Auditing FAQs
What is Internal Auditing?
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
How or why is an area selected for audit?
The process of deciding what to audit is based on a logical sequence as detailed below:
Identify areas of risk – The Office of Internal Audits conducts an annual risk assessment. Information is compiled on key processes representing both financial and operational activities critical to South Texas College. The list of key processes is dynamic and subject to modification. Risk values are assigned to individual processes based on an analysis of risk factors associated with the process. Risk factors include:
- Financial value;
- Public image;
- Process complexity;
- Asset liquidity;
- Regulatory guidelines;
- Process stability;
- Technology initiatives.
Based on the risk values assigned to each of the processes and input from the Board of Trustees and the President, a proposed audit plan is developed for the current fiscal year. The proposed audit plan is presented to the Finance, Audit, and Human Resources Committee for their review and approval. Throughout the year the Internal Auditor will review and adjust the plan as necessary, in response to changes in the College’s business, risks, operations, programs, systems, and controls. All deviations from the approved audit plan is communicated and approved by the Finance, Audit, and Human Resources Committee prior to being finalized.
To view a flowchart of how audit projects are selected, see Risk-Based Audit Plan Development Flowchart.
Are there different types of audits?
Yes, see Audit Types.
What steps are involved in the audit process?
A typical operational audit would include the following phases:
- Planning – During this phase of the audit, background information on the area to be audited is obtained from a number of sources in order to learn as much as possible about the area. Applicable policies, procedures, laws, and regulations are reviewed. Any prior audits of the area are also reviewed. Preliminary employee interviews are conducted. Internal control questionnaires are distributed and an audit plan (e.g. audit program or engagement program) detailing fieldwork procedures is developed.
- Fieldwork – This phase of the audit may include additional employee interviews and testing controls. Adequate, sufficient audit evidence is acquired to support the auditor’s findings which ultimately make up the audit report. Appropriate managers are kept informed of any findings as the audit progresses.
- Report – Once the fieldwork phase is completed, a draft audit report is written and includes the audit procedures performed, findings and observations, and any recommendations for improvement.
See Audit Process for more information or detail on the overall audit process.