The Audit Process
The following are the steps of the audit process, along with the auditee's involvement and responsibilities during each of these steps.
Pre-planning provides a preliminary understanding of the risks, responsibilities and key processes of the operation being audited. Pre-planning is generally completed during the annual audit plan development process or prior to "Audit Kick-off".
During pre-planning, the auditor will meet with the head of the department to gain a general understanding of the scope and scale of your operations. The auditor may also request a site tour or introduction of key staff.
Planning involves developing a detailed understanding of the operation's processes. Planning generally involves face-to-face interviews, sample data extraction and development of a testing plan for fieldwork.
During planning, the auditor may want to interview various employees of the department, shadow them through transactions or ask for a limited amount of data. Employees may also need to assist in providing access to applications or locations.
During fieldwork, transactional or analytical analyses will be performed to determine the adequacy of controls - are things working the way they are intended?
In fieldwork, employees may need to provide the auditor with additional data or answer follow-up questions. If issues are identified, key individuals will work with the auditors to ensure that findings are accurate and needed feedback is timely.
Documentation of any identified findings will be summarized in a report to management. The report will identify those issues requiring resolution.
During the reporting phase, department supervisors and employees will be active participants in ensuring the report is factually accurate, and that issues requiring feedback have well-defined action plans.
The Corrective Action process is the last step of the audit process. It has been established to ensure that identified issues are resolved in a timely manner.
In this step, department supervisors will work with the Director of Auditing to communicate that agreed actions have been completed. Once actions are closed, no further audit action is necessary.