How to Survive an External Audit

An External Audit is a periodic or specific purpose audit conducted by external (independent) qualified accountant(s). Its objective is to determine, among other things, whether (1) the accounting records are accurate and complete, (2) prepared in accordance with the provisions of GAAP, and (3) the statements prepared from the accounts present fairly the organization's financial position, and the results of its financial operations

External Audit General Guidelines

For the Department


  1. When an external auditor contacts you, get the following information:
    • Name of auditing agency
    • Name of auditor and phone number
    • Specific areas of audit, if possible
    • Grant name/number to be audited
  2. Do not provide any information over the telephone.
  3. Let the auditors know that you will be contacting them at a later date.
  4. Notify your department manager and your control point.


  1. Notify Contracts and Grants Accounting (CGA) and Audit & Advisory Services (AAS) and give as much known detail as possible.
  2. Work with CGA and AAS to set up an internal pre-audit meeting to discuss upcoming audit.
  3. Recommend key departmental and University personnel for the pre-audit meeting.
  4. Set up meeting with the CGA, AAS, control point representative, and department manager and external auditors.
  5. Run all responses to requests from the external auditors by CGA and AAS before providing them to the external auditors
  6. Upon completion of the audit, fill out the Case Status Update Request Form (obtain from AAS) and submit to CGA and AAS, along with any final audit report and findings.

For Audit & Advisory Services

  1. Review the external audit request with the External Audit Coordinating Committee.
  2. Participate in the pre-audit meeting.
  3. Assign an internal auditor to the external audit.
  4. Participate in the entrance meeting with the auditors
  5. Work with the department to frame a response to the auditor.
  6. Help with self-report, as necessary.
  7. Maintain a database of external audits including the final reports.
  8. Notify the External Audit Coordinating Committee of any results or findings.

For Contracts and Grants Accounting

  1. Inform Senior Service Manager, Compliance Manager, and External Audit Coordinator.
  2. Help gather materials as necessary
  3. Review materials before they are submitted to the external auditors.
  4. Participate in audit meetings as necessary.

Tips for Surviving a Single Audit

In accordance with OMB Uniform Guidance, UCSF expenditures of federal funds are audited annually by the University’s external auditors. The auditors examine the University’s schedule of federal expenditures and, if warranted, may suggest areas for improvement. The audit process includes meeting with campus central and department staff.

The Controller’s Office has developed these tips to assist departments when engaging with the University’s external auditors on the topic of a Single Audit of sponsored funds.

Top 10 Do’s

  1. Be prepared for the meeting and understand the purpose of the meeting. Review and prepare related records prior to interviews/visits. Anticipate questions related to the documents. If a record will hurt the University’s interest, immediately notify department management and internal audit of the issue.
  2. If, in the course of an audit, you find inappropriate charges or inadequate procedures, resolve it immediately e.g., cost transfer unallowable charges.
  3. Listen carefully and understand the auditor’s question before answering. Be thoughtful when composing your answers, ensuring you have the facts and evidence to back them up. Please be sure your responses are complete and accurate. Ask for clarification when you don’t understand the auditors’ questions, assumptions, or conclusions.
  4. If you have any questions or concerns about the audit, discuss these with your department manager or direct supervisor.
  5. Respond only to the question being asked. Please keep your answers simple and direct. Don’t feel pressured to come up with an answer when you don’t know the answer - it is okay to say, “I don’t know” and “I will get back to you with the answer”.
  6. It is always a good idea to be discreet and diplomatic. Limit your answers and comments to areas where you have first-hand knowledge and/or supporting documentation. Don’t speculate if you don’t have the information.
  7. Politely decline to answer questions you don’t fully understand until a central administrative contact within your school or audit committee member is present.
  8. Be responsive to requests for information and documents, but please do not volunteer documents or information that is not relevant to the question at hand.
  9. Avoid data dumps for auditors to sort through. When providing data, provide well-ordered, clear documents.
  10. Keep notes on and copies of information they provide to external auditors during interviews, and ensure that all original records provided to external auditors are returned at the end of the audit.

