Risk Assessment
AMAS completes an annual risk assessment to identify potential events that may negatively impact individuals, assets, and/or the environment. The risk assessment process includes a review of business processes, emerging risks in higher education and healthcare, data analysis, internal and external reports, senior management discussions, and regulatory changes. An audit plan is created identifying the areas to be audited and submitted to the Joint Audit and Compliance Committee (JACC) for review and approval. AMAS monitors and evaluates risks throughout the year and adjusts the audit plan, as necessary.
Audit Notification
AMAS emails the auditee of the area to be audited and applicable senior leadership that an audit will be performed. The email notification details the preliminary objectives of the audit, scope of the audit and period to be audited.
Planning
AMAS reviews relevant policies, procedures, regulations and systems. This step allows AMAS to identify additional risks.
Audit Kickoff Meeting
AMAS meets with the auditee to discuss the initial audit objectives, scope and timing. At this meeting, AMAS will request contact names, confirm the relevant policies and procedures, and other information that will assist AMAS in completing the audit. Also, subsequent steps and setting the expectations for AMAS and the auditee will also be discussed. Every attempt to minimize any disruptions of regular departmental routines and to avoid seasonal busy periods will be made.
Fieldwork
AMAS interviews key personnel, observes procedures, and examines supporting documentation to gain an understanding of, and perform a preliminary evaluation of, the design of business process and internal controls. AMAS develops the audit testing program and performs detailed testing of transactions and processes to assess business process and internal controls, verify compliance with existing policies and external regulations, and introduce efficiencies. The audit team also provides regular audit status updates to the auditee.
Communicating Results
AMAS discusses throughout the audit the findings identified in the audit, such as potential control weaknesses and policy violations, with the auditee to obtain agreement on the facts. If further review and discussion determine that the finding is valid, the finding will be documented in the draft audit report. At the completion of the fieldwork, the draft audit report will be sent to the auditee in preparation of the exit meeting.
Audit Closing Meeting
AMAS meets with the auditee to discuss the findings and recommendations included in the draft report and subsequent steps in the audit process. The auditee reviews the draft audit report for completeness and accuracy. Subsequent to the meeting, AMAS amends the draft report as needed and forwards the draft report to the auditee for corrective actions and anticipated completion dates.
Audit Conclusion
AMAS incorporates the corrective actions into a final draft audit report. AMAS forwards the final draft audit report to the auditee and senior leadership of the audited area. AMAS discusses the final draft audit report with the President and the Senior Leadership Team. AMAS presents the final draft audit report to the JACC. AMAS issues a final report once accepted by the JACC.
Follow-up
Auditees report progress on status of corrective actions via Pentana, a web-based audit management tool. AMAS tracks the status of the corrective actions in Pentana until implemented. AMAS reports the status of audit recommendations to the Senior Leadership Team and the JACC.