ROWAN UNIVERSITY POLICY
Title: Internal Audit
Policy No: IA: 2015:02
Issuing Authority: President
Responsible Officer: Chief of Staff
To outline the roles, authority and responsibilities of the Office of Internal Audit and those of the management whose schools, departments and divisions are audited.
The University has an Internal Audit department to provide an independent and objective assurance service that will add value and improve operations through improved controls and efficiencies. Internal audit reviews are intended to assist the University in determining the adequacy and effectiveness of internal controls, adherence with applicable laws and regulations, and reliability of financial reporting. A well designed internal audit function will help the University accomplish its objectives by applying a systematic, disciplined approach to evaluate and assess the effectiveness of risk management, control and governance processes.
The Chief Internal Auditor and internal auditors must be independent in appearance as well as in fact. For this reason, they report directly to both the Chair of the Audit Committee of the Board of Trustees and to the University President and Chief Of Staff. These reporting relationships ensure the independence of the Internal Audit function and the adequate consideration of Internal Audit findings and recommendations
Internal auditors will not be responsible for developing or implementing procedures, preparing records, or engaging in any activity which they would normally review and evaluate, since doing so could reasonably be construed as making them responsible for what they are auditing and thereby compromising their independence. In this regard, Internal Audit personnel are not to be used as accounting, finance or information systems staff. Internal Audit has neither direct responsibility for, nor authority over, the operations or activities that are reviewed.
The auditors do not make operating decisions, and do not have the authority to direct activities, including implementation of corrective actions. These activities and tasks remain the responsibility of management.
Internal Audit is authorized to obtain the necessary assistance of personnel of the University unit where they perform audits, as well as specialized services from inside or outside of the organization.
The scope of the Internal Audit activity is intended to determine whether the organization's activities of risk management, control, and governance, as represented by management, are adequate and functioning as designed. The internal audit activity, with strict accountability for confidentiality and safeguarding records and information, is authorized full, free, and unrestricted access to any and all of Rowan University records, physical properties, and personnel pertinent to carrying out any engagement. All employees are requested to assist the internal audit activity in fulfilling its roles and responsibilities. While the Internal Auditors have free and unrestricted access to senior management and the Board, they will attempt to resolve any issues related to a perceived limitation of scope through the Chief Of Staff.
Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.
Notify Internal Audit when changes to applications and systems are being planned that may ultimately affect data that are used in financial reporting systems.
Provide sufficient staffing and other resources as needed, including specialized technical staffing, to support Internal Audit during an engagement.
Provide a timely response to the auditor's findings and recommendations, including an achievable management action plan, within ten business days from the receipt of the draft audit report.
Promptly assign department responsibility for ensuring the management action plan is implemented and appropriate follow-up action is completed.
Respond promptly to Internal Audit's requests for status reports and updates, and attend meetings of the Audit Committee when the audit report is being considered.
VII. NON-COMPLIANCE AND SANCTIONS
Any individual who violates this policy shall be subject to discipline up to and including dismissal from the University in accordance with their union and University rules. Civil and criminal penalties may be applied accordingly. Violations of this policy may require retraining and be reviewed with employee during the annual appraisal process. The Deans of each College, Vice Presidents, and University President, with the assistance of the Department of Human Resources, will enforce the sanctions appropriately and consistently to all violators regardless of job titles or level within the University and in accordance with bargaining agreements for represented employees. Any sanction costs or fines will be borne by the Department and the Department Chair or VP will determine how these funds will be assigned.