Audit Process and Types

The auditor gathers background information about the audit topic, determines the audit objectives and methodology, and develops an audit program. The audit program indicates what procedures the auditor must follow in identifying the area/activity to examine, questions to ask, and documents to review.

During the entrance meeting, the auditor meets with representatives of the audited area (or auditee) to discuss the audit objectives and scope, estimated time and resources needed, and communication of audit results.

The evaluation phase of the audit is referred to as fieldwork. To assess the adequacy of internal controls and compliance, the auditor interviews key personnel, reviews departmental records and processes, and tests a sample of transactions in detail.

Throughout fieldwork, the auditor discusses initial audit observations and outstanding document requests with the auditee during status meetings. It also allows the auditee to clarify or provide additional documentation to resolve any concerns or clear any preliminary observations.

After fieldwork, the auditor writes a draft audit report, noting observations identified and corresponding recommendations. This draft report is forwarded to the auditee for discussion during the exit meeting.

During the exit meeting, the auditee has the opportunity to propose changes, and any agreed-upon changes are incorporated into the draft report. The auditor also requests that the auditee provide written responses to the recommendations.

The auditor issues the final audit report to the auditee and campus management. Also, a copy of the final report is posted on the audit website.

Generally, the auditor conducts a follow-up with the auditee to ensure the effective implementation of recommendations and corrective action plans and that expected results are achieved.

This type of audit determines if the university and its affiliated entities comply with applicable laws, regulations, policies, and procedures. These include federal and state law, Trustee policies, Chancellor's Office directives, and university and auxiliary policies and procedures.

This type of review is performed at the request of campus management to provide a proactive and independent review of identified concerns or improvements to existing processes. The internal auditor will not assume management's responsibilities to maintain appropriate independence and objectivity.

This type of audit examines the accounting and reporting of financial transactions to determine financial data's fairness, accuracy, and reliability. CSUSM's external financial auditors, KPMG, perform this audit in coordination with Business & Financial Services.

This type of audit assesses the university's and its affiliated entities' internal control system across significant business activities. Business activity includes but is not limited to cash handling, accounts receivable, procurement, accounts payable, fixed asset and equipment, and HR and payroll.

This type of review evaluates alleged instances of fraud, waste and abuse, or improper governmental activities to determine if allegations are substantiated and to prevent future occurrences.