Audit Process
Auditing the University
As an independent adviser to Ohio University's (OHIO) administration, the Office of Audit, Risk, and Compliance is charged with providing an independent, objective assessment of University operations to determine if management is taking the necessary steps to provide assurance that resources are managed effectively and in accordance with all applicable rules, regulations, and procedures.
The audit process of the University is a never-ending cycle. It begins in May, with an annual Office of Audit, Risk, and Compliance risk assessment of the University. This consists of interviewing executive officers that may have an opinion on the overall view of the University. A risk analysis is then performed on each department consisting of the level of public and outside influence, personnel and management, technology, the internal control environment, the inherent risk, and the regulatory requirements and materiality.
After reviewing the results of the analysis, an audit plan for the year is put together. This annual audit plan is approved by the Board of Trustees (Board). Input from the Board, University administration, and the Office of Audit, Risk, and Compliance staff is also considered for the annual audit plan.
After the audit process is completed for each of the scheduled departments a follow-up audit is performed the subsequent fiscal year to determine if progress towards corrective actions has been taken. The results of this audit will appear before the Audit Committee to discuss effectiveness of the corrective actions.
Auditing a Department
This is a collaborative process between management and the Office of Audit, Risk, and Compliance. Your involvement is crucial for the success of the audit. You will be informed of the auditor's findings throughout the course of the audit. While we recognize that the audit will involve some of your time, one of our objectives is to avoid disruptions as much as possible. We will be reviewing departmental records, processes, and compliance. The auditor is authorized to have unrestricted access to all property, personnel, and records relevant to the review. This authority is granted by our Office of Audit, Risk, and Compliance charter has been approved by the Board of Trustees. All audits are different but the process generally consists of the following:
1. Notification Letter
The Chief Audit Executive will inform you of the audit through a formal communication.
2. Entrance Conference
The next step is the initial conference where we meet with the organization's manager and any staff members he or she wishes to include. During this meeting, we will discuss the scope and the logistics of conducting the audit. It is important for you to take this opportunity to identify concerns or issues that you would like us to consider.
3. Preliminary Review
Here key personnel are interviewed and departmental policies and other information is reviewed to determine your system of internal controls.
4. Fieldwork
During fieldwork we test that the controls identified in our preliminary work are operating as expected. We generally do this through tracing transactions through your operating processes.
5. Exit Conference
At the conclusion of the audit, we prepare a draft of the audit report which you review before the final report is issued. This report is discussed with your management team during the conference to make certain the recommendations are practical and there are no misunderstandings of facts. We will also discuss the action you plan to take as a result of our recommendations.
6. Final Audit Report
We will incorporate your responses to each of our recommendations in our final report. We request that you state whether you agree with each of the recommendations and include a timeline for corrective action in your response.
At the request of the Audit Committee, all audit reports receive an "Overall Auditor Opinion Rating" of "Well-Controlled", "Well-Controlled with Opportunities for Improvement", "Improvement Needed", or "Major Improvement Needed." This rating is primarily based on the level of monitoring, the effectiveness of controls, and the proportion of significant audit findings.
The Audit Committee expects that recommendations will be made as part of our audit. It also expects that in most cases, corrective action will be taken by the time of the follow-up audit.
Final reports are distributed to relevant departmental administrators. Audit reports are also distributed to the President, Provost, Audit Committee, executive staff, deans, and external auditors.
7. Customer Survey
Once the audit is complete, we will send you customer service surveys which ask you to help us improve our audit process. Please take the time to complete the survey and return it to our office.
8. Follow-up Audit
We will schedule a follow-up audit during the subsequent fiscal year to determine corrective action taken as a result of our prior audit. Follow-up audits are scheduled based on the implementation date of management's response to each recommendation.