The Internal Audit Office is dedicated to aiding the University in accomplishing its strategic and operational initiatives by providing independent, objective assurance, and consulting services with respect to evaluating risk management, control, and governance processes.
The Internal Audit Office serves as a resource to examine and evaluate University activities in service to the Board of Trustees and management. Internal Audit has no direct operating responsibility or authority for management processes, internal controls, or any of the activities or operations it reviews; thereby, maintaining its independence and objectivity.
Purpose and Responsibilities
The purpose of the Internal Audit Office is to determine whether the University's control, risk management, and governance processes, as designed and implemented by management, are adequate and functioning to ensure that:
- Strategic objectives and plans are achieved
- Risks are appropriately identified and managed
- Interaction with various governance groups occurs as needed
- Quality and continuous improvement are promoted in the University's control processes
- Resources are acquired economically, used efficiently, and are adequately protected
- Financial, managerial, and operational information is accurate, reliable, and available
- Actions are in compliance with University policies and standards, and applicable laws and regulations
- Significant legislative and regulatory issues impacting the University are recognized and appropriately addressed
- Information technologies are integrated and aid in accomplishing University objectives
- Developing a flexible audit plan utilizing both a risk-based methodology (risk-centric approach) and an institutional objective methodology (objective-centric approach)
- Ensuring inclusion of resources for unplanned audits when developing the audit plan
- Allocating resources, setting timelines, determining scope of work, and applying the techniques required to accomplish the audit objectives
- Communicating audit results, assessing management responses, and conducting follow-up accordingly
- Maintaining sufficient knowledge, skills, and other competencies to meet the audit objectives
- Administering the anonymous reporting program
- Considering the scope of work of the external auditors or regulators for purposes of providing optimal audit coverage to the institution
- Monitoring, on an ongoing basis, the performance of the internal audit activity
All audit activity is governed by the mandatory guidance of the Institute of Internal Auditor's (IIA) International Professional Practices Framework, which includes the definition of Internal Auditing, the Code of Ethics, and the International Standards for Professional Practice of Internal Auditing.
The Internal Audit Office is structured in accordance with The Bylaws of the Trustees Article IV, Section 6:
"The Treasurer of the Corporation shall maintain an internal audit office independent of any other office of the Corporation or of the University. The Director of Audits shall submit to the Board annually a written report on the work of the internal audit office for the preceding calendar year. In addition, the Director of Audits, prior to the presentation of the written annual report, shall make an annual oral presentation concerning the work of the internal audit office to the Audit and Insurance Committee, which shall be made in the presence of the Treasurer. Immediately following the completion of each oral presentation, the Director of Audits shall confer with the Audit and Insurance Committee, outside the presence of the Treasurer or any other officer of the University on any subject germane to the area of responsibility of the internal audit office. The written annual report to the Board shall be made at a stated meeting selected by the Audit and Insurance Committee, but in no event shall it be deferred beyond July 1 of each year without the consent of the Chairman. In addition, at any time when in the judgment of the Director of Audits circumstances warrant or in response to a request from the Chairman of the Audit and Insurance Committee, the Director of Audits shall make a written or oral report to the Chairman of the Audit and Insurance Committee without informing the Treasurer or any other University officer. Subject to the foregoing, the Treasurer shall attend the meetings of the Audit and Insurance Committee and serve as its Secretary and keep a record of its proceedings."
The Internal Audit Office provides system-wide audit coverage and has unrestricted access to all University functions, records, property, and personnel, subject to state and federal law.