What happens during an internal audit?
Before an audit begins, we distribute an announcement letter to those who will serve as our primary audit contacts. The letter briefly outlines the preliminary audit objectives and the general audit process.
Planning is the first phase of the audit. During planning, we review policies and procedures in order to gain an understanding of how work is accomplished. We typically conduct several transaction walk-throughs by tracing transactions from beginning to end. Policies, procedures, walk-throughs and discussions with personnel enable us to identify controls and assess associated risks. The planning phase helps us fine-tune our approach and finalize our work program.
It is our goal to use electronic data whenever possible. Frequently we request access to systems in order to analyze and sample data.
Based on the results of planning, we compile our audit program. It describes the procedures we will perform to test controls.
Before we proceed with the fieldwork phase, we hold an opening meeting to formally discuss our audit scope, objectives and procedures and seek input from our audit customers.
Fieldwork is the second phase of the audit. Fieldwork includes detailed tests of transactions. We may identify errors, irregularities or noncompliance exceptions as a result of the procedures we perform. When exceptions are identified, we discuss them with our audit contacts to resolve the issues.
During fieldwork, we also develop findings. Audit findings represent a set of facts that may or may not indicate a weakness in internal controls. The significance of findings can range from low to high priority. Detailed description(s) of the finding(s) is/are provided to management as a basis for evaluating the significance of the finding(s).
Quality assurance review process
Quality reviews are performed throughout the audit life cycle. We have implemented professionally accepted audit standards to ensure the highest-quality audit products are delivered to our customers. Audit standards require that we carefully document the procedures performed and conclusions reached. Documentation generally requires additional time, but we are obligated to adhere to strict standards.
After all of the audit documentation has been reviewed and the draft audit report has been written, the draft report is distributed to our primary audit contacts. The draft report is discussed during the closing meeting. If significant changes result from the meeting, we issue a revised draft report. The associate director responsible for the area audited usually coordinates the audit responses. Management’s response includes any corrective actions and the date the actions will be completed.
Audit report issuance
Management’s responses are then incorporated into the final audit report. The final report is distributed to the DOE Fermi Site Office, management, the Board Members of the Audit & Enterprise Risk Committee, the DOE Consolidated Service Center, the DOE Office of Inspector General and FRA’s external audit firm.
We routinely monitor the status of open audit findings to ensure that agreed to audit recommendations have been implemented and that the conditions reported have been corrected.