How do audits work

Audits are a collaboration between the Audit Division and your unit. We know that you like to be prepared and informed — so we walk you through the phases of the audit upfront, keep you in the loop as our work unfolds, and preview our results with you. Here are the steps we follow:


Each audit engagement begins with a kickoff meeting to establish the objective and scope for the audit. During the meeting, we discuss any concerns you may have and any processes you’d like us to consider. We also ask you to gather background information that will help us conduct the audit. As the planning phase unfolds, we begin to interview members of your team. At the end of this phase, we issue an engagement letter to reconfirm the objective and scope for the audit and establish guidelines for our testing.


During this phase, we continue our interviews, test compliance with policies, and evaluate processes to see if they’re effective and efficient. You may be asked to provide documentation to support the audit testing. Throughout this phase, we communicate with your unit to keep you informed and discuss any concerns with you as we identify them. 


The results phase includes several steps:

Draft report 

The draft report features a rating for existing processes and recommendations for any process improvements. The draft report goes to your unit for review so that you can comment on and prepare your management action plan. We attempt to balance risks and costs in our recommendations. However, you are not obligated to accept them. A decision to accept risk for the Institute may need to be made by a higher authority.

Management action plan

Administrative leadership develops an action plan to improve processes or address identified problem areas. The plan summarizes what action will be taken, names the individuals who will organize and coordinate management actions and includes a timeline for completion. 

Final report

We issue the final audit report to the appropriate parties on your team and across the Institute. Key stakeholders who receive all of our reports include:

  • Assistant Provost, Office of the Provost
  • Vice President for Finance, Office of the Vice President for Finance
  • Vice President and General Counsel, Office of the General Counsel
  • Institute Risk Officer, Risk Management and Compliance Services
  • In addition, other stakeholders within senior administration receive the report based on the focus of the audit (e.g. Chancellor if students are involved or Vice President for Research if it is about research).

Client survey

After the final report, we send a survey to get your feedback about the audit engagement. Your feedback is important because it helps us improve service delivery and ensure audit quality.


We review the administrative leadership action plan and follow up to see if your team is completing agreed-upon actions effectively. If your unit hasn’t been able to meet its deadlines, we’ll work with you to come up with a reasonable timeline to do so. Please keep in mind that it’s part of our job to bring unfinished actions to the attention of senior management.