Internal Audit Office Audit Procedures

Step 1. Notification of Audit Given

• notice given to auditee prior to commencement of audit
• notification can be in writing, by phone or email

Step 2. Audit Plan

• pre-audit research performed including prior audit reports and best practice research
• preliminary risk assessment completed and used as the basis of the audit program
• purpose and scope defined and approved by Director, Internal Audit

Step 3. Entry Interview & Service Agreement

At the entry interview the auditee is given a copy of the service agreement. The service agreement contains details of the scope and perceived risk areas and key dates. After discussion with the auditee details listed on the service agreement can be amended to ensure both parties are in agreement. The Service Agreement also includes information on Internal Audits reporting procedures.

Step 4. Fieldwork

• work on the audit program is commenced
• during the fieldwork the auditee is kept informed on the progress of the audit

Step 5. Reporting

• a preliminary report is issued/discussed at the exit interview with the auditee;
• the preliminary report requires a response within ten working days; and
• on receiving the signed response to the preliminary report a final report including the executive summary is prepared and sent to the auditee's supervisor.

Step 6. Follow-up review

• where recommendations have been made timeframes for implementation must be provided to audit in line with the Protocol document.
• Audit must be advised once recommendations have been put into place with progress reports to the Director, Internal Audit.
• A follow-up review of all substantive matters (medium-high risks) will be performed.
• Findings of follow-up reviews are reported to Audit and Risk Committee where recommendations are found not to have been implemented.