PURPOSE AND OBJECTIVE
Internal Audit and Advisory Services (IAAS) is an independent, objective assurance and consulting function established to add value and improve the University’s operations, processes and controls. IAAS helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal control and governance processes.
The State Board of Education Audit Committee (Audit Committee) reviews IAAS responsibilities and activities. The Executive Director of IAAS reports functionally to the Audit Committee and administratively to the University President. The Executive Director IAAS shall attend all Audit Committee meetings as directed by the Audit Committee. The Executive Director IAAS shall have full and unrestricted access to the Audit Committee and the University President and shall bring significant matters to the attention of the Audit Committee and/or the University President as considered necessary.
The IAAS Director and staff are authorized to:
- Have unrestricted access to all University functions, systems, records, property and personnel relevant to performance of an audit, investigation or other special project.
- Have adequate audit resources, determine types of audits to perform, determine the frequency of audits, establish audit scopes of work, and apply techniques required to accomplish audit objectives.
- In the role of consultant provide input into the development of new policies, procedures, processes, controls or systems provided it does not impair audit independence.
- Obtain the necessary assistance of personnel in units of the University where they perform audits, as well as other specialized services from within or outside the University.
The IAAS Director and staff are not authorized to:
- Perform any operational duties for the University or its affiliates.
- Initiate, change, or approve transactions, policies, procedures, processes or systems external to the IAAS department.
- Eliminate, implement, or otherwise change any University internal controls (University management is responsible for these activities in their respective areas of responsibility).
- Direct activities of any University employee not employed by IAAS, except to the extent they have been appropriately assigned to work for or assist IAAS.
IAAS’s primary responsibilities are to:
- Perform an annual risk assessment and prepare an annual audit plan including input from the Audit Committee and the University President and senior management.
- Prepare a formal Internal Audit Plan Report, review it with the University President and present it at the designated Audit Committee meeting for approval.
- Allocate resources to plan and complete audit projects in accordance with the approved annual audit plan; evaluate and recommend needed changes to the plan if considered necessary and notify the Audit Committee and University President of significant changes.
- Plan and complete any special project or fiscal misconduct investigation under the direction of the Audit Committee, University President, General Counsel and/or Chief Compliance Officer.
- Perform consulting services, beyond internal audit’s assurance services, to assist management in meeting its objectives. Examples may include facilitation, process design, training, and advisory services.
- Consider the need for co-sourced resources for staff supplementation or specialized expertise and engage resources as considered appropriate.
- Prepare and issue written reports on all audit projects, special projects and fiscal misconduct investigations with copies to client, University President, Vice President and Chief Financial Officer and Chief Compliance Officer.
- Report significant observations, as considered necessary to the Audit Committee.
- Monitor management’s implementation of corrective action to IAAS observations and recommendations, perform follow-up audits to assess the adequacy and effectiveness of management’s corrective action taken, and escalate issues that are not addressed by management satisfactorily and/or timely to the University President for resolution. Matters that remain unresolved after escalation to the University President must be escalated to the Audit Committee.
- Prepare formal mid-year and year-end Status Reports summarizing audit activity completed compared to the annual audit plan and related results, review them with the University President and present them at the designated Audit Committee meetings.
- Maintain a professional audit staff with sufficient knowledge skills, experience and professional certifications and provide an adequate training program.
- Administer a department student intern program, as considered appropriate.
- Engage all University employees as opportunities arise to promote a better understanding of IAAS, internal controls and responsibilities for monitoring and improving internal controls
AUDIT CORE PRINCIPLES, STANDARDS AND ETHICS
IAAS activities and work will incorporate and adhere to the Institute of Internal Auditors (IIA) Core Principles for the Professional Practice of Internal Auditing. All IAAS activities and work will conform with the International Standards for the Professional Practice of Internal Auditing and Code of Ethics promulgated by the IIA. IAAS will utilize the Committee of Sponsoring Organizations (COSO) framework for evaluating internal controls. All IAAS staff will annually sign independence and objectivity statements and disclose any potential impairment when it is recognized. IAAS will schedule and complete quality assurance reviews in accordance with IIA requirements.