RESPONSIBILITIES OF THE CHIEF INTERNAL AUDITOR
- Review, with the Chief Of Staff, the President and the Audit Committee, the Internal Audit Policy, the Annual Audit Plan, other activities, staffing and organizational structure of the internal audit function.
- Provide assessments for the entity under review on the adequacy and effectiveness of processes for controlling its activities and managing its risks to ensure controls are effective and functioning as intended.
- Inform and advise the audit committee and management of all audit findings with recommendations for appropriate corrective measures.
- Provide the Audit Committee, Senior Management and auditees with an overall assessment of financial, operational, compliance and information technology controls necessary to minimize the risk of material loss and meet the University's functional objectives.
- Conduct follow-up inquiries (informal) and reviews (formal) as appropriate to ensure satisfactory actions are taken by management to resolve significant audit findings.
- Provide periodic updates to the Audit Committee on the status of engagements contained in the Annual Audit Plan, including any findings warranting the attention of the Audit Committee.
- Coordinate Internal Audit activities with other control and monitoring functions (compliance, ethics, risk management, security, legal, and external audit firms) to best achieve the objectives of the internal audit function, as well as the objectives of the University. This includes, where appropriate, coordination with and assistance to the independent public accounting firms.
- Lead or assist in the investigation of significant suspected fraudulent activities and notify executive management and the Audit Committee of the results.
- Maintain a professional audit staff with sufficient knowledge, skills, experience, training and professional certifications to meet the requirements of this charter. Periodically assess the overall effectiveness of department training program.
- Keep the Audit Committee and senior leaders informed of emerging trends and successful best practices in internal auditing.
Communicate periodically with the Chief Of Staff, the President and the Audit Committee on the internal audit activity's purpose, authority, responsibility, and performance relative to planned audit activities. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board. The frequency and content of reporting are determined in discussion with the Chief Of Staff, the President and the Audit Committee and depend on the importance of the information to be communicated and the urgency of the related actions to be taken by senior management or the board.
THE INTERNAL AUDIT
A. Audit Process
- Internal Audit will prepare and send an "Engagement Letter" describing the purpose, scope and timing of the audit to the head of the department, school or college to be audited and schedule an Entrance Conference to discuss the purpose and scope of the upcoming audit. During the initial meeting, the auditors will discuss the audit process and present a preliminary request for documents to examine as the audit commences. Because internal audits are designed to be a highly interactive process, the audit staff will be talking directly to managers and staff asking for additional documents as needed.
- During the course of the engagement, audit staff will perform specific audit procedures and discuss preliminary findings with management to validate the auditors' understanding, to solicit management's input on interpretation and remediation, and to facilitate early corrective action. The early communication of any issues will hopefully allow management time to begin thinking about how the department may address the issues. Candid feedback is important in reaching a consensus on any recommendations and to implement changes in processes, policies and procedures.
- Draft reports, including, Audit Summary Reports, as requested by the Audit Committee, will be discussed with management during an
- Exit Conference. These reports address Internal Audit's assessment of internal controls, audit findings, and the status of the audit follow-up process. Management will be asked to provide a written response to the recommendations offered in the draft report that includes a timetable for anticipated completion of action to be taken and an explanation for any corrective action that will not be implemented, within ten (10) days of the meeting.
- Management's responses will be incorporated into the draft audit report, and a final report and audit summary reports will be issued by Internal Audit to management and, as appropriate, to senior level executives. Internal audit results are communicated to the Audit Committee of the Board and the President of the University.
- All significant findings will remain in an open issues file until cleared. Internal Audit will follow up with management on the status of management's implementation of any corrective action and will communicate the status to the Audit Committee and the President of the University.
B. Scope of Activity
The scope of the internal audit activity is intended to determine whether the organization's activities of risk management, control, and governance, as designed and represented by management, are adequate and functioning in a manner to ensure that:
- Risks are appropriately identified and managed by management through an effective internal controls environment at a reasonable cost.
- Significant financial, mission, managerial and operating information is accurate, reliable and timely.
- Employee actions are in compliance with established policies, procedures, governmental regulations and contractual obligations in support of the Compliance Program.
- Personnel and the organization are upholding the principles and standards included in the Code of Conduct/Statement of Principles.
- Resources are acquired economically, used efficiently, and adequately protected in accordance with University policies and procedures.
- Programs, plans, and objectives are achieved; quality and continuous improvement are fostered in control processes; significant legislative or regulatory issues impacting each organization are recognized and addressed properly.
C. Assessment of the Control Environment
In assessing the control environment, Internal Audit will consider:
1.The condition of the system of internal controls and quality of operations.
2. The criticality of area to the organization/business.
3. Inherent business risks.
4. Staffing levels and experience.
5. The adequacy of management supervision and cognizance of controls.
6. The unit/department's audit history and criticality and severity of audit findings, if any.
7. Resolution of previous audit recommendations.
8. Compensating controls.