The University of Southern Indiana established the Internal Audit Department in 1985 as an independent appraisal function of the administration's established practices and system of internal controls. Many changes have since occurred, including the definition and purpose of internal auditing. This charter sets forth the mission, authority, responsibility and professional proficiency of USI Internal Audit.
The Internal Audit Department mission is to provide independent and objective assurance and consulting services designed to add value and improve the University's operations. Internal Audit assists others in the effective discharge of their responsibilities by furnishing evaluations of departmental activities, recommendations for improvements in systems and procedures, and other information designed to promote effective controls. Internal Audit strives to help the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, controls and governance processes.
The Internal Audit Department is authorized by the Finance/Audit Committee of the Board of Trustees and the vice president for Business Affairs to provide a comprehensive program of internal audits, consulting services, and assurance activities throughout the University. Internal Audit has full, free, and unrestricted access to all records (manual and electronic), physical properties, and personnel relevant to any subject under review. All documents and information given to Internal Audit will be handled in the same prudent manner that the University expects of the employees normally accountable for them.
The Internal Audit Department is under the supervision of the director of Internal Audit. The director of Internal Audit reports administratively to the vice president for Business Affairs and functionally to the Finance/Audit Committee of the Board of Trustees.
The Internal Audit Department has neither direct responsibility for, nor management authority over, any of the operations or staff that are, or may be, reviewed. Accordingly, Internal Audit does not develop or write policies or procedures that it may be called upon to evaluate. The staff may review draft materials developed by management for propriety and/or completeness and may provide advice and make recommendations about any issues identified as a result of a review or audit. However, Internal Audit cannot establish policy or require implementation of any of its recommendations. Implementation of action plans, or the risks of not doing so, remains at management's discretion.
University management is responsible for ensuring that systems of internal control are in place, good business practices are implemented and followed, and fraud risks are identified and mitigated. Internal Audit is responsible for examining and evaluating financial, managerial, and operating controls; determining compliance with internal and external policies, laws, and regulations; assisting management with special reviews as requested; and providing management with recommendations to improve University operations or internal controls.
The director of Internal Audit is responsible for developing an annual plan and applying risk assessment techniques to ensure that all subjects of material significance are accorded audit consideration on an appropriate basis. The annual audit plan will be approved by the vice president for Business Affairs and submitted to the Finance/Audit Committee of the Board of Trustees for review, discussion, and approval.
The scope of each audit shall be sufficient to express an informed opinion about the audit subject. A draft audit report shall be issued promptly by the director of Internal audit for examination and shall be directed to the appropriate level of management. All levels of management having an interest in findings and recommendations in the report shall be given an opportunity to comment, particularly on remedial actions planned or taken. Such views shall be incorporated into the final report to the extent practicable and will be redistributed to all interested persons. Audit reports also will be shared with the Indiana State Board of Accounts during the planning stages of the annual financial audit.
Executive summaries of all audit reports will be presented to the Finance/Audit Committee at least annually. These summaries will include the major findings, recommendations for improvements, and the status of management's response or action plan developed in response to the recommendation. The comprehensive audit reports will be made available to the Finance/Audit Committee upon request.
The University of Southern Indiana is committed to the professional practice of internal auditing. In all of its activities, Internal Audit will abide by The International Standards for the Professional Practice of Internal Auditing and the Code of Ethics adopted by the Institute of Internal Auditors.
Audit work will be conducted by a staff of recognized professional auditors who possess (1) a high level of technical knowledge or experience in auditing techniques; (2) relevant academic degrees; (3) certification as Certified Internal Auditors, Certified Information Systems Auditors, Certified Internal Control Auditors, or Certified Public Accountants, and (4) the skills necessary for the examination of internal controls.
The continuing professional development of all auditors is essential if a progressive and qualified staff is to be maintained. Professional development requires activities planned and carried out by both the University and the audit department. In addition to on-the-job guidance under the supervision of the director of Internal Audit, the University will encourage training through courses offered by outside sources in appropriate circumstances. Auditors have a responsibility to devote themselves to sufficient personal study and development to participate in and benefit from the total program.