Internal Audit banner

The Audit Process

Click the icon to find out how you can report suspected fraud, waste and abuse to the Louisiana Legislative Auditor.

Before the Audit

Risk Assessment

A risk assessment is the identification and analysis of relevant risks associated with the achievement of objectives.  Annually, Internal Audit considers an assessment of risks in conjunction of the annual audit plan. This assessment is informal in nature and is prepared with input from management, risks identified at other universities, and current economic concerns. The risk assessment forms the basis for the annual audit plan.

 Annual Audit Plan

The annual audit plan includes audits required by University policy, by UL System policy or requests, management requests, and those areas identified during the risk assessment process as having higher exposure to risks. The audit plan outlines the projects for the fiscal year, including the audit objectives, type of audit, and budget hours allocated to each project.  The plan is approved by the University President and the Board of Supervisors of the UL System.  Deviations from the annual plan require the President's approval.

 Types of Audits

  • Operational Audits examine if the use of University's resources are being used effectively and efficiently. An operational audit includes elements of compliance, financial and electronic data processing audits.
  • Financial Audits examine accounting and reporting financial transactions, authorizations, and receipt and disbursement of funds to determine there are sufficient controls over cash and cash-like assets and there are adequate controls over the acquisition and use of resources.
  • Compliance Audits determine if the University is in compliance with state and federal laws and regulations, with UL System policies and procedures, with grants and other contractual agreements, and applicable University policies.
  • Internal Control Reviews focus on the components of the University's major business activities, including grants and contracts, physical security, inventory and equipment, payroll and benefits, and cash handling.
  • Investigative Audits are performed when necessary.  These audits focus on alleged civil or criminal violations of state, federal or university polices and procedures that may result in prosecution or disciplinary action.
  • Information Systems Audits examine if internal control operations of automated information processing systems and how people use those system. Generally these audits evaluate input, output, and processing controls; backup and recovery plan; and system security.
  • Follow-up Audits are conducted after an internal or external audit report has been issued.  It is performed to determine if sufficient corrective action has been implemented relative to the original report.

During the Audit

Planning

During the planning stage of an audit, the auditor reviews prior audit reports issued for the area or department, applicable polices and procedures, laws and regulations and other relevant information. It is during this stage that the scope of work is determined and an audit program is developed to meet the objectives of the audit.

Notification/Entrance Conference

Departments or areas selected for audit will be notified in most cases, by e-mail.  This notification will include the purpose, objectives and scope of the audit of department under review.  There are cases in which the department may not be notified prior to audit, due to the nature of the audit (impromptu cash counts or investigations of alleged improper activity).  An entrance conference may or may not be scheduled. Basically it will depend on; if the nature of the audit warrants a physical meeting or a meeting is requested by upper management.

Fieldwork

During this stage, the auditor identifies, examines, and collects sufficient and reliable data to accomplish the scope and objectives of the audit. The auditor communicates and discusses any opportunities identified with management and the appropriate personnel.

Draft Audit Report/Exit Conference

Once the fieldwork is completed, a draft report is prepared.  The draft report communicates to management and the appropriate personnel the results of the audit process and recommendations.  The report accompanies a notification, generally by e-mail, stating that fieldwork has been completed and management's response to any identified opportunities for improvement or observations is requested.  An exit conference may or may not be scheduled. In most cases, it will depend on; if the nature of the results warrants a physical meeting or a meeting is requested by upper management.

After the Audit

Final Report and Distribution

Management responses are incorporated into the draft report to produce the final report.  The final report is distributed to the President, the President's Cabinet, the System Director of the UL System, and the audited department's administration and management.

Follow Up Report

The follow-up process is to determine if management has implemented the corrective action as indicated in management's response in the initial audit report.  The follow-up report is due to the University of Louisiana System approximately six months after the final report.