Each fiscal year, Audit and Advisory Services develops an annual audit plan. The plan is developed based on available staff resources, the performance of a risk assessment, and includes significant input from OHSU management. The plan is submitted to and approved by the Internal Audit Committee. Audit and Advisory Services meets with the Internal Audit Committee on a quarterly basis to review the status of the plan and evaluate audit priorities.
The objective of developing the annual audit plan is to ensure there is adequate audit coverage in the following functional areas within OHSU:
A majority of Audit and Advisory Services staff resources are spent performing audit services. This includes the following types of activities:
- Planned Audits:Audits that are planned as a result of the annual risk assessment process. These audits can also be high priority audits as identified by the Internal Audit Committee or core audits that are not necessarily high-risk areas at a given time, but are functions that should be reviewed on a periodic basis. Also included in this category are information technology audits and reviews of academic departments, divisions, institutes, centers and programs. Core audits can include the following areas:
o Cash Handling
o Human Resources Transactions and Policies
o Asset Acquisition, Disposition, and Transfer
o Accounts Payable
o Billing and Coding
- Follow-Up Audits: Follow-up review on the status of recommendations in prior audit reports. Follow-up reviews are conducted approximately six months after the auditee's response to recommendations included in the audit report. Follow-up work will continue until all recommendations have been appropriately addressed.