Audit Plan & Process

FY2018 APPROVED AUDIT PLAN PROJECTS:
  • Clinical Data Security Management Review (PII)
  • PeopleSoft Financials User Access/SOD Review
  • Data Management Analysis
  • Retention of CWRU ID's and Email Accounts
  • Accounts Payable Analysis
  • Affiliate Relationships
  • Employee and Vendor Match Review
  • Executive T&E and PCard Review
  • Grant Management Process Review
  • Limited Scope Departmental and Cash Handling Reviews
  • PCI Compliance Review
  • HR Process Overview
  • Steward Report
  • Dental School Medicaid Patient Review
  • Third Party Vendor Relationship Review

Audit Plan

The Case Western Reserve’s Board of Trustees and management place assets at risk to achieve established priorities and goals. A key function of the Office of Internal Audit Services is to understand, audit, and report to management and the Board of Trustees how that risk is being managed. Knowing what areas to audit and where to commit resources is an integral part of managing the internal audit function.

To identify areas of potential risk, each year the Office of Internal Audit Services performs a thorough risk assessment of all university management centers, operating units, and significant departments. From this assessment, an Audit Plan is developed and presented to the Audit Committee for approval.

The plan addresses high-risk areas as well as allocates time for special ad-hoc projects. In intervening years, the risk assessment is updated through data analysis and interviews with senior executives across the university. If necessary, the audit plan is adjusted for any changes to the university's risk assessment.

We believe that the university is best served if the Audit Plan is a dynamic document that continually adjusts to changes in the environment. Therefore, if your management center or department has a need for our services, please contact us.

Depending on the relative risk associated to your need and the amount of time necessary to fulfill your request, the Office of Internal Audit Services will communicate what level of assistance we will be able to provide. At a minimum, we will be available to offer guidance and advice throughout any project you perform on your own.

In most cases, expect to receive notification when you or your department is to be audited.

  • Expect to understand the audit's purpose and objective
  • Expect to provide your ideas or concerns regarding the audit
  • Expect to be treated with respect and courtesy
  • Expect to be asked for various financial and department documentation; some may be confidential
  • Expect confidential information to remain confidential
  • Expect to answer all questions honestly
  • Expect to receive a draft copy of the Final Audit Report prior to its release

Preparing for an Audit

  • Have all requested materials/records ready when requested
  • Organize files so we minimize disruption of your day
  • Provide complete files
  • Please make yourself available during the time of the audit and communicate any planned absences
  • Provide work space for auditors if requested

Audit Process

Step 1: Planning

The auditor will review prior audits in your area and professional literature. The auditor will also research applicable policies and statutes and prepare a basic audit program to follow.

Step 2: Notification

The Office of Internal Audit Services will notify the appropriate department or department personnel regarding the upcoming audit and its purpose, at which time an opening meeting will be scheduled.

Step 3: Opening Meeting

This meeting will include management and any administrative personnel involved in the audit. The audit's purpose and objective will be discussed as well as the audit program. The audit program may be adjusted based on information obtained during this meeting.

Step 4: Fieldwork

This step includes the testing to be performed as well as interviews with appropriate department personnel.

Step 5: Report Drafting

After the fieldwork is completed, a report is drafted. The report includes such areas as the objective and scope of the audit, relevant background, and the findings and recommendations for correction or improvement.

Step 6: Management Response

A draft audit report will be submitted to the management of the audited area for their review and responses to the recommendations. Management responses should include their action plan for correction.

Step 7: Closing Meeting

This meeting is held with department management. The audit report and management responses will be reviewed and discussed. This is the time for questions and clarifications. Results of other audit procedures not discussed in the final report will be communicated at this meeting.

Step 8: Final Audit Report Distribution

After the closing meeting, the final audit report with management responses is distributed to department personnel involved in the audit, the President, Provost, and Chief Financial Officer, and CWRU’s external accounting firm.

Step 9: Follow-up

Approximately six months after the audit report is issued, the Office of Internal Audit Services will perform a follow-up review. The purpose of this review is to conclude whether or not the corrective actions were implemented.