Date: Thu, 28 Mar 2024 20:01:01 -0400 (EDT) Message-ID: <809916585.13067.1711670462000@confluence05.rowan.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_13066_169405137.1711670461997" ------=_Part_13066_169405137.1711670461997 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
To outline the roles, authority and respo= nsibilities of the Office of Internal Audit and those of the management who= se schools, departments and divisions are audited.
Under the direction of the Audit Committe= e of the Board of Trustees, the President and General Counsel, the Chief In= ternal Auditor shall ensure compliance with and implement this policy, whic= h has been approved by the Audit Committee.
This policy applies to all full-time, par= t-time, permanent, temporary and uncompensated employees, faculty, staff, o= fficers, volunteers, and student employees.
The Internal Audit department performs au= dits in accordance with the auditing standards of The Institute of Internal= Auditors (IIA). The International Professional Practices Framework (IPPF)= =C2=AE is the conceptual framework that organizes authoritative guidance pr= omulgated by the IlA. A trustworthy, global, guidance-setting body, The IlA= provides internal audit professionals worldwide with authoritative guidanc= e organized in the IPPF as mandatory guidance and strongly recommended guid= ance. Conformance with the principles set forth in mandatory guidance is re= quired and essential for the professional practice of internal auditing.
The Institute of Internal Auditors offers=
the following definition of Internal Auditing that states the fundamental =
purpose, nature, and scope of internal auditing:
Internal auditing is an independent, objective assurance and consulting act=
ivity designed to add value and improve an organization's operations. It he=
lps an organization accomplish its objectives by bringing a systematic, dis=
ciplined approach to evaluate and improve the effectiveness of risk managem=
ent, control, and governance processes.
The University has an Internal Audit department to provide an indepe= ndent and objective assurance service that will add value and improve opera= tions through improved controls and efficiencies. Internal audit reviews ar= e intended to assist the University in determining the adequacy and effecti= veness of internal controls, adherence with applicable laws and regulations= , and reliability of financial reporting. A well designed internal audit fu= nction will help the University accomplish its objectives by applying a sys= tematic, disciplined approach to evaluate and assess the effectiveness of r= isk management, control and governance processes.
The Chief Internal Auditor and internal auditors must be independent= in appearance as well as in fact. For this reason, they report directly to= both the Chair of the Audit Committee of the Board of Trustees and to the = University President and General Counsel. These reporting relationships ens= ure the independence of the Internal Audit function and the adequate consid= eration of Internal Audit findings and recommendations
Internal auditors will not be responsible for developing or implemen= ting procedures, preparing records, or engaging in any activity which they = would normally review and evaluate, since doing so could reasonably be cons= trued as making them responsible for what they are auditing and thereby com= promising their independence. In this regard, Internal Audit personnel are = not to be used as accounting, finance or information systems staff. Interna= l Audit has neither direct responsibility for, nor authority over, the oper= ations or activities that are reviewed.
The auditors do not make operating decisions, and do not have the au= thority to direct activities, including implementation of corrective action= s. These activities and tasks remain the responsibility of management.
<= /li>Internal Audit is authorized to obtain the necessary assistance of p= ersonnel of the University unit where they perform audits, as well as speci= alized services from inside or outside of the organization.
The scope of the Internal Audit activity is intended to determine wh= ether the organization's activities of risk management, control, and govern= ance, as represented by management, are adequate and functioning as designe= d. The internal audit activity, with strict accountability for confidential= ity and safeguarding records and information, is authorized full, free, and= unrestricted access to any and all of Rowan University records, physical p= roperties, and personnel pertinent to carrying out any engagement. All empl= oyees are requested to assist the internal audit activity in fulfilling its= roles and responsibilities. While the Internal Auditors have free and unre= stricted access to senior management and the Board, they will attempt to re= solve any issues related to a perceived limitation of scope through General= Counsel.
Internal auditors will exhibit the highest level of professional obj= ectivity in gathering, evaluating, and communicating information about the = activity or process being examined. Internal auditors will make a balanced = assessment of all the relevant circumstances and not be unduly influenced b= y their own interests or by others in forming judgments.
Management's Responsibility
Notify Internal Audit when changes to applications and systems are b= eing planned that may ultimately affect data that are used in financial rep= orting systems.
Provide sufficient staffing and other resources as needed, inc= luding specialized technical staffing, to support Internal Audit during an = engagement.
Provide a timely response to the auditor's findings and recommendati= ons, including an achievable management action plan, within ten business da= ys from the receipt of the draft audit report.
Promptly assign department responsibility for ensuring the managemen= t action plan is implemented and appropriate follow-up action is completed.=
Respond promptly to Internal Audit's requests for status reports and= updates, and attend meetings of the Audit Committee when the audit report = is being considered.
A. Attachment 1, Responsibilities of the =
Chief Internal Auditor
B. Attachment 2, The Internal Audit Process
Communicate periodically with General Counsel, the President and the Aud=
it Committee on the internal audit activity's purpose, authority, responsib=
ility, and performance relative to planned audit activities. Reporting will=
also include significant risk exposures and control issues, including frau=
d risks, governance issues, and other matters needed or requested by senior=
management and the board. The frequency and content of reporting are deter=
mined in discussion with General Counsel, the President and the Audit Commi=
ttee and depend on the importance of the information to be communicated and=
the urgency of the related actions to be taken by senior management or the=
board.
A. Audit Process
B. Scope of Activity
The scope of the internal audit activity is intended to determine whethe= r the organization's activities of risk management, control, and governance= , as designed and represented by management, are adequate and functioning i= n a manner to ensure that:
C. Assessment of the Control Environment
In assessing the control environment, Internal Audit will consider:
1. The condition of the =
system of internal controls and quality of operations.
2. The criticality of area to the organization/business.
3. Inherent business risks.
4. Staffing levels and experience.
5. The adequacy of management supervision and cognizance of controls.
6. The unit/department's audit history and criticality and severity of audi=
t findings, if any.
7. Resolution of previous audit recommendations.
8. Compensating controls.