Skip to Main Content
Mobile Menu

Preparing for an Audit

What the Auditors Will Need from You

  • Cooperation on the part of the client and auditor are essential to a successful audit. In conducting routine audits, our purpose is to identify opportunities for improvement, which are in the best interests of both the University and the area being audited.
  • Accept responsibility for creating and maintaining a good system of internal control over the activities (financial and non-financial) occurring within your organization. Establishment of a good system of internal control (and accountability for the lack thereof) is the responsibility of department and executive management, not the auditors. We will assist in identifying potential exposure areas and provide suggestions and recommendations as to how you might rectify these situations if and when they exist.
  • Assemble appropriate and current background information about your unit that you think might help us in gaining an understanding of your administrative structure, nature of your operations, and knowledge of employee roles and responsibilities. As a general guide, our work is focused upon the aims and objectives identified in your strategic plan so copies of the plan will be helpful. Other information might typically include any key procedures or policies, organization charts, and financial information such as budgets and sample management reports. Copies of these documents are particularly helpful although we recognize that many parts of the University now hold such information on their web sites. Where this is the case, providing the relevant site address is useful for us. In addition to assisting the auditor in understanding your operation more thoroughly, a well-documented strategic plan, policy/procedure manual, etc. will guide new as well as veteran employees regarding the established and approved methods of doing business.
  • If your area has been audited in the past by IAAS, it is worth reviewing the last audit report. A standard feature of our approach is to review the progress of past recommendations. It is also useful if you can make us aware of, or provide us with the information of any other reviews or inspections that have taken place in your unit.
  • Temporary workspace for the auditor(s) within reasonable proximity to the office staff and records. Since many of the original documents and records we will need to examine are located at the local department level, the auditor(s) will need a temporary work area with adequate space and lighting. The amount of time needed for the auditors to be physically present at your location will vary from audit to audit. We will attempt to perform as much of the audit as possible from our office so as to minimize any disruption of your operations.
  • Identify an audit contact person who can act as a liaison person to work with us. This member of staff should be responsible for ensuring that we have access to records and files or any other resources we need to complete our reviews as well as directing us to the appropriate colleagues who can help us complete specific areas of our review. This officer normally acts as our main point of contact as the audit progresses so that we can continue to keep you informed of how the work is going. Contact officers often find it useful to schedule meetings with us periodically throughout the audit to stay in touch with how we are progressing. We have found that this is a good way to facilitate communication, resolve issues on a timely basis, and correct any misunderstandings.
  • Access to all employees and pertinent records. As stated in the Internal Audit and Advisory Services Charter, IAAS is authorized to have access to any and all Boise State University employees and records, which may reasonably be necessary in the course of conducting our audits. The auditor’s analysis of your operation may require that several of your employees at various levels be asked to explain in detail how they perform their jobs. In addition to examining hard copy records, it may be necessary for the auditor to make photocopies, and/or obtain samples, of key documents for our files. Regarding computerized records, our access authority is “Read Only.” The confidentiality of records reviewed during the course of the audit (i.e. payroll data, student transcripts, etc.) will be maintained by the auditor(s).
  • Prior to starting an audit we hold an entrance conference with you to identify the scope of the audit. This meeting covers the key areas of service and provision for your unit within the context of any strategic plans that you may have. At the entrance conference, you may want to consider which staff should be present. We often find it helpful to meet with departmental staff prior to commencement of the audit to provide us with an overview of the unit’s work.
  • Tell your staff about the audit. As part of our planning, we provide an engagement letter that outlines in broad terms the work that we will be doing. Most units find it useful to distribute a copy of the engagement letter to their staff so that they know to expect us to be around the unit and have an idea of the type of work we will be undertaking. It also helps those staff that we need to contact to identify the sort of records and information that they need to have available when we meet with them.
  • An honest and candid appraisal of the audit process at the conclusion of the audit. As stated earlier, the department head of the area being audited will be provided with a Client Engagement Evaluation Form. Each member of the audit staff has been professionally trained in the practice of internal auditing. They are expected to abide by the professional standards and ethics established by the Institute of Internal Auditors as well as our own departmental standards. Your objective answers and constructive comments on the survey form will assist us in evaluating and improving the effectiveness of our program.
  • Please note that these are only general steps recommended to prepare for an audit. We recognize that specific steps and information requests that are unique to your unit will be identified and communicated to you as part of the initial contact and planning with us.
  • Finally, please ask us if you have any doubts or queries about the work that we will be doing or are planning to do.

Fraud Investigations

We do occasionally have the unfortunate task of conducting investigations of alleged fraudulent activity. However, largely due to the honesty of individual, hard-working employees, combined with sound internal control processes, the occasions for such investigations have been relatively few. In these cases, all of the resources of Internal Audit and Advisory Services, executive management, selected Boise State offices as deemed appropriate, legal council and the criminal justice system are used, as necessary, to bring the matter to its appropriate conclusion. While those who may be the subject of a fraud investigation can expect that no stone will be left unturned in our pursuit of evidence, the majority of our “clients” can expect a friendly, cooperative and courteous appraisal of their operations. If you become aware, or suspect, that potentially fraudulent activity is taking place anywhere, involving Boise State University faculty, staff, or students, we urge you to contact the University Compliance Office immediately.

The following are a few questions you may wish to ponder in preparation for an audit:

  1. What are the (key) objectives of your unit? How are these relevant to the identified objectives of the University Strategic Plan and Unit Strategic/Business/Annual Plan?
  2. Describe the regulatory environment for your school/unit. In particular, are there any laws, rules or regulations that you know you specifically have to work within? This can also include specific University policies for the area concerned. What are the consequences of not complying with these requirements?
  3. What information do you draw upon, and what records do you maintain to help you manage your unit? Detail the types of information used, their sources, and how you ensure that it is accurate, meaningful, and reliable. How effective are they in helping the unit manage the other aspects of its work?
  4. How do you ensure that your processes and activities remain effective, efficient, and economical? Do you review your unit on a regular basis to secure improvements in operations and cost?
  5. What are the key assets and resources that you use for the successful operation of your unit? How do you safeguard your investment in them and ensure that they are employed for optimum use?
  6. How would you measure the success of your unit?
  7. What are the factors that could potentially help you achieve your objectives?
  8. What are the factors that could potentially prevent you from achieving your objectives?
  9. How would you describe your unit’s attitude/approach towards risk?
  10. What are the key challenges and changes facing your school/unit over: The next year? The next three years? How do they relate to the University’s strategic plan? How do you intend to address them?
  11. If you had additional resources, how would you use them?
  12. What is the worst thing that could happen in your unit?