Our audit professionals conduct a variety of services to ensure that Emory University and Emory Healthcare business operations are efficient, effective, compliant with applicable laws, regulations and policies, and rigorously controlled.  We continuously seek ways to enhance the value of our services to our clients.

Audit Process

An annual risk-based audit plan is developed by Internal Audit and approved by the Audit and Compliance Committee of the Board of Trustees.  Throughout the year, Internal Audit executes its audit plan and other reviews and investigations as requested by management.  The typical audit process executed by Internal Audit includes the following steps:

I.       Planning

  1. Plan and scope the audit/review.
  2. Communicate objectives, timing, and audit/review process to business unit management.

II.     Fieldwork:

  1. Understand and document the internal control systems.
  2. Test the operation of internal control systems.
  3. Review test results and develop conclusions.

III.    Reporting

  1. Discuss draft report with audit observations (issues) and recommendations with management.
  2. Obtain management responses (action plans) in response to issues and recommendations.
  3. Issue a final audit report to business unit management, executive leadership, and Audit Committee of the Board of Trustees.

IV.   Follow-Up

  1. Follow-up with management to confirm completion of action plans.
  2. Provide an update to executive leadership and the Audit and Compliance Committee.