Audit Process

OIA follows standardized processes for the development of the annual internal audit plan as well as entity level engagements.

The Annual Audit Plan

The OIA develops an audit plan and presents that plan to the Board of Trustees Audit Committee for review and approval. The audit plan is developed utilizing the audit universe, (all USA Health and University entities and departments subject to audit), and the annual risk assessment (evaluation of inherent and emerging risks to the achievement of strategic goals). 

The annual audit plan includes specific audits of USA Health and the University, as well as annual responsibilities including external audit assist work for the annual financial audit and NCAA requirements, follow-up reviews, consultations, investigations and continual quality assessment and improvement.

Entity Level Engagements

Most audits follow a basic process to ensure consistency and proper communication.


Every audit will include pre-work to gather information on the institution or activity being audited and assess risk.  The focus of the audit will vary depending upon the nature of the engagement. 

Kick Off Meeting

Internal audit personnel may meet with management to discuss basic information regarding the entity or department, determine timing and appropriate contacts and answer management questions.

Engagement Letter

Most audits will include an engagement letter, sent to the appropriate entity personnel, which details the scope, objectives, timing and other information pertinent to the audit. This may include a preliminary request list.

Audit Program

An audit program, detailing the engagement steps to be performed, will generally be completed for each audit. This may vary in form and content depending upon the nature of the engagement, but will typically establish the procedures for identifying, analyzing, evaluating and documenting information during the audit fieldwork phase.


OIA will perform audit program tests including, but not limited to, internal control questions, observations and walk-throughs, documentation testing and systems testing.