Top 5 Don’ts

  1. Do not provide any information over the telephone. Ideally, responses be coordinated through one point of contact and reviewed first by an audit liaison, the external audit coordinating committee, or your control point before responses are provided to auditors.
  2. If supporting documents appear to be incomplete or problematic, do not modify or delete these. Refer to Top 10 Do #2.
  3. Please do not speculate or answer hypothetical questions. Do not agree or disagree with opinions. If there are differences of opinions, raise your concerns after the meeting with your department manager and/or the Controller’s Office.
  4. Do not provide irrelevant information e.g., rumors, office gossip, conversations from 2nd and 3rd hand sources, especially if they are outside the scope of the audit.
  5. Do not sign anything on behalf of the University.

Three Things You Can Do Now

  1. Ensure you have good internal controls and that you monitor your processes and expenses. Reconcile ledgers for funds with activities in the current fiscal year and provide evidence of review per SAS 112 key control 13. Review and resolve financial, administrative, and project management systems e.g., timely journal transfers, compliance with effort reporting on ERS.
  2. Document appropriate approvals and maintain an audit trail of supporting documentation. Maintain an organized filing system.
  3. Ensure that staff understands policies and procedures. Review and fully understand award terms and conditions, ensuring expenses are appropriate and allowable, follow uniform administrative requirements, federal cost principles, and follow cost accounting standards. Take immediate corrective action and resolve issues as soon as possible.

Frequently Asked Questions in an External Audit

  1. Transaction Testing
    • Please provide samples of your general ledger to show that expenses are on the budget.
    • Provide access to general ledger data supporting the cumulative grant expenditures reported on each Financial Reporting Form. If the grant spans more than one fiscal year, provide general ledger detail for each year.
    • General ledger detail should be at the individual transaction level.
    • Provide access to your payroll records for each year covered by grant to facilitate payroll testing.
    • Please provide samples of your ledger to show that payroll is appropriately charged.
    • Please justify any exceptional expenses, like meetings and entertainment and show documentation of sponsor approval.
    • Please show that travel is justified and that the most cost effective travel was planned.
    • Provide access to expenditures for subawardees, if applicable, to perform testing.
    • Please show timeliness of subaward payments.
    • Please show that the sales use tax has been appropriately calculated.
    • Provide access to review cash receipts records and highlight the deposits of all grant receipts in your general ledger (For multiple payments deposited in one transaction by the Controller’s Office, please contact your CGA service accountant for assistance
    • Please provide amount of interest income earned on grant f
  2. University-wide policies and procedures
    • Please describe effort reporting system and review process.
    • Please describe the software program used for grant/contract reporting, GL and how it interacts with the overall University system
    • Please provide documentation establishing the legal and tax-exempt status of your organization.
    • Please provide copies of Management Advisory Comments letter issued in connection with the last 2 independent audits.
    • Provide a description of the organizations’ internal control procedures related to compliance with the financial terms of this grant.
    • Please describe timekeeping reporting policies and procedures.
    • Please describe sub-grantee policies and procedures (contracts and payment reporting procedures). Please provide template/form for sub-grantee agreements.
    • Please describe financial management policies and procedures (if available), including, accounting, financial management, investment management, procurement, expense reimbursement policies, especially with respect to travel and entertainment related expenditures.
    • Provide most recent UCSF annual reports and financial statements (audited, if available).
  3. Department
    • Please provide organizational chart of department.
    • Provide a description of the department’s internal control procedures related to compliance with the financial terms of this grant.
    • Please provide department’s operational budget for most recent fiscal year.
    • Please provide department’s annual budget for the coming fiscal year.
    • Please provide a list of the department’s current funders as well as projected revenue by funder.
  4. Grant-specific
    • Please provide Signed copies of the Grant Agreement, including all attachments and grant extensions.
    • Please provide copies of Board minutes.
  5. Please provide names, titles, background information (including resumes or curriculum vitae), and contact information for officers, directors, trustees and key employees of the organization, and key employees working on the project.
  6. Provide a copy of each “Interim Progress/Interim Financial and/or Financial Reporting Form” filed to date.