Audits and Business Process Reviews

An IACA Annual Work Plan is developed and approved by the Audit Committee of the RIT Board of Trustees based on an assessment of risk across the University. There are three parts to an audit or business process review engagement: planning, fieldwork, and reporting.

The Audit Process at RIT
A formal report is prepared and shared with the engagement area's management, applicable RIT administration, and RIT's external auditors. The report includes an assessment of the internal control environment, a summary of the issues identified during the engagement, and management's corresponding corrective action plans. A summary of the engagement results is provided to the Audit Committee of the RIT Board of Trustees. 

Advisory observations may also be identified during an engagement; these would be items of lesser concern, but ones that may provide opportunities for enhancing controls, increasing efficiencies, or improving operations.  These items are shared only with the engagement area's management and do not require the development and implementation of management corrective action plans.