Utah Administrative Code
Topic - Education
Title R277 - Administration
Rule R277-116 - Audit Procedure
Section R277-116-5 - Audit Process

Universal Citation: UT Admin Code R 277-116-5

Current through Bulletin 2024-06, March 15, 2024

(1) At the initiation of an audit, the Chief Audit Executive shall:

(a) send an engagement letter to the local administrator, and if applicable, the audit committee chair of the audit client; and

(b) hold an entrance conference with the individuals specified in Subsection (1)(a).

(2) The Chief Audit Executive shall conduct the audit in conformance with International Standards for the Professional Practice of Internal Auditing, inclusive of:

(a) inquiring with the audit client to gain an understanding of the area being audited; and

(b) requesting and obtaining evidence throughout the audit to perform necessary analyses to meet the scope and objectives of the audit.

(3) After conducting an audit, the Chief Audit Executive shall submit the draft audit report directly to the audit committee.

(4) After complying with Subsection (3), the Chief Audit Executive shall provide the individuals identified in Subsection (1)(a) with notice, which shall include:

(a) the draft audit report;

(b) a cover letter outlining the classification of the draft audit report in accordance with Title 63G, Chapter 2, Government Records Access and Management Act, including any limitations regarding the sharing or dissemination of the audit report;

(c) an opportunity to request an exit conference within seven days of the date the draft report was provided, with the exit conference being held no later than 14 days from the date the draft report was provided; and

(d) an explanation outlining the process to submit a response to the audit, as applicable in accordance with Subsection (7).

(5) If appropriate, and at the discretion of the Chief Audit Executive, the Chief Audit Executive may edit the draft audit report based on feedback and information received pursuant to Subsections (3) and (4).

(6) After finalizing the draft audit report, the Chief Audit Executive shall:

(a) if necessary, submit the draft audit report directly to:
(i) the audit commitee;

(ii) the Superintendent; and

(iii) additional individuals and entities, as appropriate; and

(b) provide notice to the individuals identified in Subsection (1)(a), which shall include the same information required for notice under Subsection (4).

(7) Within 14 days of the Chief Audit Executive's notice to the individuals identified in Subsection (1)(a), the audit client may:

(a) provide a written response to the draft audit report to the Chief Audit Executive; or

(b) file a written request for an extension of time with the Chief Audit Executive setting forth:
(i) the justification for the extension request; and

(ii) the extension time necessary to provide the response.

(8) If a request for extension is filed in accordance with Subsection (7)(b), the Chief Audit Executive shall respond after consulting with the Audit Committee chair.

(9) Upon receiving a written response in accordance with Subsection (7)(a) or if no response to request for extension is received, the Chief Audit Executive shall:

(a) incorporate the written response, if any, into the draft audit report;

(b) prepare Chief Audit Executive concluding remarks, if appropriate; and

(c) submit the draft audit report to the audit committee and Superintendent.

(10) Upon receiving the draft audit report, consistent with Board bylaws, the audit committee shall provide direction to staff or propose recommendations to the Board regarding release of the audit or corrective action, including recommendations to confirm questioned costs as improper payments.

Disclaimer: These regulations may not be the most recent version. Utah may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.