The mission of the Internal Audit Department is to provide independent, objective assurance and consulting services designed to improve the operations and internal controls of the University. Internal Audit assists the University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of business risk management, control, and internal operating processes that support the University’s core missions of teaching, research, and service.
II. PROFESSIONAL STANDARDS AND ETHICS:
Internal Audit will conduct its activities in accordance with The Institute of Internal Auditors’ “Code of Ethics” and the International Standards for the Professional Practice of Internal Auditing, and will adhere to the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of Internal Audit’s performance.
A. Internal Audit provides institution-wide services to all departments and units of the University including the colleges, administrative departments and auxiliary enterprises.
B. Except where restricted by legal privilege or by applicable laws and regulations, Internal Audit is authorized unlimited and unrestricted access to all University data, records, files, property, and personnel in carrying out its duties and responsibilities. Internal auditors will appropriately safeguard and protect the confidentiality of such records and information.
C. The Director of Internal Auditing, with appropriate input from UD management, is authorized to allocate Department resources and determine audit selection, scopes, procedures, frequencies, timing, and report content and apply appropriate techniques to accomplish the Internal Audit Plan, as approved by the Board of Trustees Audit Visiting Committee.
D. The Director of Internal Auditing will have direct access to the Chairman of the Board of Trustees, the Audit Visiting Committee and senior management, as appropriate.
IV. ORGANIZATION AND RESPONSIBILITY:
A. The Director of Internal Auditing will report functionally to the Audit Visiting Committee and administratively (i.e., day to day operations) to the Vice President for Finance and Administration. The Director of Internal Auditing will communicate and interact directly with the Audit Visiting Committee, including in executive sessions when called upon to do so.
B. Internal Audit’s responsibilities are defined by the Audit Visiting Committee as part of its oversight role. The scope of Internal Audit encompasses the examination and evaluation of the adequacy and effectiveness of the University's business risk management, internal control and governance processes as well as the quality of performance in carrying out assigned responsibilities to achieve stated goals and objectives. Department responsibilities include the following:
1. Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
2. Reviewing financial, accounting, administrative and information systems established to ensure compliance with policies, plans, procedures, laws, and regulations which could have a significant impact on the University.
3. Reviewing the means of safeguarding assets and verifying the existence of such assets.
4. Reviewing the effectiveness and efficiency with which resources are employed.
5. Reviewing operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
6. Reviewing governance and business risk management processes.
7. Performing consulting and advisory services related to business risk management and control.
8. Reporting significant risk exposures and internal control issues, including fraud risks, and other matters.
9. Evaluating specific operations at the request of the Audit Visiting Committee or management, as appropriate.
10. Administering the University’s EthicsPoint Compliance Hotline system and investigating hotline reports pertaining to accounting and financial matters.
V. INDEPENDENCE AND OBJECTIVITY:
A. Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, internal auditors will not implement internal controls, develop policies and procedures, install or operate systems, originate or approve accounting transactions external to Internal Audit, or engage in any other activity they would normally audit.
B. Internal auditors must exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors must make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.
VI. INTERNAL AUDIT PLAN:
A. Annually, the Director of Internal Auditing will reevaluate and submit to the Vice President for Finance and Administration and the Audit Visiting Committee a Rolling Three-Year Internal Audit Plan for review and approval. The Plan will include a work schedule as well as budget and resource requirements for the next fiscal year.
B. The Plan will be developed based on a prioritization of audit projects using a risk-based methodology, including input of appropriate members of senior management, the principal external auditor, and the Audit Visiting Committee. Any significant deviation from the approved Plan will be communicated to the Vice President for Finance and Administration and the Audit Visiting Committee through periodic activity reports.
VII. REPORTING AND MONITORING:
A. A written report will be prepared and issued by Internal Audit following the conclusion of each internal audit engagement and will be distributed to the accountable unit manager, their immediate supervisor, the Vice President for Finance and Administration, and others when appropriate. A synopsis of internal audit results will also be communicated to the Audit Visiting Committee in accordance with its Charter.
B. Management of the audited area is required to respond in writing within 30 days to each internal audit report by indicating corrective action taken or to be taken in regard to the specific findings and recommendations. Management's response will include a timetable for anticipated completion of action to be taken and an explanation for any recommended corrective action that will not be implemented.
C. Internal Audit will be responsible for appropriate follow-up on engagement findings and recommendations. The status of all significant open findings will be reported to the Audit Visiting Committee until closed.
VIII. PERIODIC ASSESSMENT:
The Director of Internal Auditing will periodically report to the Vice President for Finance and Administration and the Audit Visiting Committee on Internal Audit’s mission, authority, and responsibility, as well as performance relative to its Plan. Reporting will also include significant business risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the Audit Visiting Committee.
Approved by Audit Visiting Committee November 2, 2012