6.11 Audit Management
Policy Information
Policy Number: 6.11 | Effective Date: 7/20/2012 |
Responsible Unit: FSO - Financial Management | Last Revised Date: 10/04/2017 |
Email: fin-mgmt@fso.arizona.edu | Phone: 520-621-3220 |
Purpose and Summary
To provide guidance to University personnel whose areas are being audited, to ensure that external audit activities are appropriately coordinated and managed by University personnel, and responses to external audit findings or conclusions are properly implemented in a timely manner.
The University will undergo periodic examinations or audits of fiscal and administrative management to ensure that funds and resources are used and reported in accordance with the appropriate methods prescribed by law, generally accepted accounting principles, and Arizona Board of Regents’ and University rules and regulations. As such, audits are a means of determining whether the activities of operating units are safeguarding the assets of the University, operating efficiently, and overseeing operations in a manner that is consistent with public policy. The objectives of audits are beneficial; therefore, the policy of the University will ensure that administration of external audits will be conducted so as to achieve these purposes.
Source
Arizona Board of Regents Policy, including but not limited to: 3-104, 3-410, and 6-711.
Arizona Revised Statutes, including but not limited to: §§15-1661, 41-1279.03 and 41-1279.04.
Scope
This policy applies University-wide, including Main Campus, the Arizona Health Sciences Campus, the Phoenix Biomedical Campus, and University of Arizona – South. In addition, this policy applies to all extension off-site campus units, both domestic and international.
This policy applies to all audits and reviews performed by external auditors for all University transactions. This includes external audits and reviews at the University level as well as at the college, department, unit, account, or transaction level.
Definitions
- Audit: An independent and objective appraisal to examine or review the fair presentation of financial statements, economy and efficiency of operations, effectiveness of achieving program results, compliance with laws and regulations and/or the detection of fraudulent activities. For purposes of this policy and procedure, audits include but are not limited to external: reviews, site visits, desk audits, and fraud investigations.
- Audit Liaison Official: The Vice President, Financial Services is the administrative officer responsible for all official contact with external auditors.
- Audit Coordinator: The Vice President, Financial Services’ designee who acts on behalf of the Audit Liaison Official and is normally the intermediary contact for the routine management and functioning of external audit activities within the University.
- Internal Auditors: Employees of the University of Arizona Internal Audit Department who conduct independent and objective assurance and audit consulting services within the University.
- External Auditors: Any auditors or investigators that are not employees of the University. External auditors include federal, state, local and other outside, independent auditors that audit various University activities and programs at University request, or as required by law, ABOR, grant sponsors, or other external entities.
Policy
- The University will fully cooperate with and assist external and internal auditors whose responsibilities involve examination and confirmation of University transactions.
- To help ensure that external audit activity is appropriately coordinated, the Audit Coordinator must be informed of all external audit activity. Notification of internal audits is not required. The Audit Coordinator will ensure an understanding of the objectives and scope of the audit and assist the auditors in achieving legitimate objectives with the least impact on University operations.
- On a timely basis, the University will provide external auditors with access to all records that are relevant to the audit, except those deemed by the University to be legally privileged or protected. Availability of records is subject to University record retention policies.
- The President of the University will promptly notify ABOR of any significant issues raised by internal auditors, state or federal auditors, or any other audit agency or authority.
- The University will prepare and provide an annual Comprehensive Annual Financial Report to the Arizona Board of Regents’ Audit Committee and Business and Finance Committee.
Compliance and Responsibilities
The following is a general outline of the responsibilities of those involved in audits conducted under the scope of this policy and procedure. Due to the unique nature of each audit, the responsibilities listed below may not apply to all audits and some responsibilities may be delegated by the Audit Liaison Official and Audit Coordinator:
Audit Liaison Official
- Designate an Audit Coordinator.
- May attend entrance and exit conferences.
- Review draft audit reports prior to issuance by the external audit entity.
- Review and approve responses to audit reports prior to submission to the external audit entity.
- Advise appropriate members of executive management on the status of unresolved audit findings and progress.
Audit Coordinator
- Monitor all campus external audit activity.
- Notify University Internal Audit of all external audits.
- May attend entrance and exit conferences.
- Attend the final briefing on the draft audit report and review draft audit reports prior to issuance.
- Coordinate with Sponsored Projects & Contracting Services (SPCS) for audits of sponsored grants and contracts.
- Facilitate cooperation with external auditors in the performance of their duties and to avoid duplication of effort.
- Review the response to audit reports prior to submission to the Audit Liaison Official.
- Coordinate the distribution of all audit reports.
- Monitor the implementation status of audit recommendations.
Department Head / Principal Investigator / Business Manager
- Notify the Audit Coordinator when an external agency wishes to commence an audit, review, site visit, desk audit, fraud investigation, or conduct field work on campus.
