Audit Services

How Departments/Units are Selected for Review

Departments/Units selected for review are based on a formal risk-based planning process.  Audit Services performs a risk assessment of all units (academic, administrative, research and ancillary) encompassing a number of factors, including discussions with senior management, the volume and complexity of transactions processed, the nature of the operation, external or internal factors that might affect risk and professional judgment. The risk assessment process ensures audit resources are allocated to areas where a review would benefit the University. The Annual Audit Plan is developed by Audit Services, reviewed with senior management and presented to the Audit Committee of the Board of Governors for approval.

The Audit Process

There are four phases to every audit conducted by Audit Services:

  1. Planning
  2. Fieldwork
  3. Reporting
  4. Follow Up


During each phase, the department or unit under review will have the opportunity to participate – audits work best with clear and open communication between the department/unit and audit staff.  If at any point, there are any issues or concerns, please direct those concerns to the audit staff or the Chief Internal Auditor.


  • The department/unit selected is contacted and informed of the intent to perform a review, the preliminary scope and objectives of the audit and the audit staff who will be contacting them shortly.
  • An introductory meeting is set up between the department head/director and the audit staff.  The meeting serves two purposes – first, the auditor will outline the process, timing and what the client or auditee can expect, second, the department/unit is able to express any issues or concerns with the audit process or areas within their units that they would like to have reviewed.
  • Following the introductory meeting, more detailed information is gathered through interviews with key operational and financial staff, review of financial information and other documents available (i.e. department websites, newsletters, etc.)


  • Fieldwork is the gathering of information necessary to assess the adequacy and effectiveness of internal controls, risk management and governance processes. Auditors do this through discussion and inquiry with staff, reviewing procedures and business processes and conducting tests to meet the objectives of the audit.
  • Once fieldwork is completed, the auditor will list all significant findings.  These findings will form the basis for the audit report.
  • In the conduct of their work, Audit Services staff is authorized to have unrestricted access to all functions, records, property and personnel.


  • Audit findings are summarized and reviewed with department staff to confirm findings and ensure all relevant facts are considered.
  • An audit report is drafted and includes the major recommendations.  Recommendations that do not address significant risks are handled less formally through discussion.
  • The draft audit report is presented to the department's senior management for fact validation and provides management with an opportunity to respond to the findings.
  • Management is required to provide timely written responses to the findings, including an action plan of how the recommendations will be handled.  Responses are included in the final audit report.
  • Once the report is finalized, the report is distributed to all senior management of the department (i.e. the Dean, the Provost, etc.).  Copies of all reports are distributed to the President, the VP Finance and Administration, the AVP Finance and Services and to the University’s external auditors for information purposes.  A summary of reports issued and significant findings are provided to the Audit Committee of the Board of Governors on a semi-annual basis.


  • Once the audit is completed, Audit Services periodically requests an update on progress made in implementing recommendations.
  • In some instances, it may be necessary to revisit the department to ensure corrective actions have been taken and the actions are achieving the desired results.
  • Reports of follow-up activity are provided to the Audit Committee of the Board of Governors.