Skip to navigation Skip to login
Saturday, October 20
Home » About MOSERS » Internal Auditors » Objective Assurance Auditing

Objective Assurance Auditing

PAGE TOOLS: TEXT SIZE: Larger | Smaller Print Logo Print this Page


The most successful audit projects are those in which the client and Internal Audit have a constructive working relationship. The following is narrative description of the process used to conduct regular audits. Audits other than regular audits are also conducted. An example of a non-regular audit is the deceased member audit. These audits are performed 6 times a year.

The final subject in this document is the internal auditor’s reporting to the Board of Trustees.

Audit Process

Although every audit project is unique, the audit process is similar for most engagements and normally consists of four stages: Preliminary Review of Internal Controls and Survey, Fieldwork, Report Writing, and Follow-up. Your involvement is critical at each stage of the audit process. As in any special project, an audit results in a certain amount of time being diverted from your unit's usual routine. One of the key objectives is to minimize this time and avoid disrupting your ongoing activities.

Preliminary Review of Internal Controls and Survey

During the preliminary review portion of the audit, I notify you of the audit, and discuss the scope and objectives of the examination (if the audit in a non-routine audit) generally in an email format. However, the audit client is more than welcome to request a more formal meeting to discuss the audit. During the preliminary review stage, I will review the internal control structure and gather information on your important processes for the area being audited. The audit plan is also created during this time. All new audit plans are reviewed by the executive director.

Preliminary Survey

In this phase the internal auditor gathers relevant information about the section or area being audited in order to obtain a general overview of operations. Interviews with key personnel and reviews of reports, files, and other sources of information, are the primary ways to gather this information.

Internal Control Review

The internal auditor will review the section’s internal control structure, a process which is usually time-consuming. In doing this, the internal auditor uses a variety of tools and techniques to gather and analyze information about the operation. The review of internal controls helps the auditor determine the areas of highest risk and design tests to be performed in the fieldwork section.

Audit Program

Preparation of the audit program concludes the preliminary review phase. This program outlines the fieldwork necessary to achieve the audit objectives.


The fieldwork concentrates on transaction testing and informal communications. It is during this phase that the internal auditor determines whether the controls identified during the preliminary review are operating properly and in the manner described by the client. The fieldwork stage concludes with a summary issues and concerns from which the auditor will prepare a draft of the audit report. Some issues will be communicated during the exit conference and will not be included in the formal audit report. These are called “verbal” recommendations and are generally issues that are not serious but do deserve some attention by the client.

Transaction Testing

After completing the preliminary review, the auditor performs the procedures in the audit program. These procedures usually test the major internal controls and the accuracy and propriety of the transactions.

Advice & Informal Communications

As the fieldwork progresses, the internal auditor discusses issues or concerns with the client. Hopefully, the client can offer insights and work with the auditor to determine if the issue is a problem or if there are other mitigating controls that render the issue moot. Usually these communications are verbal. However, in more complex situations, memos and/or e-mails are written in order to ensure full understanding by the client and the auditor.

All fieldwork is supported by appropriate documentation. Documentation could be in the form of memorandums, photocopies of documents, or computer spreadsheets.

Audit Summary

Upon completion of the fieldwork, the auditor summarizes the audit issues and concerns, and recommendations necessary for the audit report discussion draft.

Audit Report

The principal product is the final audit report in which the audit issues and concerns and recommendations for improvements are discussed. To facilitate communication and ensure that the recommendations presented in the final report are practical, the internal auditor discusses the rough draft with the client prior to issuing the final report.

Exit Conference

When the audit fieldwork is complete and the summary of issues and concerns and recommendations is created, internal audit meets with the section’s management team to discuss the issues and concerns and recommendations. At this meeting, the client is given the opportunity to comment on the issues and concerns and to present other aspects of the issue that may not have been covered during the audit fieldwork.

Draft Report

At the conclusion of fieldwork, the auditor drafts the report. The auditor reviews the report using a checklist to ensure all aspects of the audit report are consistent with the IIA Standards. This is also a quality control measure. The draft report is prepared for the section’s management and is submitted for the client's review to ensure the report does not contain errors. The client is also given the opportunity to respond to the auditor’s recommendations. The recommendations are included in the audit report.

Formal Report

The auditor then prepares the formal report, taking into account any revisions resulting from the exit conference, client responses, and other discussions. The report is then presented to the executive director for comments. The internal auditor reviews the executive director’s comments and will make changes to the audit report if the auditor agrees with the suggested changes.
The audit report is then signed and distributed to the Board of Trustees, applicable management staff, and any other interested parties. Each audit report contains a distribution listing that can be found on the last page of the audit report.
The official version of the report is presented to the executive director and a copy is scanned into MOSERS’ computerized document retention system (FileNET).

This report is primarily for internal management use. The approval of the Internal Auditor and Executive Director is required for release of the report outside of the system.

Quality Assurance

Finally, as part of Internal Audit's self-evaluation program, the clients are asked to comment on the internal auditor's performance on a periodic basis.

In addition, the internal auditor follows the IIA Standards which require that an outside quality assessment be performed at least every five years. These reports are generally known as peer reviews. The first peer review was completed in November 2002.

The IIA Standards suggest that an internal auditor perform a self-assessment periodically. Such self-assessment was preformed in June 2004.

Follow Up

The internal auditor maintains a listing of all audit recommendations, management’s responses and the status of the implementation of each recommendation. A separate listing is maintained for the Operations Section and for the Investments Section. The listing is updated after each audit is complete and the listing is reviewed periodically to ensure the implementation process is progressing.

Internal Audit’s Reporting to the Board of Trustees

Each member of the Board of Trustees is given each completed audit report. The Board may also request an audit that is not included in the annual audit plan. The Board may also receive special review reports written by the internal auditor if the internal auditor believes the Board should receive the report.

The internal auditor is required by the Governance Policy to prepare an annual report to the Board that describes any violations (if any are found) of particular policies made by the executive director. This report is generally presented to the Board during the June Board meeting. A more detailed description of this process can be found in the Governance Policy.

Missouri State Employees' Retirement System
Address: 907 Wildwood Dr., Jefferson City, MO 65102 Phone: 800.827.1063 URL: Email: Founded On: September 1, 1957