- For audits related to sponsored project accounts, if an auditor contacts you directly, refer them to SPCS.
- Work with the Audit Coordinator and/or SPCS for sponsored project related audits, on requests for specific information or to arrange interviews with employees.
- Forward all draft and final audit reports and responses to the Audit Coordinator or SPCS for review.
- Implement agreed-upon audit recommendations.
All University Employees
- Be courteous, cooperative, and professional when dealing with the auditors.
- If you are unsure about how certain information may relate to the audit or have any questions pertaining to the audit, consult with the Audit Coordinator.
- At any time, if questions arise concerning the conduct of an auditor or if work appears beyond the defined scope of the audit, contact the Audit Coordinator for further instructions.
- Refrain from providing unrequested information.
Procedures
Types of Audits
Internal Audits
In accordance with an annual published plan, the Internal Audit staff conducts audits throughout the year on a continuous basis. Departments that are to be audited will normally be notified in writing prior to the auditors' arrival.
It is not necessary to notify the Audit Coordinator of internal audits.
Financial Audit – Comprehensive Annual Financial Report
A Comprehensive Annual Financial Report (CAFR) is prepared at the end of each fiscal year after an external audit is performed by the Arizona Office of the Auditor General. The report shall be prepared in accordance with generally accepted accounting principles (GAAP). The report is due October 30 and will be posted on the Financial Services Office website soon thereafter.
The Financial Services Office is responsible for all portions of the CAFR and for coordinating and organizing the audit with the Arizona Office of the Auditor General.
Single Audit
The Single Audit is required annually of the University as a recipient of Federal assistance under 2 CFR 200 Uniform Guidance. The Single Audit is an external audit that examines the University’s federal award transactions, student financial aid transactions, internal controls, and compliance with laws and regulations.
The Financial Services Office and SPCS work together to coordinate the Single Audit with the Arizona Office of the Auditor General.
All Other External Audits
External auditors, including the Arizona Office of the Auditor General, may be engaged by the University to perform specific functions (e.g. the Comprehensive Annual Financial Audit and the Arizona Public Media Financial Audit) or have been directed by external agencies, including but not limited to the State of Arizona, ABOR and grant sponsors, to audit activities or programs administered by the University.
External audits will be coordinated through the Audit Coordinator on behalf of the Audit Liaison Official and through Sponsored Projects & Contracting Services for audits related to sponsored projects.
Audit Process and Procedures
Although every audit is unique, the audit process is similar for most engagements and normally consists of the following phases:
- Notification: The University will receive communication, generally in the form of a letter, informing of an upcoming audit, review, site visit, desk audit, or fraud investigation and requesting documentation (e.g., organization charts, system documentation, flow charts, financial records or statements).
- The Audit Coordinator should be notified immediately when an audit action is initiated by an outside (external) agency.
- For audits related to sponsored project accounts, the auditor should be referred to SPCS.
- Depending on the circumstances, audit coordination may be delegated to the relevant University administrator.
- If an unannounced audit will be conducted, contact the Audit Coordinator. The auditor will be asked to provide written notification to verify his/her authority and scope of the audit.
- Entrance Conference: The opening meeting includes management and administrative staff involved in the audit and is an opportunity to discuss the scope of the audit, available resources, and other concerns.
- The Audit Liaison Official, Audit Coordinator, and/or a designee should attend the entrance/opening conference to facilitate full communication of audit objectives, schedule, and protocol. Attendance may vary depending on the type and scope of the audit.
- Fieldwork: The auditor may interview staff, review procedure manuals and business processes, review statements and records, test compliance, and assess the adequacy of internal controls.
- The Audit Coordinator or a designee will schedule audit activities, monitor audit actions and resolve audit-related problems.
- Administrative units should cooperate with the auditor to the extent requested; however, availability of records and responsible personnel and conflicts of scheduled activities should be negotiated as necessary where conflicts of priority arise. If problems occur which cannot be satisfactorily resolved, contact the Audit Coordinator.
- Draft Report: After all fieldwork is completed, the auditor may prepare a draft report that documents objectives, procedures, conclusions, and recommendations.
- The auditor, upon completion of work, will generally brief the appropriate administrative officials and the Audit Coordinator of any recommendations, findings and/or problems noted during the course of the examination. At that time, the findings, recommendations and conclusions should be thoroughly discussed and any factual or incorrect items clarified. Discrepancies noted by the auditor and subsequently corrected by the administrative unit may still be included in the final report.
- The auditor will generally provide the department or administrative unit and/or the Audit Coordinator a draft report to review before a final report is issued. Any disagreements on the items noted in the draft report between the examined unit and the auditor should be thoroughly discussed and, if agreement cannot be reached, the Audit Coordinator should be contacted for further actions.
