1.11 – Internal Audit
To serve as the Internal Audit Charter for the college, which describes the purpose, authority, responsibilities, independence and objectivity requirements, continuing professional education requirements, and quality assurance and improvement program requirements of the college’s internal audit function.
The internal audit function will adhere to the mandatory elements of The Institute of Internal Auditors’ “International Professional Practices Framework” (IPPF), including the “Core Principles for the Professional Practice of Internal Auditing,” the “Code of Ethics,” the “International Standards for the Professional Practice of Internal Auditing” (Standards), and the “Definition of Internal Auditing.” The internal audit function will also follow all relevant recommended guidance provided by the IPPF.
Purpose of Internal Audit
The purpose of the college’s internal audit function is to provide independent, objective assurance and consulting services designed to add value and improve the college’s operations. Its mission is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. The internal audit activity helps the college accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.
Authority of Internal Audit
To establish, maintain, and assure that the college’s internal audit activity has sufficient authority to fulfill its duties, the Board of Trustees authorizes the internal auditor to:
- Have full, free, and unrestricted access to all functions, records, property, and personnel pertinent to carrying out any engagement, subject to accountability for confidentiality and safeguarding of records and information.
- Have unrestricted access to, and communicate and interact directly with, the Board of Trustees, including private meetings without management present.
- Obtain assistance from the necessary personnel of the college, as well as other specialized services from outside the college, in order to complete audits and other projects.
The internal auditor will report functionally to the Board of Trustees and administratively to the chancellor. As part of the functional reporting relationship to the Board of Trustees, the internal auditor will:
- Annually review this policy, which serves as the Internal Audit Charter, and submit it to the Board of Trustees for approval.
- Provide the Board with periodic updates on the internal audit activity’s performance relative to its annual audit plan and other matters.
- Report to the Board the results of audit engagements and other activities.
- Follow up on items contained in issued reports, and report to the Board any corrective actions not effectively implemented.
- Communicate directly to the Board any responses to risks by management that may be unacceptable to the college.
To support the administrative (i.e., day-to-day operations) reporting relationship to the chancellor, the internal auditor will:
- Provide, at least annually, the chancellor with risk-based audit plans to review and approve.
- Provide the chancellor with periodic updates on the internal audit activity’s work in progress.
- Communicate to the chancellor preliminary and final audit results and other observations.
- Request approval from the chancellor for internal audit activity expenditures.
Independence and Objectivity
The internal auditor will ensure that the internal audit function remains free from all conditions that threaten the ability of the auditor to perform work in an unbiased manner, including matters of audit selection, scope, procedures, frequency, timing, and report content. If the internal auditor determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to the chancellor and in final written audit reports.
The internal auditor will maintain an unbiased mental attitude to complete work objectively and in such a manner that no quality compromises are made. The internal auditor will not subordinate their judgment on audit matters to others.
The internal auditor will have no direct operational responsibility or authority over any of the activities audited. Accordingly, the internal auditor will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair independence, including:
- Assessing specific operations for which the internal auditor had responsibility within the previous year.
- Performing any operational duties for the college.
- Initiating or approving transactions external to the internal audit activity.
- Directing the activities of any college employees not employed by the internal audit activity, except to the extent that such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditor.
The internal auditor may also perform advisory and related consulting services, the nature and scope of which will be agreed with the relevant college administrator, provided the internal auditor does not assume management responsibility.
Continuing Professional Education
The internal auditor will complete quality educational programs annually which will be designed to maintain a high level of proficiency in the auditing discipline. The internal auditor will complete sufficient continuing professional education hours to meet or exceed the requirements to retain relevant professional licenses and/or certifications.
Quality Assurance and Improvement Program
The internal auditor will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of the internal audit activity’s conformance with the “Standards” and an evaluation of whether the internal auditor applies The Institute of Internal Auditors’ “Code of Ethics.” The program will also assess the efficiency and effectiveness of the internal audit activity and identify opportunities for improvement.
The internal auditor will, at least annually, communicate to the chancellor, chancellor’s cabinet and the Board of Trustees on the internal audit activity’s quality assurance and improvement program, including results of internal (both ongoing and periodic) and external assessments. External assessments, as defined by the Institute of Internal Auditors’, must be conducted at least once every five years. External assessments may be accomplished through a full external assessment, or through a self-assessment with independent external validation.
The internal audit function reports functionally to the Board of Trustees. Therefore, the procedures are included in the Policy section to allow the Board of Trustees to approve the procedures.
The Internal Audit Charter is defined by The Institute of Internal Auditors’ “International Standards for the Professional Practice of Internal Auditing” as a “formal document that defines the internal audit activity’s purpose, authority, and responsibility.”
This policy and these procedures are maintained under the authority of the chancellor.
F. Related Policies
Policy approved and adopted by the Board of Trustees on 4/13/2006. Revised on 10/14/2019 and 3/7/2022.
Purpose, Procedures, Definitions, and Authority approved and adopted by the chancellor’s cabinet via email on 10/02/2019.
Set for review annually.