internal audit process framework

Outlined below is a broad overview to assist in the understanding of the function and its key parts.  The Internal Audit function can be organized into six (6) sections - this exhibit highlights the Internal Audit structure and key processes within the function.

1.  Internal Audit Policy 2.  Audit Committee Charter
Internal Audit Policy No. 1.6
rovides for Internal Audit Function Existence
Serves as Independent Appraiser
Has Access to all Operations/Activities
Unrestricted Access to all Personnel, Records & Property
Reports to the President

Internal Auditing Oversight
nternal Auditing Staff Evaluation: 5.1
Internal Audit Process: 5.2
Internal Audit Reports: 5.3
Internal Controls and Code of Conduct Oversight
Provide an Assessment of Internal Controls: 7.1
Reports Violations Related to Code of Conduct: 7.2

Defines the general authority and responsibilities of the Internal Audit Department.  We are appropriately positioned to receive the support needed to deliver valued services.

Provides for independent communication and defines oversight (governance).
3.  Audit Environment Assessment 4.  Audit Activities
Risk Assessments
Audit Planning Process
Planned Audits
Special Projects
External Audit Assistance
Fraud Reporting Program

A broad risk assessment is developed which helps to understand the University overall risk profile when planning areas to be audited.

Audit resources are allocated to defined areas.  Management requests/special projects will be accommodated as the concern dictates.

5.  Communication of Audit Activities 6.  Audit Follow-up Process
Management Reports
anagement Briefing (Single Page Reporting)
Executive Summary
Presidential Audit Action Form
Audit Committee
ummary of Internal Audit Activity Report
Audit Areas/Items Denoted as High Risk
As Specifically Requested

Formal audit reports are issued to Management to communicate final results.  Specific key data is captured and analyzed to assess our University environment.  Per Audit Charter - any concerns can be directly addressed to the Audit Committee.

Provide follow-up action that requires continued intervention.