Effective Date:  08/15/1996

Internal Audit Polices and Procedures

Chapter 6 - Professional Standards

The Internal Audit Department follows the Standards for the Professional Practice of Internal Auditing (Standards) in carrying out its responsibilities. We also obtain guidance from Statements on Internal Auditing Standards (SIAS's) where appropriate. The Standards were originally issued by the Institute of Internal Auditors (IIA) in 1978 and are recognized internationally as the authoritative standards for the practice of internal auditing. SIAS's have been issued periodically since July 1983 and provide authoritative interpretations of the Standards.

Standard 100 -
Internal auditors should be independent of the activities they audit.

The Internal Audit Department reports to Chancellor and has no direct authority over administrative, instructional, and other departments of the University. In addition, we have adopted a Charter that describes our purpose, authority, and responsibility to University management.

The internal audit staff is committed to remaining objective and avoiding situations that might create actual or perceived bias. Staff members will avoid involvement with financial, data processing, or procedural systems except in an advisory capacity. Extraordinary circumstances may arise where it is in the best interest of the University for an auditor to assume duties typically associated with management. In those instances, the Director of Internal Audit will obtain concurrence of senior management before assigning a staff member to assume these types of duties.

Any staff member who assumes management duties will refrain from auditing systems or activities related to those duties until sufficient time has lapsed to remove any barrier to independence.

Standard 200 -
Internal audits should be performed with proficiency and due professional care.

All members of the Internal Audit staff must comply with the Code of Ethics issued by the Institute of Internal Auditors. The Code requires high standards of honesty, objectivity, diligence, and loyalty. Staff members will carry out assignments with the care and skill expected of a prudent, competent auditor given the nature of the task being performed. In addition to identifying control strengths, we will be alert for weak, inappropriate, or missing controls; inefficient operations; and indicators that fraud may have occurred. When selecting and carrying out audit objectives, we will consider the materiality of issues and activities under review and the cost of auditing in relation to potential benefits.

Standard 300 -
Scope of Work
The scope of internal audit should encompass the examination and evaluation of the adequacy and effectiveness of the organization's system of internal control and the quality of performance in carrying out assigned responsibilities.

According to the IIA, internal audit work focuses on the adequacy and effectiveness of an organization's internal control system:

  • a control system is adequate if it contains the procedures necessary to ensure that management's objectives are carried out, e.g. to prevent or detect loss of cash receipts or to ensure that student or patient registration is efficient and accurate.
  • controls are effective if they are operating as intended, that is, the controls are in effect or employees comply with established polices and procedures.

We will consider each of the five major scope of work standards as we select the focus for and the objectives of an audit. We will select or exclude control objectives based on:

  • significant functions performed by an area being audited;
  • direction received from senior management;
  • costs versus benefits of addressing a control objective; and
  • extent and type of work performed in an area by the State Auditors or other review groups.

    Standard 400 - Performance of Work

Audit work should include planning the audit, examining and evaluating information, communicating results, and following up.

The extent and type of analysis and testing that are required will vary based on the nature of a project. In general, auditors should examine enough information to be able to reach valid conclusions and provide useful recommendations to management. The type of documentation expected will also depend on the nature of a project. At a minimum, working papers should reflect the work performed and support conclusions without requiring oral explanations.

During each project, auditors should communicate the results of their work to an appropriate level of management.

Standard 500 -
of the Internal
Auditing De-
The Director of Internal Auditing should properly manage the Internal Auditing Department.

The Director of Internal Audit has established various departmental policies and procedures to ensure that:

  • audit work is responsive to the needs of the University and is in keeping with workplans.
  • resources of the Internal Audit Department are utilized effectively and efficiently.
  • all audit work conforms to professional standards.
Return to Home Page Table of Contents