The Audit Process
The audit plan is developed through a process known as risk assessment. Risk factors include previous audit results, internal control systems, policy or personnel changes, size, sensitivity, and external audit coverage. Special requests by the Board of Trustees and university management are also considered when scheduling audits. The audit plan, developed at the beginning of each fiscal year and subject to revision, lists areas to be audited. The plan is submitted to the ETSU Board of Trustees and Tennessee Comptroller of the Treasury - Division of State Audit.
Selected departments are notified at the onset of an audit regarding the scope and expected duration of field work. A very important goal of the Department of Internal Audit is to minimize the disruption to the department under audit. The audit is performed by reviewing and observing practices and procedures, examining supporting documentation, and making inquiries of department personnel. Audit results are conveyed in an exit conference.
Following the exit conference, a draft audit report is submitted to management for review and comments. A meeting is scheduled, if desired, to discuss audit findings and recommendations. The report is then submitted to the President of East Tennessee State University who requests written responses to the recommendations from the applicable supervisor. Management's responses are included in the final report. The Tennessee Division of State Audit receives a copy of the final report. A follow-up to management's responses and corrective measures is scheduled approximately 90 days after the final report. The scope of this review will vary and may result in a follow-up report depending on the status of corrective actions.