Annual audit plan
University Audit and Advisory Services performs financial, operational, compliance and IT audits according to the Annual Audit Plan. The Internal Audit Review Board and the Arizona Board of Regents Audit Committee approve the plan.
The plan is determined by the Annual Risk Assessment and defined audit cycle. Audit planning is completed annually based on the risk classification and last audit date of each area. Audit scheduling is based on multiple factors such as the audit client's schedule, university initiatives and availability of university audit resources.
The Internal Audit Plan evaluates risk exposures and effectiveness of control activities related to ASU's governance, operations and information systems regarding the:
- compliance with laws, regulation and contracts
- effectiveness and efficiency of operations
- reliability and integrity of financial and operational information
- safeguarding of assets
|Factors considered in the risk assessment process|
|Adequacy of internal controls||Level of external oversight|
|Changes to the environment||Likelihood of control failure|
|Financial impact of control failure||Management oversight|
|Human Resources||Operations and complexity|
|Legal and regulatory exposure||Significance|
Internal Audit Process and Methodology
Approximately two weeks before a review, an audit announcement is sent to Senior Leadership stating the audit objectives and scope.
The standard audit process includes the following phases: