ROWAN UNIVERSITY POLICY
Title: Internal Audit
Policy No: IA: 2015:01
Issuing Authority: President
Responsible Officer: Executive Vice President for Administration and Strategic Advancement
Last Revision: 1/27/15
To outline the roles, authority and responsibilities of the Office of Internal Audit and those of the management whose schools, departments and divisions are audited.
Under the direction of the Audit Committee of the Board of Trustees, the President and the Executive Vice President, the Chief Internal Auditor shall ensure compliance with and implement this policy, which has been approved by the Audit Committee.
This policy applies to all full-time, part-time, permanent, temporary and uncompensated employees, faculty, staff, officers, volunteers, and student employees.
IV. AUDITING STANDARDS
The Internal Audit department performs audits in accordance with the auditing standards of The Institute of Internal Auditors (IIA). The International Professional Practices Framework (IPPF) ® is the conceptual framework that organizes authoritative guidance promulgated by the IIA. A trustworthy, global, guidance-setting body, The IIA provides internal audit professionals worldwide with authoritative guidance organized in the IPPF as mandatory guidance and strongly recommended guidance. Conformance with the principles set forth in mandatory guidance is required and essential for the professional practice of internal auditing.
The Institute of Internal Auditors offers the following definition of Internal Auditing that states the fundamental purpose, nature, and scope of internal auditing:
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
- The University has an Internal Audit department to provide an independent and objective assurance service that will add value and improve operations through improved controls and efficiencies. Internal audit reviews are intended to assist the University in determining the adequacy and effectiveness of internal controls, adherence with applicable laws and regulations, and reliability of financial reporting. A well designed internal audit function will help the University accomplish its objectives by applying a systematic, disciplined approach to evaluate and assess the effectiveness of risk management, control and governance processes.
- The Chief Internal Auditor and internal auditors must be independent in appearance as well as in fact. For this reason, they report directly to both the Chair of the Audit Committee of the Board of Trustees and to the University President and Executive Vice President. These reporting relationships ensure the independence of the Internal Audit function and the adequate consideration of Internal Audit findings and recommendations.
- Internal auditors will not be responsible for developing or implementing procedures, preparing records, or engaging in any activity which they would normally review and evaluate, since doing so could reasonably be construed as making them responsible for what they are auditing and thereby compromising their independence. In this regard, Internal Audit personnel are not to be used as accounting, finance or information systems staff. Internal Audit has neither direct responsibility for, nor authority over, the operations or activities that are reviewed.
- The auditors do not make operating decisions, and do not have the authority to direct activities, including implementation of corrective actions. These activities and tasks remain the responsibility of management.
- Internal Audit is authorized to obtain the necessary assistance of personnel of the University unit where they perform audits, as well as specialized services from inside or outside of the organization.
- The scope of the Internal Audit activity is intended to determine whether the organization's activities of risk management, control, and governance, as represented by management, are adequate and functioning as designed. The internal audit activity, with strict accountability for confidentiality and safeguarding records and information, is authorized full, free, and unrestricted access to any and all of Rowan University records, physical properties, and personnel pertinent to carrying out any engagement. All employees are requested to assist the internal audit activity in fulfilling its roles and responsibilities. While the Internal Auditors have free and unrestricted access to senior management and the Board, they will attempt to resolve any issues related to a perceived limitation of scope through the Executive Vice President.
- Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.
- Management's Responsibility
- Notify Internal Audit when changes to applications and systems are being planned that may ultimately affect data that are used in financial reporting systems.
- Provide sufficient staffing and other resources as needed, including specialized technical staffing, to support Internal Audit during an engagement.
- Provide a timely response to the auditor's findings and recommendations, including an achievable management action plan, within ten business days from the receipt of the draft audit report.
- Promptly assign department responsibility for ensuring the management action plan is implemented and appropriate follow-up action is completed.
- Respond promptly to Internal Audit's requests for status reports and updates, and attend meetings of the Audit Committee when the audit report is being considered.
A. Attachment 1, Responsibilities of the Chief Internal Auditor
B. Attachment 2, The Internal Audit Process
RESPONSIBILITIES OF THE CHIEF INTERNAL AUDITOR
- The condition of the system of internal controls and quality of operations.
- The criticality of area to the organization/business.
- Inherent business risks.
- Staffing levels and experience.
- The adequacy of management supervision and cognizance of controls.
- The unit/department's audit history and criticality and severity of audit findings, if any.
- Resolution of previous audit recommendations.
- Compensating controls.