6.11 Audit Management

Page last updated

Policy Information

Policy Number: 6.11Effective Date: 7/20/2012
Responsible Unit: Financial ManagementLast Revised Date: 12/14/2023
Email: FNSV-Financial-Management@arizona.eduPhone: 520-621-3220

Purpose and Summary

To provide guidance to University personnel whose areas are being audited, to ensure that external audit activities are appropriately coordinated and managed by University personnel, and responses to external audit findings or conclusions are properly implemented in a timely manner.

The University will undergo periodic examinations or audits of fiscal and administrative management to ensure that funds and resources are used and reported in accordance with the appropriate methods prescribed by law, generally accepted accounting principles, and Arizona Board of Regents’ and University rules and regulations. As such, audits are a means of determining whether the activities of operating units are safeguarding the assets of the University, operating efficiently, and overseeing operations in a manner that is consistent with public policy. The objectives of audits are beneficial; therefore, the policy of the University will ensure that administration of external audits will be conducted to achieve these purposes.

Source

Arizona Board of Regents Policy, including but not limited to: 3-104, 3-410, and 6-711.

Arizona Revised Statutes (A.R.S), including but not limited to: A.R.S 15-1661, 41-1279.03 and 41-1279.04.

31 U.S. Code Chapter 75 - Requirements for Single Audits, §7501 - 7506

Title 2 CFR Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards
 

Scope

This policy applies to all University locations and units, including all University extensions, satellite locations, and off-site campus units, both domestic and international.

This policy applies to all audits and reviews performed by external auditors for all University transactions. This includes external audits and reviews at the University level as well as at the college, department, unit, account, or transaction level.

Definitions

  1. Annual Comprehensive Financial Report (ACFR): A financial report prepared at the end of each fiscal year in accordance with generally accepted accounting principles (GAAP) and in conformance with standards of financial reporting as established by the Governmental Accounting Standards Board (GASB).
  2. Audit: An independent and objective appraisal to examine or review the fair presentation of financial statements, economy and efficiency of operations, effectiveness of achieving program results, compliance with laws and regulations and/or the detection of fraudulent activities. For purposes of this policy and procedure, audits include but are not limited to external: reviews, site visits, desk audits, and fraud investigations.
  3. Audit Liaison Official: The Vice President, Financial Services is the administrative officer responsible for all official contact with External Auditors.
  4. Audit Coordinator: The Vice President, Financial Services’ designee who acts on behalf of the Audit Liaison Official and is normally the intermediary contact for the routine management and functioning of external audit activities within the University.
  5. External Auditors: Any auditors or investigators that are not employees of the University. External Auditors include federal, state, local and other outside, independent auditors that audit various University activities and programs at University request, or as required by law, ABOR, grant sponsors, or other external entities.
  6. Internal Auditors: Employees of the University of Arizona Internal Audit Department who conduct independent and objective assurance and audit consulting services within the University.
  7. Single Audit: A required annual audit of the University as a recipient of Federal assistance under 2 CFR 200 Uniform Guidance. The Single Audit is an external audit that examines the University’s federal award transactions, student financial aid transactions, internal controls, and compliance with laws and regulations.

Policy

  1. The University will fully cooperate with and assist External and Internal Auditors whose responsibilities involve examination and confirmation of University transactions.
  2. To help ensure that external audit activity is appropriately coordinated, the Audit Coordinator must be informed of all external audit activity. The Audit Coordinator will ensure an understanding of the objectives and scope of the audit and assist the auditors in achieving legitimate objectives with the least impact on University operations. Notification of internal audits is not required.
  3. On a timely basis, the University will provide External Auditors with access to all records that are relevant to the audit, except those deemed by the University to be legally privileged or protected. Availability of records is subject to University record retention policies.
  4. The President of the University will promptly notify ABOR of any significant issues raised by Internal Auditors, state or federal auditors, or any other audit agency or authority.
  5. The University will prepare and provide an Annual Comprehensive Financial Report (ACFR) to the Arizona Board of Regents’ Audit and Risk Management Committee.

Compliance and Responsibilities

The following is a general outline of the responsibilities of those involved in audits conducted under the scope of this policy and procedure. Due to the unique nature of each audit, the responsibilities listed below may not apply to all audits and some responsibilities may be delegated by the Audit Liaison Official and Audit Coordinator:

Audit Liaison Official

  • Designate an Audit Coordinator.
  • May attend entrance and exit conferences.
  • Review draft audit reports prior to issuance by the external audit entity.
  • Review and approve responses to audit reports prior to submission to the external audit entity.
  • Advise appropriate members of executive management on the status of unresolved audit findings and progress.

Audit Coordinator

  • Monitor all campus external audit activity.
  • Notify University Internal Audit of all external audits.
  • May attend entrance and exit conferences.
  • Attend the final briefing on the draft audit report and review draft audit reports prior to issuance.
  • Coordinate with Sponsored Projects Services (SPS) for audits of sponsored grants and contracts.
  • Facilitate cooperation with External Auditors in the performance of their duties and to avoid duplication of effort.
  • Review the response to audit reports prior to submission to the Audit Liaison Official.
  • Coordinate the distribution of all audit reports.
  • Monitor the implementation status of audit recommendations.

Department Head / Principal Investigator / Business Manager

  • Notify the Audit Coordinator when an external agency wishes to commence an audit, review, site visit, desk audit, fraud investigation, or conduct field work on campus.
  • For audits related to sponsored project accounts, if an auditor contacts you directly, refer them to SPS.
  • Work with the Audit Coordinator and/or SPS for sponsored project related audits, on requests for specific information or to arrange interviews with employees.
  • Forward all draft and final audit reports and responses to the Audit Coordinator or SPS for review.
  • Implement agreed-upon audit recommendations.

All University Employees

  • Be courteous, cooperative, and professional when dealing with the auditors.
  • If you are unsure about how certain information may relate to the audit or have any questions pertaining to the audit, consult with the Audit Coordinator.
  • At any time, if questions arise concerning the conduct of an auditor or if work appears beyond the defined scope of the audit, contact the Audit Coordinator for further instructions.
  • Refrain from providing unrequested information.

Procedures

Types of Audits

Internal Audits

  1. It is not necessary to notify the Audit Coordinator of internal audits conducted by the University of Arizona Internal Audit Department.

Financial Audit Annual Comprehensive Financial Report

  1. Financial Services is responsible for the ACFR and for coordinating and preparing for the audit by the Arizona Auditor General.

Single Audit

  1. Financial Services and SPS work together to coordinate the Single Audit by the Arizona Auditor General.

All Other External Audits

  1. External audits will be coordinated through the Audit Coordinator on behalf of the Audit Liaison Official and through Sponsored Projects Services for audits related to sponsored projects.

Audit Process and Procedures

Although every audit is unique, the audit process is similar for most engagements and normally consists of the following phases:

  1. Notification: The University will receive communication, generally in the form of a letter, informing of an upcoming audit, review, site visit, desk audit, or fraud investigation The initial notification may include a request for documentation.
    1. The Audit Coordinator should be notified when an external audit action is initiated.
    2. For audits related to sponsored project accounts, the auditor should be referred to SPS.
    3. Depending on the circumstances, audit coordination may be delegated to the relevant University administrator.
    4. If an unannounced audit will be conducted, contact the Audit Coordinator. The auditor will be asked to provide written notification to verify his/her authority and scope of the audit.
  2. Entrance Conference: The opening meeting includes management and administrative staff involved in the audit and is an opportunity to discuss the scope of the audit, available resources, and other concerns.
    1. The Audit Liaison Official, Audit Coordinator, and/or a designee may attend the entrance/opening conference to facilitate communication of audit objectives, schedule, and protocol. Attendance may vary depending on the type and scope of the audit.
    2. Availability of records and personnel should be communicated.
  3. Fieldwork: The auditor may interview staff, review procedure manuals and business processes, review statements and records, test compliance, and assess the adequacy of internal controls.
    1. The Audit Coordinator or a designee will schedule audit activities, monitor audit actions and facilitate cooperation with the external auditors.
    2. Units should cooperate with the auditor to the extent requested.
  4. Draft Report: After all fieldwork is completed, the auditor may prepare a draft report that documents objectives, procedures, conclusions, and recommendations.
    1. The auditor will generally brief the appropriate personnel and/or the Audit Coordinator of any recommendations, findings and/or issues noted during the audit. 
    2. The findings, recommendations, and conclusions should be discussed, and any factual or incorrect items clarified. Discrepancies noted by the auditor and subsequently corrected by the unit may still be included in the final report.
    3. The auditor will generally provide the department or administrative unit and/or the Audit Coordinator a draft report to review before a final report is issued. Any disagreements on the items noted in the draft report should be discussed and, if agreement cannot be reached, the Audit Coordinator should be notified.
    4. If items of a serious nature or a repetition of a previous comment requiring corrective action are to be included within an external audit report, the Audit Liaison Official, or SPS for audits of sponsored projects, may review the items with appropriate members of management.
  5. Responses to Audit Reports: The type of response required by the University will vary depending on the specific scope of the audit. The response may include corrective actions to be taken by the University in response to any findings.
    1. The administrative units involved will prepare an initial draft response to any audit finding/problems noted in the draft report, indicating corrective action already taken or under review, and forward the draft response to the Audit Coordinator or designee for review and inclusion in the formal audit response.
    2. The Audit Coordinator, or SPS for audits of sponsored projects, will prepare the formal audit response to the auditors and coordinate the review by the Audit Liaison Official, or the Senior Vice President for Research for audits of sponsored project accounts.
    3. If a recommendation by an External Auditor requires the University to invest resources to undertake corrective action or implement recommendations, the University’s response should reflect the institution’s agreement or refusal to make such a resource commitment.
    4. The Audit Liaison Official and/or the Senior Vice President for Research should review and approves official responses to audit reports prior to submission to the audit agency.
  6. Exit Conference: In the exit meeting, management and the auditor review and discuss the report, provide feedback on implementing recommendations, discuss any other issues related to the audit, and comment on the audit process.
    1. Exit interviews, review of findings and reports will follow normal administrative channels, and may include participation by the Audit Liaison Official, Audit Coordinator, and/or a designee.
  7. Final Audit Report: The final report issued by the auditors. Depending on the nature and scope of the audit, a report may or may not be provided to the University.
    1. The Audit Coordinator is to receive a copy of the final audit report.
    2. The Audit Coordinator or designee coordinates the distribution of the final audit report.
  8. Audit Recommendations and Corrective Action: Recommendations for improvement provided by the auditors or actions identified in the final report to resolve audit findings.
    1. Corrective actions are to be completed by the audited department or administrative unit. Upon completion, notify the Audit Coordinator or designee.
    2. Depending on the nature and severity of the recommendation or corrective action, the department or administrative unit may be asked to provide status reports on unresolved audit findings to the Audit Coordinator or designee. 
    3. The Audit Liaison Official or designee may notify the responsible vice president or department head of unresolved audit findings and, if appropriate, recommendations for making progress toward resolution.
    4. Every effort should be made to take corrective action and implement recommendations within the established timeline.

Frequently Asked Questions

  1. What should I do if I receive a request for an audit or investigation from the FBI, attorneys, or other law enforcement officials?

    Any requests from the FBI, attorneys, or other law enforcement officials should be forwarded to the University of Arizona’s Office of the General Counsel.
     
  2. Our department will be audited by the University's Internal Audit Department. Are we required to notify the Audit Coordinator of the internal audit?

    No, it is not necessary to notify the Audit Coordinator of internal audits conducted by the University.
     
  3. Due to the unique nature of each audit, how do I know if and when the Audit Coordinator or Audit Liaison Official needs to be involved in each phase of the audit process?

    When the Audit Coordinator is notified of the external audit, the Coordinator will evaluate the nature and scope of the audit and determine and communicate the level of involvement that will be necessary from the Audit Coordinator and Audit Liaison Official. If questions or uncertainty arise at any time during the audit process, please contact the Audit Coordinator.

    For audits of sponsored projects, central administrators from SPS will be the point of contact between the auditors and University employees for each step of the audit. SPS works with the Audit Coordinator as needed.

Related Information

Arizona Board of Regents
Arizona Auditor General
Arizona Revised Statues
Sponsored Projects Services Audit Management
The University of Arizona Internal Audit Department
Annual Comprehensive Financial Reports

* Please note that sections titled Frequently Asked Questions and Related Information are provided solely for the convenience of users and are not part of the official University policy.