Outlined below is a broad overview to assist in the understanding of the function and its key parts. Compliance and Audit Services function can be organized into six (6) sections - this exhibit highlights the Internal Audit structure and key processes within the function.
Internal Audit Policy
Defines the general authority and responsibilities of the Compliance and Audit Services. We are appropriately positioned to receive the support needed to deliver valued services.
Internal Audit Policy No. 1.6
- Provides for internal audit function existence
- Serves as independent appraiser
- Has access to all operations/activities
- Unrestricted access to all personnel, records and property
- Reports to the President
Audit Committee Charter
Provides for independent communication and defines oversight (governance).
Internal Auditing Oversight
- Internal Auditing Staff Evaluation (5.1)
- Internal Audit Process (5.2)
- Internal Audit Reports (5.3)
Internal Controls and Code of Conduct Oversight
- Provide an Assessment of Internal Controls (7.1)
- Reports Violations Related to Code of Conduct (7.2)
Audit Environment Assessment
A broad risk assessment is developed which helps to understand the University's overall risk profile when planning areas to be audited.
- Risk Assessments
- Audit Planning Process
Audit resources are allocated to defined areas. Management requests/special projects will be accommodated as the concern dictates.
- Planned Audits
- Special Projects
- External Audit Assistance
Communication of Audit Activities
Formal audit reports are issued to Management to communicate final results. Specific key data is captured and analyzed to assess our University environment. Per Audit Charter - any concerns can be directly addressed to the Audit Committee.
- Management Briefing (single page reporting)
- Executive Summary
- Presidential Audit Action Form
- Summary of Internal Audit activity report
Audit Follow-up Process
Provide follow-up action that requires continued intervention.
- Audit areas/items denoted as high risk
- As specifically requested