Internal Audit Services at Toronto Metropolitan University recognizes the importance of a collaborative and constructive working relationship throughout the audit process. Our objective is to have your continued involvement at every stage so you understand what Internal Audit Services is doing and why, while trying to minimize disruption of your daily activities.
Stages of an audit
A typical audit is comprised of the following stages:
Internal Audit Services will reach out to provide notice of an upcoming audit, identifying general expectations and objectives as well as a key contact who will perform the next steps in the process.
An introductory meeting is scheduled to discuss:
- an outline of what to expect in terms of the process, timeline and any deliverables;
- any particular concerns you would like reviewed in the audit process that could generate important insights or advice; and
- any questions or concerns that may impact the audit process or scope.
At this point, Internal Audit Services may request detailed documentation that will help formulate the procedures to be followed by audit staff during the course of the audit.
The fieldwork involves reviewing information gathered in the planning stage. If needed, Internal Audit Services will investigate further to assess the adequacy and effectiveness of internal controls, risk management and governance processes. We accomplish this through a number of different approaches:
- Gaining an understanding of the activity, system or process under review.
- Assessing compliance with any applicable university policies and procedures and how risks are managed.
- Observing aspects of operations that are relevant to the activity, system or process.
- Meeting with key personnel involved in, or responsible for oversight of, the areas of review.
- Examining or confirming existence of assets.
- Analyzing financial data and other operational records and information.
- Reviewing systems of internal control and identifying gaps and weaknesses in the control environment.
- Evaluating and drawing conclusions on the adequacy, reliability and effectiveness of internal controls.
- Conducting compliance and substantive testing.
- Assessing whether appropriate action has been taken in regard to management action plans resulting from prior audits (if applicable).
The product of the Internal Audit Services review is a final report which provides an opinion, outlines the scope of the review, details findings of the audit and discusses recommendations for possible enhancements or improvements. There are various stages that occur during the reporting phase:
- Compilation of a draft report of findings and recommendations. The draft report is issued only to unit leaders and for discussion purposes only.
- A meeting is held between unit leaders and Internal Audit Services to discuss the findings and recommendations, and to begin the process of assisting management in establishing an action plan to address audit recommendations.
- Unit leaders provide a formal written response to each of the recommendations contained in the draft report, indicating how and when the recommendations will be addressed. This written response is incorporated into the final version of the report.
- The final audit report is shared with unit leaders and copies are distributed to the president, vice-president(s), chief financial officer and the university’s external auditors.
- A high-level summary is provided to the Audit Committee on a triannual basis.
Internal Audit Services conducts follow-ups with unit leaders to determine progress made on addressing audit recommendations and to issue a summary report on the status of the report recommendations.