|
 |
|
||||||||||||||
Audits
DefinitionBy definition, audits are an independent assessment and evaluation of an institution's activities. To meet the highest standards, internal audits are performed in accordance with standards established by the Institute of Internal Auditing (IIA). The Office of Audit, Compliance and Privacy (OACP) can assist the members of the Penn community by conducting a variety of audits. Types of audits
Purpose of an auditThe purposes of these audits may be varied, but they all yield unique value to the auditee. Such purposes may include gaining an understanding of the area’s operations, evaluating the adequacy of the control structure for potential key issues and areas of concern, providing on-going feedback to area management, validating and reviewing data for completeness, accuracy, and authorization, benchmarking, or assessing a data center for security, operations, application maintenance, and system implementations. Who Gets Audited and WhyOACP annually assess the levels of business risk throughout Penn’s community. Our risk assessment includes factors such as:
An audit and compliance annual workplan is developed, based on this risk assessment and consultation with management and the Trustees’ Committee on Audit and Compliance. The workplan defines the areas to be audited. The Audit Process
Components of an AuditThe Risk Assessment identifies relevant risk factors that challenge an organizational area and further considers their relative significance. The Scope Statement identifies the activities that will be covered during the course of the audit. This would include the project justification, the project description, the deliverables, and the success criteria. Audit Program is the document that contains the listing of audit procedures as well as the objectives of the audit. Audit Procedures are the specific tasks that the auditor will follow to gather, analyze, and document during the audit. Workpapers are the detailed documentation from interviews and testing that were conducted to complete the audit program. OACP is utilizing the latest technology and is using electronic workpapers. The DeliverablesInterim updates are provided to the auditee throughout the course of the audit. The observations accumulate into the final audit deliverables, which is the closing documentation that is provided to the auditee at the completion of the audit. This can be in the format of a written report that includes observations and recommendations or it could be in the format of process flows. The purpose of the audit will determine the format of the final deliverables. |
||
|
|
||
|
||
