Audit Policy (Charter)
The University of Alaska established the authority and responsibilities of Audit and Compliance Services with the adoption of Board of Regents Policy 05.03, a reproduction of which is below. The department name was changed from Audit and compliance Services to Audit and Compliance Services as per the Feburary 2023 Board of Regents Meeting.
REGENTS’ POLICY
PART V – FINANCE AND BUSINESS MANAGEMENT
Chapter 05.03 - Audit and Compliance Services
P05.03.010. Purpose of P05.03.010 - 05.03-030
By adopting P05.03.010 - 05.03.030, the board establishes the general authority and responsibilities of the university's audit and compliance services department.
P05.03.012. Introduction and Mission.
A. Internal auditing is an independent and objective assurance and compliance activity established within the university to examine and evaluate its activities to meet the needs of the board and executive management. Internal audits may include financial, performance, operational and compliance audits.
B. The mission of the audit and compliance services department is to assist the board and management in the effective discharge of their fiduciary and administrative responsibilities by providing analysis, appraisals, counsel, information and recommendations concerning activities reviewed and by promoting effective controls for the recording and reporting of operational activities and for the custody and safeguarding of assets.
P05.03.014. Role.
The audit and compliance services department is established by the Board of Regents, and its responsibilities are defined by the Audit Committee of the Board of Regents as part of their oversight function.
P05.03.016. Professional Standards.
The audit and compliance services department will comply with the Institute of Internal Auditors’ (IIA) Code of Ethics and conduct audit activities in accordance with Governmental Auditing Standards published by the Comptroller General of the United States and Standards for the Professional Practice of Internal Auditing issued by the IIA.
P05.03.018. Authority.
A. The chief audit executive and staff of audit and compliance services shall have full, free, and unrestricted access to all university records, either manual or electronic, property, and personnel as may be required for the efficient conduct of their audit responsibilities. All employees are directed to assist audit and compliance services staff in fulfilling their role and responsibilities.
B. All documents and information provided to the internal auditors shall be handled in the same prudent manner as expected of those who are normally accountable for them.
C. The chief audit executive shall have free and unrestricted access to the chair of the Audit Committee and the chair of the board.
P05.03.020. Organization.
A. The chief audit executive shall report administratively to the chief finance officer and functionally to the chair of the Audit Committee. The chief finance officer shall appoint and may remove the chief audit executive with the advice and consent of the Audit Committee.
B. The chief audit executive shall report any matters which in the chief audit executive’s sole opinion warrant direct attention or action by the board to the chair of the Audit Committee and to management any matters that warrant direct attention or action by management.
C. The chief finance officer shall supervise the chief audit executive except for matters relating to the establishment of the scope of audit activities and the reporting of audit findings and recommendations. The chief finance officer may request special audits by the department in order to meet the officer’s responsibilities. The chief finance officer shall be responsible for and have the authority to require the implementation of recommendations or other resolution of audit findings and the distribution of audit reports.
P05.03.022. Independence.
A. All activities conducted by the audit and compliance services department shall remain free of influence by other elements of the university, including matters of audit selection, scope, procedures, frequency, timing, or report content, to permit maintenance of an independent and objective mental attitude necessary in rendering reports.
B. Internal auditors shall have no direct operational responsibility or authority over any of the activities they review. Accordingly, they shall not develop nor install systems or procedures, prepare records, or engage in any other activity which would normally be audited.
P05.03.024. Audit Scope.
A. The scope of audit and compliance services encompasses the examination and evaluation of the adequacy and effectiveness of the university’s governance, risk management process, system of internal controls, and the quality of performance in carrying out assigned responsibilities. This scope includes:
1. Reviewing the reliability and integrity of financial and operational information and the means used to identify, measure, classify and report such information;
2. Monitoring compliance with the policies, plans, procedures, laws and regulations that have an impact on university operations;
3.Reviewing the means of safeguarding assets and verifying their existence when appropriate;
4. Appraising the economy and efficiency with which resources are employed;
5.Reviewing financial and operational activities and programs to determine if results are consistent with established goals, objectives and authorized plans;
6. Reviewing specific operations at the request of the Audit Committee or management, as appropriate;
7. Monitoring and evaluating the effectiveness of the university’s risk management processes;
8. Serving as liaison for coordination of all external audit activities. The chief finance officer and the administrative vice chancellors are responsible for notifying the chief audit executive of all external audit engagements scheduled or taking place at their respective MAU. The chief audit executive shall have the discretion to determine the authority of the external auditors to conduct the audit, advise the auditor and auditees on the conduct of the audit, facilitate the audit if the chief audit executive considers it appropriate, and report of the status of the audit to the Audit Committee;
9. Assisting in fraud and theft assessment at the request of legal counsel and executive management. The chief audit executive shall provide support for such reviews under the direction of legal counsel; and
10. Providing staff guidance to university staff and managers on matters relating to audits and internal control functions.
P05.03.026. Audit Planning.
A. The chief audit executive shall independently develop the annual audit plan using a risk-based prioritization of the audit universe.
B. The chief audit executive shall present the audit plan to the Audit Committee for review and approval.
C. Significant deviations from the formally approved plan will be communicated to senior management and the Audit Committee through periodic status reports.
P05.03.028. Reporting.
A. The chief audit executive shall provide a written report on the status of all internal and external audit activities to the Audit Committee quarterly.
B. Formal audit reports shall be issued to the chief finance officer, who will be responsible for the implementation of recommendations or other resolution of audit findings and the distribution of audit reports. Copies of all formal audit reports, including management's response, will be provided to the Audit Committee before the next scheduled committee meeting.
C. Recommendations for improvement or correction shall be reported to the appropriate individuals or management staff.
D. The chief audit executive shall be responsible for appropriate follow-up on audit findings and recommendations. All significant findings will remain in an open status until cleared or waived by the chief audit executive.
P05.03.030. Periodic Assessment
This policy is intended to be consistent with the charter recommended by the Institute of Internal Auditors and periodically shall be assessed to determine if the purpose, authority, and responsibility, as defined in this policy, continue to be adequate to enable audit and compliance services to accomplish its objectives. The result of the periodic assessment shall be communicated to senior management and the board.