The Internal Audit Department is committed to providing the highest level of professional audit services to Touro. Professional audit services include serving as a resource to management and meeting professional standards.
Internal Audit Engagement Timeline
The Internal Auditor reviews the following types of background information:
1) Risk Control Matrix
The matrix includes steps, risks, control objective, documentation request list, population and sample size, test procedures, and test results. Work papers are prepared at the beginning of the first audit assignment and are updated throughout the course of each subsequent audit. They represent the documentation of audit activity and must be continuously maintained.
2) Audit Announcement Memo
The Internal Auditor notifies the parties responsible for the area being audited (the Auditee) of the preliminary objectives, timing, team members that will conduct the review, and the overall protocol to be followed in the audit process. Notification is sent via email in the form of an engagement letter to the Auditee with copies to Senior Management, as appropriate.
3) Entry/Opening Meeting
The commencement meeting is conducted with the Auditee in order to discuss the preliminary scope, objectives, and any business concerns. The following individuals should be invited and encouraged to attend the meeting:
1) Evidence of review of work papers by the Internal Auditor
Auditors must obtain all evidence necessary for the efficient completion of the audit. The decision on how much evidence is sufficient and what type of evidence to seek requires the exercise of the Internal Auditor's judgment based on experience, education, reasoning, and intuition. A thorough knowledge of the concepts underlying audit evidence will improve the audit quality and efficiency.
2) Exit/Closing Meeting
At the conclusion of fieldwork, the Audit team will meet with the management team to discuss the observations and recommendations.
Audit reports are issued within 30 days of completion of the field work to ensure Senior Management is aware of and can respond to the risks and exposures identified by the audit. In order to ensure that actions are addressed in an efficient manner, reports will include specific action plans to resolve the concerns noted, the responsible person of the action plan, and an expected completion date.
The audit service’s principal product is the final audit report in which the Department will:
Prior to final issuance, the Department will discuss the observations and recommendations with the Auditee. The Department and the Auditee must agree upon the recommendations and the time frame during which they must be implemented. This conversation facilitates communication and ensures that the final report is practical.
The audit reports consist of 3 parts:
A. Executive Summary: A short section at the beginning of the document in which findings and recommendations are summarized for quick reference. The executive summary usually contains a brief statement of the project objective, scope, and concise analysis of the issues, recommendations, and overall conclusions in the audited area.
B. Rating: Ratings are used to assess the key attributes of the auditable entity and effectiveness of the controls that mitigate the major risks. A three-tier system is used as follows:
C. Improvement Action Plan:A sequence of steps that must be taken, or activities that must be performed, in order for a process to be effective. The Improvement Action Plan has three major elements: