Printer Friendly

Utah Valley University
Policies and Procedures

Title Internal Audit Department Number 207
Section Financial Affairs and Development Approval Date Aug 12,1999
Subsection General Financial Policies Effective Date Aug 12,1999
I. Purpose
Purpose and Responsibilities
The Internal Audit Department is to establish policies, procedures, objectives, and authority for effective internal auditing. Responsibilities of the Internal Audit Department include, but are not limited to, the following:
  1. Preparing and maintaining immediate and long range audit schedules based on an ongoing evaluation of risk, administration emphasis and exposure to the institution. The long range schedules will cover all major areas and provide for timely audits/reviews of these areas.
  2. Planning, conducting, and reporting performance and financial audits or reviews in accordance with audit schedules and the standards established by the institution and the professional practice of internal auditing.
  3. Maintaining open communication with audited department supervisors and administrators before, during, and after fieldwork as to objectives, findings, issues, and recommendations.
  4. Preparing a formal report of findings, conclusions, and recommendations upon completion of an audit or review.
  5. Planning, conducting, and reporting compliance reviews of the department audited to ensure the issues are properly resolved.
  6. Planning, conducting, and reporting special investigations as requested by the institution administration in areas of particular concern.
  7. Coordinating and providing support as appropriate with external auditors in an effort to eliminate duplication of efforts or reduce outside audit scope and costs.
  8. Coordinating and maintaining appropriate interface with the State Board of Regents' Auditors, complying with State Board of Regents Policy and Procedures, and completing system-wide audits/reviews as directed by the Board.
  9. Maintaining the independent and professional proficiency of the audit staff to assure objectivity and due professional care in conducting the audits and reviews.
II. Terms
Definitions
  1. Financial Audit
    A systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and to communicate the result to interested users.
  2. Performance Audit
    A systematic process of 1) examining the faithfulness of administrative adherence to constitutions, statutes, institutional policies and procedures, and other requirements; 2) determining the degree of efficiency of an auditee by measuring the extent to which the resources (i.e. people, facilities, equipment, supplies, funds) have been efficiently planned, allocated, controlled, and employed to generate output; and 3) determining the extent to which an auditee accomplishes its objectives and ultimately its goals.
  3. Review
    A systematic process of inquiries and analytical procedures which are designed to detect material weaknesses and/or nonconformance to generally accepted auditing principles. A review is not an audit since a review would not include the study and evaluation of internal control and other prescribed audit procedures. Consequently, a review may disclose certain important matters, but not necessarily all matters that would be disclosed by an audit.
  4. Internal Controls
    The plan of organization and all of the coordinate methods and measures adopted within an organization to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies.
III. Policy
POLICY
Utah Valley University will maintain an Internal Audit Department to oversee a comprehensive program of reviews and audits under the direction of the institution President and within the policies established by the State Board of Regents.
  1. Objective
    1. The Internal Audit Department is an independent appraisal activity within the institution's organization for the audit or review of operations as a service to management. Internal auditing is a managerial control which functions by measuring and evaluating the effectiveness of other controls and assessing the efficiency and effectiveness of operations.
    2. The objective of internal auditing is to assist all members of management in the efficient and effective discharge of their responsibilities by furnishing them with independent analysis, appraisals, recommendations, and pertinent comments concerning the manager's area of responsibility.

  2. Authority
    1. The Internal Audit Department derives its authority directly from the institution President and State Board of Regents and is authorized to conduct such audit/reviews of any institution department, system, function, or administrative unit as are necessary to accomplish its objectives. The Internal Audit Department is also authorized to have free and unrestricted access to all institution records, personnel, and physical properties relevant to the performance of the audit/review--providing the access is gained within Federal, State, and local law. The auditor will protect the confidentiality of all sensitive information and will not disclose any sensitive information except for purposes of the audit.
    2. Although the Internal Audit Department is charged with the responsibility to audit/review the fiscal, operational, and administrative systems of the institution, the services of Internal Audit are staff in nature; and its audit staff have neither authority over, nor responsibility for, any of the activities audited or reviewed. Likewise, Internal Audit's involvement in no way relieves department supervisors of operating responsibility assigned to them.
IV. Procedures
Procedures
  1. Audit Requests
    Any employee of the institution can request an audit by submitting a written request to the Internal Audit Department. In order to determine the relative importance of a particular request in comparison with audits already scheduled, routine requests should generally be routed through the department chairperson, dean, and Vice President.
    In special situations, where an employee may feel intimidated by routing a request through established chain-of-command, an employee's written concern or request can be discussed in confidence with audit department personnel. Appropriate action will be based upon these discussions.
  2. Opening Conference
    Internal Audit will ordinarily provide advance notice of the audit to the department head and other responsible administrators. An opening conference will be arranged where specific audit objectives, plans, and procedures will be discussed. Audits may also be undertaken without advance notice if appropriate under the circumstances, as requested by the President, Board of Regents, or by written request of the appropriate supervisor.
  3. Fieldwork
    Audit fieldwork consists of interviews with responsible employees, observation of procedures, examination of documentation, compliance and substantive testing, and other audit or analytical procedures considered necessary under the circumstances. Audit observations and tentative findings and recommendations will normally be discussed with responsible employees of the audited department throughout the course of fieldwork.
  4. Draft Report
    Upon completion of the fieldwork, a draft audit report is prepared. The draft report shall include an introduction and scope paragraph, as well as a statement of condition, criteria, effect, cause, and recommendation for each issue discussed.
  5. Closing Conference
    At some specified date, normally within ten days of delivery of the draft audit report to the department, a closing conference will be held. Attendance normally includes the auditors working on the engagement and representatives from the audited department. At the conference, the draft audit report will be reviewed. Differences of fact or interpretation will be discussed and appropriate corrections or revisions in the report will be made.
  6. Final Draft Report
    After due consideration of discussions held during the closing conference, Internal Audit will issue a final draft report. This draft will be sent to the representative of the audited department responsible to prepare the initial responses to the issues identified in the report (normally the department head). A memorandum and a copy of the final draft report will also be forwarded to the supervising member of the President's Staff.
  7. Response to the Final Draft Report
    1. Within ten working days after receipt of the final draft report, the audited department shall deliver a written response to the supervising member of the President's Staff, with a copy of forwarded to Internal Audit. This response will indicate:
      1. Department's agreement or disagreement with each of the recommendations.
      2. If agreement, the plans for implementing the recommendations including steps to be followed, individuals responsible, and a target date or timetable for implementation.
      3. If disagreement, identification of the specific provisions to which exception is taken, the reasons for such exception, and if appropriate, departmental plans to resolve the issue which led to the auditor's recommendation.
      4. Within a reasonable period following receipt of the department's response to the final draft report, ordinarily not to exceed 21 calendar days after the draft issuance, the supervising member of the President's Staff will
        1. Review the response, draft and resolve any conflicts through contact with the audited department and Internal Audit.
        2. Coordinate the response with the other members of the President's Staff if necessary to assure a institution-wide perspective.
        3. Edit the response as necessary and forward it to Internal Audit.
        5. Upon receiving the response to the final draft, Internal Audit will incorporate the responses into the body of the report verbatim in a response paragraph following each issue.
  8. Final Draft Approval
    After considering the responses of the audited department head and the supervising member of the President's Staff, and after making any changes which may be appropriate, the President, supervising member of the President's Staff, and the Internal Auditor will meet to approve the final draft copy.
  9. Final Audit Report
    The final audit report shall be submitted to the President, with copies to the Chairperson of the Board of Trustees, the Chairperson of the Board of Regents, Regents' Audit Review Subcommittee members, Regents' Director of Internal Audits, supervising member of the President's Staff, head of the audited department, and the Commissioner of Higher Education.
  10. Compliance Review
    Within a reasonable time following the release of the audit report, ordinarily six months, Internal Audit will conduct a review of actions taken in response to the audit report. At the completion of the review, a compliance report will be distributed to those who received the original audit report. The compliance report will state if appropriate steps have been initiated by the audited department, and will identify any items where further action is considered necessary.
    If the report indicates substantial noncompliance, the supervising member of the President's Staff shall investigate the reasons for noncompliance, and submit a letter of explanation and resolution to the President, with a copy of Internal Audit who will submit the letter to the Regents Audit Review Subcommittee.
  11. Report Retention
    1. Reports shall be filed and retained in perpetuity.
    2. Letters and memorandums shall be filed and retained for a minimum of seven years.
    3. Work papers shall be filed and retained for a minimum of two years.
    4. Other
Cara O'Sullivan, Policy Officer | mailto:cara.osullivan@uvu.edu | (801) 836-7355
Utah Valley University • 800 West University Parkway • Orem, UT 84058 • (801) 863-INFO (4636) • Rights & Responsibilities | © 2013 UVUFeedback/Report Errors