Policies and Procedures

Professional Development

The Director is responsible for the Office’s professional development as required by the professional standards. The Office will pay for professional organization memberships, such as the American Institute of Certified Public Accountants (AICPA) and the Institute of Internal Auditors (IIA), at the discretion of the Director.

Office Security

The Office is secured and monitored externally.

Risk Assessment

The Office performs risk assessments in accordance with the professional standards.

Annual Work Plan

The Director asks the Committee on Audit and Compliance and senior management for projects to include in the Annual Work Plan. The Director develops a draft Plan based on these requests, the risk assessment, and the Director’s judgment. The draft is presented to the Committee on Audit & Compliance and the full Board for review and approval. The Director will evaluate subsequent requests in light of the risk assessment and judgment.

Engagement Letter

Use an engagement letter only when necessary. The initial contact is crucial, so please be clear, concise, and friendly.

Entrance Conference

Explain who we are and that we work for the Board of Visitors. Explain the audit process: risk, the Annual Work Plan, field work, draft reports, final reports, and final report distribution. Ensure the manager knows he/she will see the draft report first. Ask if we may help evaluate operations for compliance, efficiency, or in any other way.

During the Audit

Develop a good professional relationship with the manager and staff such that they are comfortable contacting you for advice or to discuss a problem.

Audit Documentation

Audit documentation must conform to the professional standards. Auditors should consider the current documentation conventions defined by the Director while documenting work, but are not restricted to them - innovation is encouraged.  All audit work documentation must be in electronic form, using the audit program as a “hub” to reference and link supporting documentation.  All documentation is reviewed by the Director.

Reports and Memos

Reports are used when there are significant findings; memos are used when there are not. Distribute the same report to all parties - from the manager to the Board. Distribute memos as you and the Director think appropriate. Include positive comments in reports and memos.

Quality Assurance and Improvement (QAI) Program

External assessments should be conducted in accordance with the professional standards by qualified, independent, and external reviewers. Results will be communicated to the Committee on Audit and Compliance and senior administrators. Internal assessments should be conducted in accordance with the professional standards. Deviation from the professional standards must be reported to the Committee on Audit and Compliance and senior administrators.