Office of Internal Audit
When you're expecting an audit
Why Me!?
Your day was going so well. You had accomplished everything on your Franklin Planner, had a great staff meeting, enjoyed a nice lunch, and you were ready for a nice weekend with your family. You were just about ready to call it a day and head for the house when the phone rings one last time… “Hello? Yes? You’re ready to audit my division? Why?!” You finish the conversation and pack your bags… maybe it won’t be as good a weekend as you thought….
If you are doing things in your division the way you are supposed to, you shouldn’t fret and worry when the internal auditor knocks on your door. You may wonder – “Why me?! Why am I being audited?” That’s a relatively simple question to answer. Each summer we in Internal Audit perform a risk assessment of the Department. We look at all kinds of potential risks that are out there including where we spend the most money, what areas haven’t been looked at in several years, what areas have had a lot of change, and what areas might be of particular interest to the Commissioner. After completing this risk assessment, we prepare an Audit Plan for the next fiscal year.
So you’ve been selected… what next?
What is an audit anyway?
An audit is an independent objective review of your operations designed to determine what is working well and what is not working well in a particular area. We all know it’s hard to review our own work so an audit is performed in order to help you see areas where you can improve your operations. An audit is an objective, methodical process where we examine your operations and Internal Controls to look for possible opportunities for improvement.
In our audits we hope to:
- Bring about positive change
- Work with management to identify ways to improve operations
- Help TDOT run more effectively and efficiently
What is the typical audit length?
An audit can take anywhere from a few weeks to a few months depending on how complex the operations of the area and how much we look at. We will always try to give you an estimate of how long the audit will take when we begin.
What is the Audit process?
We are always talking about your processes so we thought we would share with you a little about ours! Following is a basic outline of what is included in an audit:
Entrance Conference – The auditor will contact you before the audit begins to set up an “Entrance Conference”. At this meeting, the auditor will explain to you in general terms what we will be looking at in the audit, the general time frame of the audit, and other important information.
Planning and Background Review - In this stage the auditor makes plans for the audit, gathers important background information, selects samples and things like that.
Audit “field work” – This is when the auditor is working in your area, asking questions, and reviewing your documents.
Field Exit Conference – When the auditor is finished with his work, he will meet with you to explain the preliminary results of the audit. Please realize that these are preliminary results as the audit has not yet been through the review process.
Report Writing – After all the field work, or testing, is completed, the auditor writes his report summarizing the audit results along with recommendations for improvement.
Review – The work the auditor performed is then reviewed by the Audit Manager and the Director.
Draft Issues – After everything is reviewed, a draft of the Issues noted in the audit are emailed to the appropriate division director for review and comment. Specific instructions are included in this email explaining how to prepare your responses and when they are due. (Please see How to Respond for further assistance in this.)
Formal Exit Conference – Sometimes another exit conference is needed at this point if there are still Issues that either you the client, or we the auditors have questions about.
Corrective Action Plan – After all questions are answered, you will send in your Corrective Action Plan for each Issue in the draft report. We prefer this be sent via email but paper is also allowed.
Final Report – We then incorporate your Corrective Action Plan into our report, finalize the report, and send it to you, the Commissioner, other applicable members of TDOT management, FHWA, and the Comptroller.
We hope this helps you to better understand the audit process. If you have any questions, just give us a call.
We concur… We do not concur… We do not know what you are talking about… What does all of this mean? How do I write a response to an audit Issue?
After the auditors have completed their audit work, they will write a report summarizing what they found in the audit. This is to help you, the manager, know how you can improve your area. The audit is complete and you have received your “draft audit issues” in your GroupWise mailbox. What do you do now?
Issues - We ask that you read over the Issues carefully as well as the Recommendations we have made as you consider how you can improve the operations in your area. We then ask that you send back to us a “Corrective Action Plan” for each Issue (formally called Finding). This plan is your explanation to Internal Audit and the Commissioner of the steps you plan to take to improve the areas discussed in the audit report. Please send a separate Plan to address each Issue. At this point in the audit process, you are probably at one of 3 places regarding the audit Issues:
I agree - If you agree with the things we found in the audit, you should begin your response with “We concur” and explain what you plan to do to correct the issues noted.
-OR-
- I do not agree - If you don’t agree with the issue, I ask that you contact either myself or one of the auditors who worked on your audit so that we can discuss it further. Sometimes there may be a communication gap somewhere that we need to work out with each other. Just give us a call!
-OR-
- I have questions – If something in the Issues doesn’t seem right to you or you don’t understand what we are trying to say, just give us a call. We’d be more than happy to sit down with you and explain things further.
Other Weaknesses - Sometimes you will also receive a list of “Other Weaknesses”. These are smaller things we found in the audit that we want to make you aware of but that we don’t consider important enough to include in the final audit report. These other weaknesses are not reported to the Commissioner or the Comptroller – they are for your eyes only. These are, however, areas of weakness we noted that you should address. Sometimes when Other Weaknesses are not adequately addressed by management the problem grows and a year or two down the road it is reported in an audit report as an Issue. So if you want to be proactive and avoid future audit Issues, please take these Other Weaknesses seriously as well and address them.
What are all those letters for?
CPA, CIA … what does it all mean!? Your friendly auditor knocks on your door to announce your upcoming audit, leaves you his or her business card, and then leaves. You begin reading over his business card only to find out that it’s like looking into a bowl of alphabet soup! What do all those letter mean?
CPA – Certified Public Accountant
CIA – Certified Internal Auditor
CISA – Certified Information System Auditor
CFE – Certified Fraud Examiner
CGFM – Certified Government Financial Manager
