| | Operating Principles
Vision Mission Charter
- Internal Audit is Ohio University's most valued resource for financial, operational and control activities.
Back to the top
- Internal Audit is a business partner of and independent advisor to Ohio University's Administration and Board of Trustees. Internal Auditors provide professional reviews, reliable appraisals, and value-added recommendations for the effective and efficient achievement of financial and operating objectives across Ohio University.
Back to the top
|
| - Internal audit, as defined by the Institute of Internal Auditors, is an independent, objective, assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve effectiveness of risk management, control, and governance processes.
The Ohio University Board of Trustees (Board) recognizes the benefit of an Internal Audit Office (Office) and has adopted the "Ohio University Internal Audit Charter". The charter addresses the Internal Audit Office's role, authority, responsibility, scope and accountability. (back to beginning of Charter)
- The Ohio University Board of Trustees establishes the Internal Audit Office, and defines its responsibilities.
The Office shall report directly to the Secretary of the Board of Trustees (Secretary) for the purpose of the day-to-day direction needed by the office in the mediation of audit scope and scheduling, plus budgetary and personnel concerns. The Office shall report directly to the Chair of the Board's Audit, Finance, Facilities and Investment Committee for the purpose of the direction needed by the office in the implementation and championing of its operational plans, plus authority and ethics concerns. The Director of Internal Audit (Director) shall have direct access to the Board's Trustees in any instance where the Director believes that such access is needed to fulfill the stated objectives of the department. (back to beginning of Charter)
- The Director is authorized to oversee a broad and comprehensive, risk based program of internal auditing within Ohio University. The Board grants the Office authorization for full and complete access to any of Ohio University's records, in any form, and its activities, physical properties, and personnel relevant to a review. The Director is required to report any restriction placed upon such access, other than for established regulatory requirements, to the Audit, Finance, Facilities and Investment Committee.
Internal Auditors will handle documents and information given to them during a periodic review in the same prudent manner as by those employees normally accountable for them. Further, Internal Auditors understand that certain University items are confidential in nature and they will make special arrangements when examining and reporting upon such items. (back to beginning of Charter)
- The Office has no direct responsibility or any authority over any of the activities or operations it reviews. Internal Audit is a managerial control that functions by measuring and evaluating the effectiveness of other controls. Management is not relieved of any assigned responsibilities because Internal Auditors perform the evaluative reviews with which they have been charged. (back to beginning of Charter)
- Objectivity is an essential element of independence. The independence of the Office may be compromised if Internal Auditors participated directly in the development, installation, preparation or reconstruction of accounting systems, data, or records, or by engaging in activities that would normally be reviewed by Internal Auditors. Thus, Internal Auditors will serve only in an advisory capacity in performing their engagements.
It is imperative that Internal Auditors maintain independence in appearance as well as in fact. Internal Auditors will formally disclose business and personal interests in companies doing business with the University, annually, in accordance with the State of Ohio Ethics Bill.
- The Office shall be free from control or undue influence in the selection and application of audit scope, techniques, procedures, and programs. The Director is required to report any such control or influence placed upon the Office, other than for established regulatory requirements, to the Audit, Finance, Facilities and Investment Committee.
- The Office shall be free from control or undue influence in the determination of facts revealed by the examination or in the development of recommendations or opinions as a result of the examination. The Director is required to report any such control or influence placed upon the Office, other than for established regulatory requirements, to the Audit, Finance, Facilities and Investment Committee.
- The Office shall be free from undue influence in the selection of areas, activities, personal relationships, and managerial policies to be examined. No legitimate source of information is to be closed to the auditor. The Director is required to report any such influence placed upon the Office, other than for established regulatory requirements, to the Audit, Finance, Facilities and Investment Committee.
- The Office will participate, in an advisory capacity, in the planning, development, implementation, and modification of major computer-based and manual systems to ensure that:
a. Adequate controls are incorporated in the system; b. A thorough testing of the system is performed at appropriate stages; c. System documentation is complete and accurate; and d. The intended purpose and objective of the system implementation or modification is met. The Internal Auditor participating in such a review should ensure that the extent of participation does not affect independence, thus suggested audit trails or other controls will be transmitted through formal correspondence.
(back to beginning of Charter)
- The scope of internal auditing encompasses the examination and evaluation of the adequacy and effectiveness of the organization's system of internal control and the quality of performance in carrying out assigned responsibilities. It includes, but is not limited to:
a. Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information; b. Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws and regulations that could have a significant impact on operations and reports and whether the organization is in compliance; c. Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets; d. Reviewing and appraising the economy and efficiency with which resources are employed; e. Reviewing operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned; f. Recommending operating improvements; g. Assisting in the deterrence of fraud by examining and evaluating the adequacy and effectiveness of control, commensurate with the extent of the potential exposure or risk in the various segments of the University's operations; h. Performing special reviews requested by University management or the Board of Trustees; and i. Providing professional advice and internal control information across the University. (back to beginning of Charter)
- At the conclusion of each audit, the Director will hold an exit conference with the individual in charge of the department or activity under review, during which all findings, conclusions and recommendations will be discussed and any differences of opinion will be settled or so noted.
The Director will prepare and issue a draft audit report after the exit conference is held. The department or activity audited will be provided an opportunity to respond in writing to the findings, conclusions and recommendations of the Internal Auditors; and such response will be made part of the Internal Auditors' final audit report. The Internal Auditors will discuss the report with the senior administrator of the area under review prior to its issuance. The Director will distribute all final audit reports to the relevant administrators of the area audited, and will make the reports available to the President, Provost, and Chair of the Audit, Finance, Facilities and Investment Committee. The Director will provide a summary of each audit report, and any significant audit findings, to the President; Secretary; and the Audit, Finance, Facilities and Investment Committee. The Director will present annually, to the full Board, a summary of completed audits. The Office will conduct follow-up reviews on audit reports, in the manner deemed necessary or as directed by the President or Board. It is important to note, however, that Internal Audit serves in an advisory capacity only, and, while the Office will report the status of issues, it has no authority over University administrators in the discharge of their duties and responsibilities over those issues. The Office will provide consulting services to University administrators utilizing a process similar to that used in audit engagements, including the issuance of a formal report and follow-up review. The Director may conduct a formal audit following a consulting engagement, as deemed necessary. (back to beginning of Charter)
- The Director will formulate a proposed annual Internal Audit plan and submit it to the President and the Board of Trustees. Following Board approval, the Director will initiate audits pursuant to the plan.
Time will be made available in the annual plan for unexpected and/or requested audits. Further revisions to the plan will be administratively reviewed and approved by the Secretary and discussed with the President and the Board at the subsequent Board meeting. (back to beginning of Charter) - The Director shall, at a minimum, meet in executive session with the Board, and outside the presence of University officials, at least annually, and shall meet with the President and the Secretary on a regularly scheduled basis to discuss:
a. Internal Audit plans for the forthcoming year and areas of concern in subsequent years; b. Audit reports issued and audit project status; c. Annual time summary; d. Relationships between the Internal Auditors and external auditors; and e. Limitations placed by University administrators on the scope of Office engagements. (back to beginning of Charter)
- The Director is responsible for coordinating the Office audit efforts with those of the Ohio Auditor of State and other external auditors that have business with the University. This coordination of audit efforts should be in the planning and definition of the scope of proposed audits so the work of auditing groups is complementary and will provide a comprehensive, cost-effective audit effort. University administrators must ensure external auditors have met with the Director of Internal Audit before permitting any such external audit to commence.
The Office shall assist the Board in the evaluation of the external auditors' examination of the University. As used herein, the term "external" shall refer to representatives of or the activities of the Auditor of State for the State of Ohio, individual certified public accountants (the "CPA") and auditors from organizations, governmental or commercial, outside the University. (back to beginning of Charter)
- The Office shall be notified in all cases where the discovery of circumstances suggests a reasonable possibility that assets have, or are thought to have, been lost through defalcation or other security breaches in the financial and operating systems. Each University employee is responsible for notifying the Director of such circumstances. Further, University management is responsible for communicating such notification requirement to related and unrelated parties with whom the University does business, and for encouraging those parties to communicate those circumstances of which they have knowledge to the Director.
The Director will ensure that the proper authorities within the department are notified of the potential loss and that departmental authorities promptly notify other state departments as required by the Ohio Revised Code (ORC). The Office will perform sufficient tests to identify the weaknesses in financial and operating procedures, both automated and manual, which permitted the loss and evaluate the impact the weaknesses have with respect to other activities of the institution. In addition, the Office will recommend improvements to correct the weaknesses and incorporate appropriate tests in future audits to disclose the existence of similar weaknesses in other areas of the institution. (back to beginning of Charter)
- The Internal Auditor has a professional responsibility to conduct reviews with an attitude of professional skepticism, recognizing that the application of internal auditing procedures may produce evidential matter indicating the possibility of errors or irregularities. However, the Office cannot be solely responsible for the detection and prevention of all errors and irregularities that may occur within the University. All members of the University management team share that responsibility, as does each employee in the execution of his/her duties.
The Director shall be notified at once if an Internal Auditor believes that a significant error or irregularity may exist in an area under review or in any other area of the University. The Director Audit will consider the scope and implications of such an error or irregularity and discuss its disposition with the Secretary or President. If the Director believes that individual is involved, the Director will disclose the potential significant errors or irregularities directly to the Board. (back to beginning of Charter)
- The success of the internal auditing function is dependent, in part, on the support received from the University's Board, its President, and its Senior Administrators. Accordingly, to establish an environment of support and encourage the achievement of internal auditing goals, University management is responsible for:
a. Acknowledging the auditing function as a diagnostic tool for identifying problems and assessing risk; b. Communicating the mission and charter of the Office with consistency and clarity to units for which they are responsible; c. Participating in the audit process and cooperating with the Internal Auditors; d. Providing effective, consistent and thorough written procedures for fiscal operations; e. Advising the Director of all matters affecting the fulfillment of audit responsibilities, including the distribution of new, approved policies and procedures (and deviations therefrom) within their respective units; and f. Providing the Director with suggestions for improving the audit process.
- The Director is responsible for the administration of this charter and for functionally directing internal audit activities throughout the University.
Resolution 1999-1681 adopting the Internal Audit charter was approved by the Ohio University Board of Trustees on December 3, 1999. This Revised Charter was adopted by the Ohio University Board of Trustees on February 18, 2005. (back to beginning of Charter)
|
| Susan Jago revised this file (http://www.ohio.edu/audit/principles.cfm) on May 2, 2005. |
|
|
|
|
|
