A typical project includes the following three stages:
PLANNING
- Obtain an understanding of operations through background research and discussions with area/function lead
- Risk Assessment and preliminary questionnaire
- Introductory meeting with area leadership
- Establishment of audit objectives
FIELDWORK
- Identification of audit tests that will achieve objectives
- Data analysis and document review
- Interviews with staff and stakeholders within the area and across the institution
- Benchmarking of processes with best practice and comparable functions/institutions
- Preliminary observations discussed with key contacts to ensure accuracy
REPORTING AND POST-REPORT
- Evidence-based areas of moderate to high risk communicated electronically to area leadership for development of action plans and related timelines
- Lower risk items highlighted via discussion (for information only)
- High level Executive Summary issued to senior leadership and Audit Committee
Action plans developed by management to address highlighted risks are followed up until their implementation, with progress reported to Audit Committee and senior leadership semi annually.