Attachment 4-A 5 Policies of the Board of Trustees E
Internal Audit Policy
- The President, as the chief executive officer of Southern Illinois University, is responsible for the development and implementation of a program of internal audit .
- The President will promulgate guidelines which give direction to the overall internal audit function of the University; these guidelines, as they are developed and amended, will be transmitted to members of the Board of Trustees.
- Internal Audit Charter: This charter identifies the purpose, authority, and responsibility of the Internal Audit function at Southern Illinois University. The Internal Audit function resides within the Office of Internal Audit, Compliance and Ethics. (9/13/12)
- Purpose: The Internal Audit function was established within Southern Illinois University to conduct assurance reviews of operations and procedures and to report findings and recommendations to the institution's administration and to the Board of Trustees. All Internal Audit endeavors are to be conducted in accordance with applicable law, institutional objectives and policies, as well as professional ethics and standards. Specifically, activities of the Internal Audit function will be carried out in accordance with the mandatory nature of the Definition of Internal Auditing, the Code of Ethics, and the Standards established by the Institute of Internal Auditors (International Standards for the Professional Practice of Internal Auditing (Standards)). The Internal Audit function may report that its operations are conducted in conformance with the International Standards for the Professional Practice of Internal Auditing, only if the results of the quality assurance and improvement program support the statement. (11/9/06, 4/14/11, 9/13/12)
- The Internal Audit function reports administratively to the President, whose authority as chief executive officer is sufficient to assure a broad range of audit coverage and adequate consideration of effective action on internal audit findings and recommendations. The Internal Audit function has an independent, functional responsibility to the Audit Committee of the Board of Trustees for reporting on the adequacy and effectiveness of internal controls. (5/14/98, 3/13/03, 9/11/08, 9/13/12)
- While the Internal Audit function is an integral part of Southern Illinois University and functions in accordance with the policies established by the President and the Board of Trustees, it is essential for the internal audit activity to be independent of the activities audited. To enhance and ensure this independence, and with strict accountability for safekeeping and confidentiality, internal audit staff are authorized unlimited access to all records, personnel, and physical properties which the Executive Director of Audits has determined to be relevant to the performance of assigned audits. Consulting services may be performed, if conducted in accordance with applicable standards. (11/09/06, 4/14/11, 3/22/12, 9/13/12)
- In performing its work, the Internal Audit function shall assert no direct responsibility nor authority over activities reviewed. Therefore, its appraisal of activities does not relieve other persons in the organization of any responsibilities assigned to them. Furthermore, when assisting management in establishing or improving risk management processes, internal auditors must refrain from assuming any management responsibility by actually managing risks. (4/14/11, 9/13/12)
- The Internal Audit function is responsible for providing Southern Illinois University's administrators and Board members with information about the adequacy and the effectiveness of its system of internal controls and quality of operating performance. To accomplish this responsibility, all institutional activities are subject to audit, including all governance activities and processes. (9/13/12, 2/2/15)
- The scope of internal auditing encompasses examining and evaluating the University's governance, operations and information systems against established standards in carrying out assigned responsibilities. Areas of review include (04/14/11, 2/2/15):
- reliability and integrity of financial and operating information;
- compliance with policies, plans, procedures, laws, and regulations;
- safeguarding assets;
- effectiveness and efficiency of operations and programs;
- accomplishment of institutional goals and strategic objectives;
- evaluation of the potential for the occurrence of fraud and how the organization manages fraud risk;
- assessment of whether the Information Technology governance supports the University's strategies and objectives; and
- evaluate the effectiveness and contribute to the improvement of the risk management process.
- The Executive Director of Audits is generally responsible for the administration of this policy and for functionally directing and effectively managing the internal audit activities throughout Southern Illinois University. Specifically, the Executive Director of Audits (04/14/11):
- is responsible for communicating directly and interacting with the Audit Committee regarding the results of activity of the Internal Audit function. The Chief Audit Executive must report periodically to senior management and the Audit Committee on the internal audit activity's purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risk, governance issues, and other matters needed or required by the Audit Committee or senior management. (9/13/12)
- must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The results of external assessments must be reported to senior management and the Audit Committee.
- must have direct and unrestricted access to senior management and the Audit Committee, and must identify and consider the expectations of senior management, the board and other stakeholders for internal audit opinions and other conclusions. When an overall opinion is issued, it must take into account the expectations of senior management, the board, and other stakeholders and must be supported by sufficient, reliable, relevant, and useful information.
- Southern Illinois University administrators are responsible for providing internal auditors with timely access to records, personnel, and physical properties which the Executive Director of Audits has determined to be relevant and for making sure that prompt, pertinent, and comprehensive responses are made to audit recommendations.