Guidance and Resources
The following resources have been compiled to provide additional guidance throughout the audit process.
Guidance and Resources
The following resources have been compiled to provide additional guidance throughout the audit process.
Frequently Asked Questions
We receive our authority from the Corporation of Brown University. Our responsibilities are defined by the Committee on Risk and Audit as part of their oversight function.
We are authorized to have free, full, and unrestricted access to the University’s information, activities, records, property, manual and automated systems, and personnel for the purpose of carrying out our responsibilities.
Being audited is an opportunity. As an objective eye on your processes we help you:
- Work confidently and with peace of mind - We identify vulnerabilities in your processes, giving you the chance to make corrections before a serious issue occurs.
- Identify efficiencies – When we evaluate processes in your department we may uncover process improvement opportunities that increase bandwidth, identify new approaches, or help answer old questions.
- Work ethically - We support our shared goal to conduct your processes in an honest and trustworthy manner.
There are several factors used to select an area for audit including exposure to financial loss, external regulatory or compliance requirements, importance of the function to the mission of the University, and the protection of the University’s assets.
The length of time it takes to complete an engagement may vary as it is dependent on the nature and complexity of the unique environment. However, we are cognizant of the value of your time and take every opportunity to design our work to be minimally disruptive.
For every audit, we’ll need information that provides a comprehensive overview of the process we’re auditing. You can get a head start by compiling information that covers these topics:
- Core objectives and mission statement
- Organizational chart
- Policies, procedures, and process flow
- New initiatives and key priorities
- Supporting systems and applications with flowcharts
- Internal and external reporting
- Internal partners
- Areas that you consider to be a risk or concern