85.10 - Internal Auditing Services
March, 2013 (formerly 10.10 - rewrite)
A. General. Internal Audit is an independent appraisal and consulting function responsible for examining and evaluating University activities as a service to management and the Audit Committee of the Idaho State Board of Education (SBOE) in the effective discharge of their responsibilities. To this end, Internal Audit will furnish these client groups with analyses, recommendations, counsel and information concerning the activities and operations reviewed.
A-1. Objectives. The objectives of internal auditing are to:
- Promote effective internal controls in order to achieve business goals without undue risk;
- Promote effective internal control at a reasonable cost;
- Assist in maintaining public confidence by performing independent and objective reviews; and
- Report findings to the responsible administrative and academic officers, the University’s internal Audit Committee, and the Audit Committee of the State Board of Education, so that corrective actions or enhancements can be initiated.
A-2. Scope. Internal audits often involve:
- Assessing the adequacy and effectiveness of the University’s system of internal controls;
- Reviewing the reliability and integrity of financial information and the means used to identify, measure, classify, and report such information; and
- Assessing compliance with applicable laws, regulations, policies and procedures.
A-3. Organization. The Director of Internal Audit has a dual reporting relationship to the Audit Committee of the State Board of Education (functionally) and to the University President (administratively).
A-4. Authority. Internal Audit operates under guidelines of the State Board of Education Audit Committee Charter (Appendix E). The departmental charter and audit plan are reviewed and approved annually by the committee. In carrying out its roles and responsibilities, Internal Audit will have unrestricted and direct access to the Audit Committee. To the extent permitted by law, the Internal Audit staff will have complete, unlimited and unrestricted access to all University activities, records (including paper-based documents and electronic information), property, systems and personnel.
Internal Audit will have no authority over the responsibility for the activities and operations reviewed, and audit staff will be free from undue influence in selecting activities to be examined, and in determining the audit techniques and procedures to be used.
A-5. Responsibilities. The principal responsibilities of Internal Audit are as follows:
1. Review University organizations and functions at appropriate intervals to determine whether they are efficiently and effectively carrying out their functions of planning, organizing, directing and controlling in accordance with management’s objectives, standards of administrative and ethical practices, and applicable laws, regulations, policies and procedures.
2. Determine the adequacy and effectiveness of the University’s systems of internal accounting and operational controls and provide recommendations as to how these controls could be improved.
3. Review and evaluate the reliability, integrity and compliance of financial information and the means used to identify, measure, record, classify and report such information.
4. Review established systems to ensure compliance with those policies, plans, procedures, laws and regulations that could have a significant impact on operations and reports.
5. Review the means and effectiveness of safeguarding assets and, as appropriate, verify the existence of such assets.
6. Appraise the economy and efficiency with which resources are employed, identify opportunities to improve operating performance and recommend solutions to problems where appropriate.
7. Advise on certain studies, investigations, policies, procedures and controls as they are developed, and special projects as directed by the SBOE Audit Committee or management.
8. Although Internal Audit does not guarantee the detection of fraud, personnel should help prevent fraud by (i) providing training intended to increase management and staff awareness, (ii) acting as a deterrent by effective discharge of responsibilities, (iii) investigating suspected fraud, and (iv) informing management and the SBOE Audit Committee of the status of such investigation.
9. Submit annually a risk assessment framework, list of potential audit areas (“audit universe”) and a comprehensive audit plan to the SBOE Audit Committee for its review and approval.
10. Report periodically to the Audit Committee on significant deficiencies or material weaknesses that could affect operations; impediments to implementing appropriate and timely corrective actions, the University’s risk assessment process, restrictions on Internal Audit staffing, budget, or access to records, and significant changes to the annual audit plan.
A-6. Irregularities. University management and employees are responsible for detecting and reporting suspected or known irregularities. Internal Audit coordinates and conducts investigations of reported irregularities. [See APM 85.12]
Irregularity, as used in this context, can include, but is not limited to, the following: violations of state or federal laws or regulations, violation of University of Idaho regulations and/or policy, abuses of authority, substantial and specific dangers to public health and safety, waste or loss of public funds, a dishonest or fraudulent act resulting in financial loss to the university, forgery or alteration of records or documents, misappropriation of funds, securities, supplies, furniture, equipment, or any other asset, an irregularity in the handling or reporting of financial transactions, use of university facilities and/or equipment for personal gain, and actual or potential conflict of interest by university employees in transactions that result in economic gain to themselves, their immediate families, or a business with which they or their immediate families are associated.
A-7. Fiscal Misconduct. If any employee knows or suspects that other university employees are engaged in theft, fraud, embezzlement, fiscal misconduct or violation of university financial or personnel policies, it is their responsibility to immediately notify Internal Audit or the appropriate campus police liaison. [See APM 85.12]
B. Information and/or Audit Requests. Administrative units may request audits at any time by contacting Internal Audit. Audits are scheduled with consideration to existing commitments and relative risk. [ed. 3-13]