The Internal Audit Department follows the Standards for the Professional
Practice of Internal Auditing (Standards) in carrying out its responsibilities.
We also obtain guidance from Statements on Internal Auditing Standards (SIAS’s)
where appropriate. The Standards were originally issued by the Institute of
Internal Auditors (IIA) in 1978 and are recognized internationally as the authoritative
standards for the practice of internal auditors. SIAS’s have been issued periodically
since July 1983 and provide authoritative interpretations of the Standards.
Internal auditors should be independent of the activities they audit.
The Internal Audit Department reports directly to the Board of Trustees
and has no direct authority over administrative, instructional, or any other
departments of the University. In addition, we have adopted a Charter that
describes our purpose, authority, and responsibility to University management.
The internal audit staff is committed to remaining objective and avoiding
situations that might create actual or perceived bias. Staff members will
avoid involvement with financial, data processing, or procedural systems except
in an advisory capacity. Extraordinary circumstances may arise where it is
in the best interest of the University for an auditor to assume duties typically
associated with management. In those instances, the Director of Internal Audit
will obtain concurrence of the Board of Trustees before assigning a staff
member to assume these types of duties.
Any staff member who assumes management duties will refrain from auditing
systems or activities related to those duties until sufficient time has lapsed
to remove any barrier to independence.
Internal audits should be performed with proficiency and due professional
All members of the Internal Audit staff must comply with the Code of Ethics
issued by the Institute of Internal Auditors. The Code requires high
standards of honesty, objectivity, diligence, and loyalty. Staff members will
carry out assignments with the care and skill expected of a prudent, competent
auditor given the nature of the task being performed. In addition to identifying
control strengths, we will be alert for weak, inappropriate, or missing controls;
inefficient operations; and indicators that fraud may have occurred. When
selecting and carrying out audit objectives, we will consider the materiality
of issues and activities under review and the cost of auditing in relation
to potential benefits.
Scope of Work
The scope of an internal audit should encompass the examination and
evaluation of the adequacy and effectiveness of the organization’s system of
internal control and the quality of performance in carrying out assigned responsibilities.
According to the IIA, internal audit work focuses on the adequacy and effectiveness
of an organization’s internal control system:
- a control system is adequate if it contains the procedures necessary to
ensure that management’s objectives are carried out, e.g. to prevent or detect
loss of cash receipts or to ensure that student registration is efficient
- controls are effective if they are operating as intended, that is, the
controls are in effect or employees comply with established polices and procedures.
We will consider each of the five major scope of work standards as we select
the focus for and the objectives of an audit. We will select or exclude control
objectives based on:
- significant functions performed by an area being audited;
- direction received from senior management;
- costs versus benefits of addressing a control objective; and
- extent and type of work performed in an area by the State Auditors or
other review groups.
Standard 400- Performance of Work
Audit work should include planning the audit, examining and evaluating information,
communicating results, and following up.
The extent and type of analysis and testing that are required will vary based
on the nature of a project. In general, auditors should examine enough information
to be able to reach valid conclusions and provide useful recommendations to
management. The type of documentation expected will also depend on the nature
of a project. At a minimum, working papers should reflect the work performed
and support conclusions without requiring oral explanations.
During each project, auditors should communicate the results of their work
to an appropriate level of management.
Management of the
Internal Audit Department
[Back to Table of Contents]
The Director of Internal Audit should properly manage the Internal Auditing
The Director of Internal Audit has established various departmental policies
and procedures to ensure that:
- audit work is responsive to the needs of the University and is in keeping
with work plans.
- resources of the Internal Audit Department are utilized effectively and
- all audit work conforms to professional standards.