Administrative Policy Statement
Category – Fiscal
Coordination of Audits
Effective: July 1, 2009 Responsible Office: Department of Internal Audit
Office of University Controller Vice President: Vice President for Finance
Brief Description: Sets forth the University’s process for managing both external and internal audit activity.
The University is routinely subjected to audits performed by the Department of Internal Audit and by a variety of external
auditors. Because audits differ greatly, it is important to understand the auditor's process, the scope and objectives of the
particular audit project, and the possible impact of the audit results. This policy clarifies the University process for managing
Audit Objectives - Audits are performed for different purposes. Understanding the purpose helps facilitate the process.
Common audit objectives are:
1. To ensure compliance with (Federal, State, grantors, financial accounting) laws, standards, rules and regulations.
2. To evaluate efficiency and effectiveness.
3. To attest to the validity of financial information.
4. To ensure appropriate management control systems are in place. Audit Process - It is essential to understand the audit process before an audit begins. The audit process normally consists of
the following elements.
1. Audit Assignment/Engagement - The point at which it has been determined that an audit will be undertaken and a
University representative is first contacted.
2. Entrance/Opening Conference - A meeting where the auditors introduce themselves and discuss the audit process,
the audit scope, and the audit objectives.
3. Field Work - The auditors' procedures for obtaining audit evidence and developing findings and recommendations.
The type and extent of field work will vary according to the scope and objectives of the audit. For example, field work
may entail a detailed transaction-by-transaction review or may only consist of a review of processes and procedures.
4. Exit/Closing Conference - A meeting where the auditors formally present the results of their work.
5. Response - The opportunity for the units affected by the audit to respond to the auditors' findings and
recommendations. The opportunity to respond to audit work varies in terms of timing and format. It is important to
understand the particular audit process so that responses are prepared in the best interests of the University.
6. Follow-up - The auditors' and/or the University's procedures to follow the progress toward resolution of audit issues.
University of Colorado Administrative Policy Statement
Page 2 of 3 Coordination of Audits
Audit Scope - Scope defines the focus of the audit activity. For example, the State Auditor, by law, performs an annual audit of the University's financial statements. The scope is the fiscal-year financial transactions. The objective is to attest to the
validity of the financial information as presented in the financial statements.
External Audits - Audits performed by auditors external to the University, usually with an obligation to report their audit results
to an external constituency. Examples: State auditors, Federal auditors, DOA, HHS, IRS, and Independent CPA firms.
Internal Audits - The Department of Internal Audit reports to the Board of Regents and is chartered to perform audits
throughout the University.
POLICY STATEMENT External Audits
1. To help ensure that external audit activity is appropriately coordinated, the Department of Internal Audit serves as the
point of initial contact and coordination for any audit activity of the University.
2. Whenever an external audit agency contacts a University employee or unit to perform an audit, the Department of
Internal Audit must be notified. The Department of Internal Audit will, in turn, notify any affected departments of any
3. To avoid to the extent possible the redundancy of audit activity and to comply with the provisions of the Federal
"Single Audit Act," the Department of Internal Audit will maintain a record of external audit activity and report this
information to the State Auditor's Office as required.
1. The Department of Internal Audit is responsible for establishing a process for the conduct of routine internal audits
that provides the opportunity for the auditee to respond to specific audit findings and recommendations.
Annual Financial Audit
1. Upon initial contact by the State Auditor, the Department of Internal Audit is responsible for coordinating, with the
University Controller, the scheduling of the opening and exit conferences for the annual audit of the University's
2. The University Controller is responsible for the coordination of information requests and the compilation of the annual
financial statements for the annual financial statement audit.
3. Each campus is responsible for scheduling and/or coordinating, with the University controller, the flow of information
to external auditors who are conducting audits of campus-specific activities.
4. The Department of Internal Audit will collaborate with the University Controller and the campuses to help ensure that
there is proper communication and coordination of responses to the annual audit of the University's financial
5. The Vice President for Finance is responsible for the overall quality of the financial control systems and, as such, the
University Controller is delegated the responsibility for monitoring the progress of the University in the implementation
of the State Auditor's management letter recommendations.
1. Each campus is responsible for developing policies and procedures for dissemination of audit-related information to
assure timely evaluation of and response to audit findings and recommendations for audits in process.
2. Responses to all external audit recommendations must be reviewed and approved by the Director of Internal Audit
and the Vice President for Finance prior to submission to the external audit entity.
University of Colorado Administrative Policy Statement
Page 3 of 3 Coordination of Audits
3. Report distribution will be coordinated by the Department of Internal Audit and the University Controller, as applicable,
depending on the nature of the audit.
4. Each campus is responsible for establishing and maintaining a process for monitoring the status of open audit
recommendations specific to the individual campus. The University Controller is responsible for maintaining a process
for monitoring the status of audit recommendations with university-wide application.
5. System Administration and the campuses will provide the Regent Audit Committee a periodic report summarizing the
implementation status of audit recommendations.
The appropriate campus Controller, who will consult with the University Controller as appropriate, will respond to
questions and provide guidance regarding interpretation of this policy.
? Revised July 1, 2009
? Initially Issued January 1, 1992