Audit Services

Types & Process

Audit Types

Financial Audits
These audits examine the accounting and reporting of financial transactions to determine the fairness, accuracy and reliability of financial data. CSU, Chico's external auditors, KPMG, perform this type of review in coordination with the Financial Services department.

Compliance Audits
These audits determine if entities are complying with applicable laws, regulations, policies and procedures. Recommendations usually require improvements in processes and controls used to ensure compliance with regulations. CSU campuses are subject to federal and state laws, Trustee policies, Chancellor's Office directives, and local campus policies and procedures.  

Information System Audits
These audits review the internal control environment of automated information processing systems and how people use these systems. The audits usually evaluate system input, output, processing controls, backup and recovery plans, system security, and computer facilities. These audits may review existing or developing systems.

Investigative Audits
These audits are performed when there is a suspicion or allegation of fraud, theft, waste, or other "improper governmental activity." Investigations involve the examination of records and interview of employees to determine if improper activities have taken place.

Follow-Up Audits
These audits are conducted after an internal or external audit report has been issued. They are designed to evaluate corrective action that has been taken on the audit issues reported in the original report.

Chico State quad

The Audit Process

An audit, whether conducted by an internal or external auditor, will typically consist of the following steps:

Planning: The auditor will gather and review background information about the campus activity, determine the audit scope and objectives, and develop an audit program identifying the issues to be examined, questions to be asked, and documents to be reviewed.

Entrance Meeting: The auditor meets with management to discuss the audit objectives, approximate time schedules, types of auditing tests, and how the audit results will be communicated.

Fieldwork: The auditor visits campus departments to interview key personnel and evaluate whether adequate internal control processes are in place, documented, and are being followed. This will usually include transaction testing to verify that established policies and procedures are actually being followed.

Analysis and Determination of Results: As deficiencies or "opportunities for improvement" are identified, the auditor will bring them to the university's attention. At the end of the fieldwork, the auditor usually reviews all preliminary observations and findings with the management at the informal exit conference.

Draft Report and Exit Meeting: The auditor writes a draft audit report, identifying problems detected and making recommendations for improving operations, and forwards the report to the university for review. The auditor meets with management at a formal exit conference to discuss the draft audit report and to resolve any disagreements.

Campus Response: The auditor issues a final draft report and asks the university to submit a written response for each recommendation, usually within 30-45 days. The university is expected to concur with each recommendation and provide a corrective action plan, including an estimated date of completion.

Audit Report: The auditor issues the final audit report.

Follow-up: Generally, the auditor will conduct a follow-up to ensure implementation of recommendations.