Chapter 05.03 - Audit and Consulting Services

REGENTS’ POLICY
PART V – FINANCE AND BUSINESS MANAGEMENT
Chapter 05.03 - Audit and Consulting Services

P05.03.010. Purpose of P05.03.010 - 05.03-030

By adopting P05.03.010 - 05.03.030, the board establishes the general authority and responsibilities of the university's audit and consulting services department.

(06-07-13)

P05.03.012. Introduction and Mission.

  1. The Institute of Internal Auditors defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of internal control, risk management, and governance processes. It is established within the university to examine and evaluate its activities to meet the needs of the board and executive management. Internal audits may include financial, performance, operational and compliance audits. 
  2. The mission of the audit and consulting services department is to assist the board and management in the effective discharge of their fiduciary and administrative responsibilities by providing analysis, appraisals, counsel, information and recommendations concerning activities reviewed and by promoting effective controls for the recording and reporting of operational activities and for the custody and safeguarding of assets.

(04-07-16)

P05.03.014. Role.

The audit and consulting services department is established by the Board of Regents, and its responsibilities are defined by the Audit Committee of the Board of Regents as part of their oversight function.

(06-07-13)

P05.03.016. Professional Standards.

The audit and consulting services department will govern itself by adherence to the Institute of Internal Auditors’ (IIA) mandatory guidance including the Definition of Internal Auditing, the Code of Ethics and the Core Principles and International Standards for the Professional Practice of Internal Auditing. This mandatory guidance provides fundamental principles for the professional practice of internal auditing and for performance evaluation.

The IIA’s Practice Advisories, Practice Guides, and Position Papers will also be adhered to as applicable to guide operations. In addition, the department will adhere to the Governmental Auditing Standards published by the Comptroller General of the United States, university policies and procedures, and the departmental procedures manual.

(03-03-17)

P05.03.018. Authority.

  1. The chief audit executive and staff of audit and consulting services shall have full, free, and unrestricted access to all university records, either manual or electronic, property, and personnel as may be required for the efficient conduct of their audit responsibilities. All employees are directed to assist audit and consulting services staff in fulfilling their role and responsibilities. 
  2. All documents and information provided to the internal auditors shall be handled in the same prudent manner as expected of those who are normally accountable for them. 
  3. The chief audit executive shall have free and unrestricted access to the chair of the Audit Committee and the chair of the board.

(06-07-13)

P05.03.020. Organization.

  1. The chief audit executive shall report administratively to the chief finance officer and functionally to the chair of the Audit Committee. The chief finance officer shall appoint and may remove the chief audit executive with the advice and consent of the Audit Committee. 
  2. The chief audit executive shall report any matters which in the chief audit executive’s sole opinion warrant direct attention or action by the board to the chair of the Audit Committee and to management any matters that warrant direct attention or action by management. 
  3. The chief finance officer shall supervise the chief audit executive except for matters relating to the establishment of the scope of audit activities and the reporting of audit findings and recommendations. 
  4. Senior management may request special audits by the department in order to meet the its responsibilities. Special request audits will be discussed with the chair of the Audit Committee prior to acceptance by the chief audit executive. 
  5. Senior management shall be responsible for and have the authority to require the implementation of recommendations or other resolution of audit findings.

(03-03-17)

P05.03.022. Independence.

  1. All activities conducted by the audit and consulting services department shall remain free of influence by other elements of the university, including matters of audit selection, scope, procedures, frequency, timing, or report content, to permit maintenance of an independent and objective mental attitude necessary in rendering reports. 
  2. Internal auditors shall have no direct operational responsibility or authority over any of the activities they review. Accordingly, they shall not develop nor install systems or procedures, prepare records, or engage in any other activity which would normally be audited.

(06-07-13)

P05.03.024. Audit Scope.

  1.  The scope of audit and consulting services encompasses the examination and evaluation of the adequacy and effectiveness of the university’s governance, risk management process, system of internal controls, and the quality of performance in carrying out assigned responsibilities. This scope includes: 
    1. Reviewing the reliability and integrity of financial and operational information and the means used to identify, measure, classify and report such information; 
    2. Monitoring compliance with the policies, plans, procedures, laws and regulations that have an impact on university operations; 
    3. Reviewing the means of safeguarding assets and verifying their existence when appropriate; 
    4. Appraising the economy and efficiency with which resources are employed; 
    5. Reviewing financial and operational activities and programs to determine if results are consistent with established goals, objectives and authorized plans; 
    6. Reviewing specific operations at the request of the Audit Committee or management, as appropriate; 
    7. Monitoring and evaluating the effectiveness of the university’s risk management processes; 
    8. Serving as liaison for coordination of all external audit activities. The chief finance officer and the administrative vice chancellors are responsible for notifying the chief audit executive of all external audit engagements scheduled or taking place at their respective MAU. The chief audit executive shall have the discretion to determine the authority of the external auditors to conduct the audit, advise the auditor and auditees on the conduct of the audit, facilitate the audit if the chief audit executive considers it appropriate, and report on the status of the audit to the Audit Committee; 
    9. Assisting in fraud and theft assessment at the request of legal counsel and senior management. The chief audit executive shall provide support for such reviews under the direction of legal counsel; and 
    10. Providing staff guidance to university staff and managers on matters relating to audits and internal control functions.

(03-03-17)

P05.03.026. Audit Planning.

  1. The chief audit executive shall independently develop the annual audit plan using a risk based prioritization of the audit universe. 
  2. The chief audit executive shall present the audit plan to the Audit Committee for review and approval. 
  3. Significant deviations from the formally approved plan will be communicated to senior management and the Audit Committee through periodic status reports.

(06-07-13)

P05.03.028. Reporting.

  1. The chief audit executive shall provide a written report on the status of all internal and external audit activities to the Audit Committee quarterly. 
  2. Formal audit reports shall be issued to the senior managers who will be responsible for the implementation of recommendations or other resolution of audit findings. Copies of all formal audit reports, including management's response, will be provided to the chief finance officer, general counsel, president, and the Audit Committee before the next scheduled committee meeting. 
  3. Recommendations for improvement or correction shall be reported to the appropriate individuals or management staff. 
  4. The chief audit executive shall be responsible for appropriate follow-up on audit findings and recommendations. All significant findings will remain in an open status until cleared or waived by the chief audit executive.

(03-03-17)

P05.03.030. Periodic Assessment

This policy is intended to be consistent with the charter recommended by the Institute of Internal Auditors and periodically shall be assessed to determine if the purpose, authority, and responsibility, as defined in this policy, continue to be adequate to enable audit and consulting services to accomplish its objectives. The result of the periodic assessment shall be communicated to senior management and the board.

(06-07-13)