Carnegie Mellon University


  1. Risk Assessment and Planning
    • Inform client of planned audit and coordinate based on availability
    • Perform research and analysis of audit area
    • Hold opening meeting with client to discuss audit scope
    • Finalize audit scope
  2. Process Review
    • Review policies and procedures
    • Perform process walk-throughs
    • Identify and discuss any potential process or control concerns
    • Plan for fieldwork accordingly
  3. Fieldwork and Testing
    • Select sample items for further review
    • Perform detailed testing over sample item documentation
    • Finalize audit results and communicate any issues noted to client through Issue Memorandums
  4. Reporting
    • Hold a closeout meeting with client to discuss final results of the audit
    • Issue audit report to client and impacted parties 
    • Communicate high-rated audit findings to university leadership and the Audit Committee of the Board of Trustees
  5. Follow-Up
    • Solicit feedback from the client regarding audit execution and suggestions for improvement
    • Perform follow-up procedures to understand management’s progress against areas of findings
    • Apprise university leadership and Audit Committee of the Board of Trustees of remediated finding