The audit process is designed to promote the collaboration between the auditor and the auditee in performing the internal auditing function in relation to risk management, corporate governance and internal controls.
Throughout the audit process, the Internal Audit Office (IAO) communicates its observations, findings and recommendations to the auditee(s) and the University’s audit / management committees, as well as other units that might be affected. It is expected that all relevant stakeholders and management participate with the IAO in the process.
Planning
- The IAO performs research on the review topic and sets an initial review objective and scope.
- The IAO holds opening meeting with the auditee to gather more information, agree the review objective, scope and timetable.
- The auditee prepares and provides information to the IAO for its planning of the audit.
- The IAO prepares a planning memorandum with background information, review objective, scope and approach for the IAO Director’s approval.
-Back to image-
Fieldwork
- The IAO enquires the auditee about the internal controls, practices and procedures of its operation(s).
The IAO reviews the related guidelines and procedures of the subject operation(s). The IAO gathers additional information from the auditee for the audit.
- The IAO performs analytical review on the information obtained from the fieldwork and endeavours to substantiate the finding(s) through sample testng. The IAO confirms with the auditee on any finding(s) noted and ascertains the factual details of the preliminary finding(s). The IAO discusses with the auditee on the possible recommendations for the operation(s) and to the management.
-Back to image-
Reporting
- The IAO obtains comment and feedback from the auditee and makes further clarifications (if necessary).
- The IAO sends a draft report to the auditee who is requested to provide with the IAO its written management response within a specified period of time.
- The IAO revises and finalises its report with the inclusion of the management response from the auditee. The IAO issues the final report to the auditee and copies the report to the appropriate level(s) of management.
- The IAO summarises the observations and recommendations from all the internal audit assignments into an annual Summary of Internal Audit Reports. It will be reported to the relevant committees. The IAO categorises the observations from each of the internal audit assignments into critical, major and minor findings for reporting to the Audit Committee.
-Back to image-
Follow-up
- For observations that are categorised as major findings, the IAO will follow them up with the concerned units to ascertain whether remedial actions have been implemented to resolve the issues. The concerned auditees are allowed a reasonable timeframe to implement all the necessary remedial actions before the IAO’s follow-up reviews. A follow-up review will undergo the same process of “Planning”, “Fieldwork” and “Reporting”, whereby the status and degree of implementation of the previous recommendation(s) will be dealt with in the review.
-Back to image-