Skip to main content Skip to main content

Internal Audit Standard Operating Procedures

 

Outlined below are the procedures that will normally be followed for conducting internal audits at Metropolitan State College of Denver. These procedures may not be followed for certain special projects requested by the Finance Committee of the Board of Trustees and the College President, during financial irregularity audits, and during other special circumstances.

 

1. CONDUCT ENTERPRISE-WIDE RISK MANAGEMENT ASSESSMENT

  • In cooperation with senior management and department management, conduct a preliminary risk assessment utilizing a facilitated interview process and appropriate internal control risk evaluation questionnaires and surveys.

  • Gather senior management and department management input, as appropriate, on the preliminary enterprise-wide risk assessment.

 

2. PREPARE ANNUAL INTERNAL AUDIT PLAN

  • Prepare a Draft Annual Internal Audit Unit Plan based upon the results of the enterprise-wide risk assessment process.

  • Obtain comments and formal approval of the Annual Internal Audit Unit Plan from the Finance Committee of the Board of Trustees and the College President.

  • This plan will be subject to periodic review to ensure that it continually focuses on the College’s higher risk areas, which may change from time to time. Of course, the need to conduct reviews or audits of alleged irregularities or special projects for the Finance Committee of the Board of Trustees and the College President may require the deferral of planned audits.

 

3. COMMUNICATE ANNUAL INTERNAL AUDIT PLAN

  • After formal approval by the Finance Committee of the Board of Trustees and the College President, distribute the Annual Internal Audit Unit Plan to senior management and select department management.

  • Keep senior managers and appropriate department managers informed of any changes to the Annual Internal Audit Unit Plan.

  • Ensure that appropriate senior managers or department managers are informed at least two weeks prior to each regularly scheduled audit.

Notwithstanding the foregoing, it is important to note that reviews of alleged irregularities or special projects for the Finance Committee of the Board of Trustees and the College President may require different procedures involving little or no notification to those involved.

 

4. CONDUCT INTERNAL AUDIT PLANNING AND NOTIFICATION

  • Meet with senior management and/or department management before the beginning of every scheduled audit to discuss the risk considerations that led to the audit being included in the Annual Internal Audit Unit Plan, the expected scope of the audit, and current management concerns.

  • Hold an Opening Conference with senior management or department management and staff, and other stakeholders, as appropriate, to go over the audit plan, obtain documents, schedule interviews, and shape expectations for audit deliverables.

 

5. PERFORM AUDIT FIELDWORK

  • Carry out fieldwork as indicated in the Annual Internal Audit Unit Plan.

  • Obtain cooperation from senior management, department management, and department staff, as necessary, in identifying and obtaining documentation, conducting interviews, etcetera.

  • Whenever practical, conduct fieldwork with minimal disruption to department operations.

 

6. REPORT RESULTS

  • In general, share important and sensitive findings with senior management and/or department management, as appropriate, immediately upon verification; memorandums and/or e-mails may be used to facilitate this process.

  • Immediately following the fieldwork, prepare a First Draft Final Audit Report and discuss it with senior management and/or department management, as appropriate.

 

7. CONCLUDE AUDIT

  • Schedule a Closing Conference after senior management and/or department management, as appropriate, has received the First Draft Final Audit Report; this conference will provide an opportunity for management to discuss findings, conclusions, and recommendations with the Internal Auditor.

  • During or immediately after the Closing Conference, ask senior management and/or department management to provide their responses to the Internal Auditor’s findings and recommendations in writing.

 

8. REVIEW FINAL AUDIT REPORT

  • Send the Final Draft Audit Report to senior management and/or department management and discuss suggested changes with the appropriate level of management.

  • After processing changes, issue the Final Audit report to the distribution list indicated on the cover of the Final Draft Audit report.

Note: All Final Audit Reports will contain an executive summary which encapsulates the primary observations, management responses, and the Internal Auditor’s conclusions.

 

9. DISSEMINATE FINAL AUDIT REPORTS

  • Provide the Finance Committee of the Board of Trustees and the College President with periodic summaries of audit findings as well as complete copies of all Final Audit Reports.

  • Provide senior management and/or department management, as appropriate, with relevant audit findings and Final Audit Reports.

 

10. EVALUATE AND FOLLOW-UP

  • At the completion of each audit, the Internal Auditor will send an evaluation survey form to the primary clients of the audit. These should be completed and returned to the Internal Auditor within two weeks in order to ensure continuous improvement of internal audit procedures and the internal audit function.

  • Approximately six months following completion of each audit, the Internal Auditor will conduct a follow-up review to verify the completion of agreed-upon management actions and ascertain the status of any open recommendations. A follow-up report will be generated annually for distribution to the Finance Committee, the President, and other members of senior management which may be appropriate.

Adopted by the Finance Committee of the Board of Trustees & the College President, January 26, 2006