In collaboration with the University's ERM and Compliance offices, an annual risk assessment survey is conducted to identify current and emerging risks impacting Vanderbilt and overall higher education.
The risks are used to compile the University's annual Risk Profile and the upcoming fiscal year's annual internal audit plan.
Internal Audit creates an annual plan that includes audits and advisory review projects to be conducted throughout the fiscal year.
The plan is shared with university leadership and the Audit Committee of the Board of Trust.
Internal Audit collaborates with stakeholders in pre-planning discussions to refine scope and objectives, identify risks and challenges, and agree to a timeline.
A formal scope notification will be issued, and an entrance conference will be conducted.
During fieldwork, we document the project-specific risk assessment and testing approach.
We conduct process owner and other stakeholder interviews and review and analyze documentation.
To assess operating effectiveness of controls, we select samples and perform testing (Audits Only).
We draft observations and validate the results with process owners/stakeholders and prepare a draft report and share with process owners/stakeholders during an exit conference.
For audit projects only, we will request action plans and implementation dates.
A finalized report is issued to the stakeholders, and a summary is presented to the Audit Committee of the Board of Trust.
(Audits Only)
Internal Audit will monitor open action plans on a quarterly basis and perform follow up procedures on any audit observations rated critical or high risk.