative members and a summary report is provided to the Audit Committee.
- Follow-up –To track the progress of implementing recommendations, a follow-up review may be scheduled.