Effective: July 17, 2011
Supersedes: June 24, 2008
The purpose of the Internal Audit Office is to provide independent, objective, assurance and consulting services designed to add value and improve the University’s operations. The Internal Audit Office assist the University in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Guided by a value-driven philosophy of partnering with other departmental units, the Internal Audit Office will continuously improve the operations of the University.
The scope of work of the Internal Audit Office is to determine whether the University’s network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:
Opportunities for improving management control, the University’s image, and overall effectiveness and efficiency may be identified during audits. These, and any other relevant matters, may be communicated to the appropriate level of management.
The Internal Audit Office will meet or exceed The Institute of Internal Auditors’ mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (Standards). This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the Internal Audit Office’s performance.
The Institute of Internal Auditors’ Practice Advisories, Practice Guides, and Position Papers will also be adhered to, as applicable, to guide operations. The Internal Audit Office will also meet or exceed the U.S. Government Accountability Office’s Government Auditing Standards (The Yellow Book), as well as other professional standards as appropriate. In addition, the Internal Audit Office will adhere to the University’s relevant policies and procedures, to the State of North Carolina’s relevant regulations, and to the Internal Audit Office’s standard operating procedures manual.
The Internal Audit Office, with strict accountability for confidentiality and safeguarding records and information, is authorized to have:
In order to maintain an effective spirit of independence and objectivity, the Internal Audit Office shall have no day-to-day authority or operating responsibilities for the management processes, activities, or the internal controls that it audits or reviews. Thus, compliance and audit activities do not relieve university administrators, staff and faculty of the responsibilities assigned to them.
Further, the Internal Audit Office is not authorized to:
To provide for the independence of the Internal Audit Office, its personnel report to the Director of Internal Audit. The Director of Internal Audit reports administratively to the Chancellor of North Carolina Central University and functionally to the Audit Committee of the Board of Trustees (Audit Committee).
Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, nor engage in any other activity that may impair internal auditor’s judgment.
Internal auditors must exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors must make a balanced evaluation of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.
The Director of Internal Audit will confirm to the Audit Committee, at least annually, the organizational independence of the Internal Audit Office.
The Internal Audit Office staff has the responsibility to maintain exemplary ethics, integrity, and objectivity in the performance of their duties.
The Director and staff of the Internal Audit Office have responsibility to:
At least annually, the Director of Internal Audit will submit to the Chancellor and the Audit Committee an internal audit plan for review and approval. The internal audit plan will consist of a work schedule as well as resource requirements for the next fiscal year.
The internal audit plan will be developed based on a risk-based methodology, including any risks or control concerns identified by senior management, the Chancellor, or the Audit Committee. Any significant deviation from the approved internal audit plan will be communicated to the Chancellor and the Audit Committee through periodic activity reports.
A written report will be prepared and issued by the Director of Internal Audit following the conclusion of each internal audit engagement and will be distributed as appropriate. Internal audit results will also be communicated to the Audit Committee.
The internal audit report may include management’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management’s response should include a timetable for anticipated completion of action to be taken and an explanation for any corrective action that will not be implemented.
The Internal Audit Office will be responsible for appropriate follow-up on engagement findings and recommendations. Any significant findings will be monitored for appropriate and timely resolution.
The Director of Internal Audit will periodically report to senior management and the Audit Committee on the Internal Audit Office’s purpose, authority, and responsibility, as well as performance relative to its plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management, the Chancellor, or the Audit Committee.In addition, the Director of Internal Audit will communicate to senior management, the Chancellor, and the Audit Committee on the Internal Audit Office’s quality assurance and improvement program, including results of ongoing internal assessments and of external assessments conducted at least every five years.