> Commission Home > Our Departments > Central Administrative Services > Office of Internal Audit > The Audit Process
The Audit Process
The audit process is generally a ten-step procedure. Click through the steps to learn more about the process.
The management of the area to be audited receives an announcement letter summarizing the scope and objective of the audit and the auditor(s) assigned to the project. This letter signals the start of the Fieldwork Phase of the audit.
Before the opening meeting the in-charge auditor will take the necessary steps to learn about your facility/unit. The in-charge auditor may send you a preliminary checklist. This is a list of documents (e.g., organization charts, financial statements, etc.) that will help the auditor learn about your unit. After reviewing the information, the auditor will plan the review, draft an audit plan, and schedule an opening meeting.
3. Opening Meeting
The opening meeting should include senior management and any administrative staff that may be involved in the audit. During this meeting, the scope of the audit will be discussed. You will also be asked to identify key risk areas within your area. The time frame of the audit will be determined, and you should discuss any potential timing issues (e.g., vacations, deadlines) that could impact the audit. It doesn't take as much of your time as you might expect!
After the opening meeting, the auditor will finalize the audit plan and begin fieldwork. Fieldwork typically consists of talking with staff, reviewing procedure manuals, learning about your business processes, testing for compliance with applicable Commission policies and procedures and laws and regulations, and assessing the adequacy of internal controls. You should tell your staff that the auditor will be scheduling meetings with them.
Throughout the process, the auditor will keep you informed, and you will have an opportunity to discuss issues noted and possible solutions.
After the fieldwork is completed, the auditor will draft a report. The report consists of several sections and includes: the distribution list, the follow-up date, a general overview of your facility/unit, the scope of the audit, the overall conclusion, and detailed commentary describing the findings and recommended solutions. You should read the draft report carefully to make sure there are no errors. If you find a mistake, inform the auditor right away so that it can be corrected before the final report is issued.
7. Closing Meeting/Exit Conference
A closing meeting will be held so that everyone can discuss the audit report. This is an opportunity to discuss how the audit went and any remaining issues.
8. Management Response
Once the report is finalized, we will request your management responses. The response consists of three components: whether you agree or disagree with the problem; your action plan to correct the problem; and the expected completion date. Your response will be incorporated into the final audit report.
The OIA is required to send all final audit reports to the Audit Committee and to the Commission’s Chair and Vice-Chair along with management’s complete written response received in connection with the draft audit report. The OIA will also provide a copy of the final audit report to each Appointed Officer of the M-NCPPC and the affected Department Director(s).
Follow-up reviews are performed on an issue-by-issue basis and typically occur shortly after the expected completion date, so that agreed-upon corrective actions can be implemented. The purpose of the follow-up is to verify that you have implemented the agreed-upon corrective actions. The auditor will interview staff, perform tests, or review new procedures to perform the verification. You will then receive a letter from the auditor indicating whether you have satisfactorily corrected all problems or whether further actions are necessary.