Annual audit plan and process

Annual audit plan

University Audit and Advisory Services performs financial, operational, compliance and IT audits according to the Annual Audit Plan. The Internal Audit Review Board and the Arizona Board of Regents Audit Committee approve the plan. 

The plan is determined by the Annual Risk Assessment and defined audit cycle. Audit planning is completed annually based on the risk classification and last audit date of each area. Audit scheduling is based on multiple factors such as the audit client's schedule, university initiatives and availability of university audit resources.

The Internal Audit Plan evaluates risk exposures and effectiveness of control activities related to ASU's governance, operations and information systems regarding the:

  • compliance with laws, regulations and contracts
  • effectiveness and efficiency of operations
  • reliability and integrity of financial and operational information
  • safeguarding of assets
Factors considered in the risk assessment process
Adequacy of internal controls Level of external oversight
Changes to the environment Likelihood of control failure
Financial impact of control failure Management oversight
Human Resources Operations and complexity
Legal and regulatory exposure Significance

Internal Audit Process and Methodology

Approximately two weeks before a review, an audit announcement is sent to Senior Leadership stating the audit objectives and scope.