- The Audit Coordinator, Audit Liaison Official, and/or a designee should attend the final briefing on the draft audit report. Depending upon the administrative unit, several review meetings may be held at appropriate supervisory levels. Attendance may vary depending on the type and scope of the audit.
- After the last briefing on the draft audit report has been conducted, the report will be prepared in final format. If a final draft is made available by the auditors, a copy should be presented to the Audit Coordinator, Audit Liaison Official or their designee for final review.
- When items of a serious nature or a repetition of a previous comment requiring corrective action are to be included within an external audit report, the Audit Liaison Official, or SPCS for audits of sponsored projects, will review the items with appropriate members of executive management.
- If a recommendation by an external auditor requires that the institution invest additional or incremental resources to undertake corrective action or implement selected recommendations, the Audit Liaison Official shall, prior to final approval and official release, advise appropriate members of executive management of the estimated resource commitment required by the recommendations. The Auditor’s recommendations or the University’s response in the audit report should reflect the institution’s agreement or refusal to make such a resource commitment.
- Responses to Audit Reports: The type of response that may be required by the University concerning the results of the audit will vary depending on the specific scope of the audit.
- The administrative units involved will prepare an initial draft response to any audit finding/problems noted in the draft report, indicating corrective action already taken or under review, and forward the draft response to the Audit Coordinator or designee for review and inclusion in the formal audit response.
- The Audit Coordinator, or SPCS for audits of sponsored projects, will prepare the formal audit response to the auditors and coordinate the review by the Audit Liaison Official, or the Senior Vice President for Research for audits of sponsored project accounts.
- The Audit Liaison Official and/or the Senior Vice President for Research reviews and approves all official responses to audit reports prior to submission to the audit agency.
- The formal audit response includes corrective actions to be taken by the University in response to any findings noted in the report.
- Exit Conference: In the exit meeting, management and the auditor review and discuss the report, provide feedback on implementing recommendations, discuss any other issues related to the audit, and comment on the audit process.
- Exit interviews, review of findings and reports will follow normal administrative channels, to include participation by the Audit Liaison Official, Audit Coordinator, and/or a designee as well as any administrator so delegated.
- Final Audit Report: The final report issued by the auditors. Depending on the nature and scope of the audit, a report may or may not be provided to the University.
- The Audit Coordinator is to receive a copy of the final audit report.
- The Audit Coordinator or designee coordinates the distribution of the final audit report.
- Audit Recommendations and Corrective Action: Recommendations for improvement provided by the auditors or actions identified in the final report to resolve audit findings.
- Actions are to be completed by the audited department or administrative unit. Upon completion, notify the Audit Coordinator or designee.
- Depending on the nature and severity of the recommendation or corrective action, the department or administrative unit may be asked to provide status reports of all unresolved audit findings to the Audit Coordinator or designee. The Audit Coordinator or designee may advise the Audit Liaison Official of any required corrective actions for which resolution or adequate progress towards resolution has not been achieved or are beyond reasonable institutional resources to resolve.
- The Audit Liaison Official or designee may notify the responsible vice president or department head of unresolved audit findings and, if appropriate, recommendations for making progress toward resolution.
- Every effort should be made to take corrective action and implement recommendations within six months of the issue date of the report.
Frequently Asked Questions
- What should I do if I receive a request for an audit or investigation from the FBI, attorneys, or other law enforcement officials?
Any requests from the FBI, attorneys, or other law enforcement officials should be forwarded to the University of Arizona’s Office of the General Counsel.
- Our department will be audited by the UA’s Internal Audit Department. Are we required to notify the Audit Coordinator of the internal audit?
No, it is not necessary to notify the Audit Coordinator of internal audits conducted by the University.
- Due to the unique nature of each audit, how do I know if and when the Audit Coordinator or Audit Liaison Official needs to be involved in each phase of the audit process?
When the Audit Coordinator is notified of the external audit, the Coordinator will evaluate the nature and scope of the audit and determine and communicate the level of involvement that will be necessary from the Audit Coordinator and Audit Liaison Official. If questions or uncertainty arise at any time during the audit process, please contact the Audit Coordinator.
For audits of sponsored projects, central administrators from SPCS will be the point of contact between the auditors and University employees for each step of the audit. SPCS works with the Audit Coordinator as needed.
Related Information
Arizona Board of Regents
Arizona Office of the Auditor General
Arizona Revised Statues
Sponsored Projects & Contracting Services Audit Management
The University of Arizona Internal Audit Department
UA Comprehensive Annual Financial Reports
* Please note that sections titled Frequently Asked Questions and Related Information are provided solely for the convenience of users and are not part of the official University policy.