For a better experience, click the Compatibility Mode icon above to turn off Compatibility Mode, which is only for viewing older websites.

Internal Audit Department's Responsibilities

POLICY NUMBER: IAD-01
EFFECTIVE DATE: September 1, 2014
RESPONSIBLE OFFICER: Vice President, Internal Audit

PURPOSE

Drexel University has established an Internal Audit Department (“Internal Audit”) to measure and evaluate the effectiveness of the internal controls within the accounting, financial, and operating systems of Drexel University, including its subsidiaries and affiliates.

POLICY

It is the policy of Drexel University to maintain an internal audit function as an integral component of the internal control environment.  This Policy sets forth the purpose as outlined above, authority, responsibility, and functional objectives, which enable the Internal Audit Department to continually meet or exceed the expectations of the Drexel University management, the Audit Committee, and the Board of Trustees.

It is the policy of Drexel University to maintain an internal audit function as an integral component of the internal control environment.  This Policy sets forth the purpose as outlined above, authority, responsibility, and functional objectives, which enable the Internal Audit Department to continually meet or exceed the expectations of the Drexel University management, the Audit Committee, and the Board of Trustees.

SCOPE

It is the responsibility of management to establish and maintain effective business practices and an effective system of internal control.  The Internal Audit Department assists management by furnishing impartial, independent analyses, appraisals, recommendations, and pertinent comments on the activities reviewed.  The scope of Internal Audit includes any phase of business activity in which it may be of service to management or to the Audit Committee of the Board of Trustees of Drexel University.

DEFINITION

Internal Audit is an independent assurance and consulting activity designed to add value and improve an organization’s operations.  It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

RESPONSIBILITIES

To assist management in carrying out its responsibility, Internal Audit reviews and evaluates business practices and systems of internal control, reports to management any identified opportunities to enhance business processes, and follows the progress of corrective actions.  The attainment of these objectives involves the following activities:

  1. Review and appraise the soundness, adequacy, and effectiveness of accounting, financial and operational processes, policies, and controls at executive and staff levels.
  2. Review the reliability and integrity of financial and operational information, and the means used to generate, capture, and report such information.
  3. Ascertain the extent of compliance with established policies, procedures and plans.  In conjunction with the Compliance and Privacy Office, communicate to management instances of noncompliance with government regulations to which the University must comply.
  4. Ascertain the extent to which corporate assets are accounted for and safeguarded from losses of all kinds and recommend appropriate improvements in the accountability and safeguarding of those assets and the reliability of management data.
  5. Ascertain the reliability of management data developed and internally or externally reported.
  6. Assist management in improving business practices, organizational structure, and security of information and records.
  7. Recommend appropriate improvements in the University’s business processes where controls have been found to be malfunctioning, weak, or nonexistent.
  8. Appraise the quality of performance and recommend ways to improve the efficiency and effectiveness of units in carrying out assigned responsibilities.
  9. Review and evaluate computer-based systems in production, in development, or undergoing change.  Review and evaluate the systems development process and computer operations.
  10. Determine the accuracy and legitimacy of costs and charges under contractual agreements with contractors, vendors, distributors, third parties, and any affiliates, partnerships, joint ventures, licensees, or other operations to the degree audit rights have been established.
  11. Report the results of audits in a timely manner and secure timely responses regarding planned corrective actions for all opportunities identified in the audit reports.
  12. Pursue a program of follow-up audits to assess the timeliness and adequacy of corrective actions.
  13. Develop sufficient competent evidential matter to support the opinions, conclusions, and recommendations for the process or entity under review and to satisfy the needs of independent auditors in areas of common audit focus.
  14. Coordinate audit coverage with external auditors to achieve a comprehensive audit plan whereby substantial reliance is placed on internal audit work.
  15. Develop and maintain an inventory of areas to be audited, areas throughout the University to be used for the preparation of an audit plan.
  16. Develop long-range and annual audit plans based on a business risk assessment that utilizes the Committee of Sponsoring Organizations (COSO) risk assessment model and considers such factors as: the exposure and potential for loss, the complexity of operations, the degree to which the functions are subject to external influences, data and findings of prior audits, available resources, and special requests by management and/or the Audit Committee.
  17. Review compliance with any adopted business ethics or conflict of interest policies and investigate fraud or other improprieties (see: Safeguarding University resources policy).
  18. The Vice President for Internal Audit will report to the Audit Committee, at least quarterly on the activity of the Internal Audit Department.

AUTHORITY

The Vice President for Internal Audit reports functionally to the Audit Committee of the Board of Trustees for Drexel University, and administratively to the President.  The Internal Audit Department has the authority to recommend improvements and to monitor the implementation of approved recommendations.  It has free, unlimited, and unrestricted access to all books, records, files, property, systems, and personnel of the University and its subsidiaries.  To the degree audit rights have been established, affiliates, partnerships, joint ventures, licensees, contractors, vendors, distributors, third parties, or other operations are also subject to Internal Audit review.

AUDIT REPORTS

Audit reports are produced by Internal Audit.  They are issued to report in concise terms the important aspects of an audit.  When conducting audit activities at subsidiaries, the Vice President for Internal Audit is responsible for reporting findings to management of the entity being reviewed.  In this regard, audit reports are to be transmitted to the appropriate manager for review, action and written response.  Within thirty (30) days from the report date, the manager shall provide to the Vice President for Internal Audit one of the following:

  1. A written confirmation that the recommendations contained in the Audit Report are accepted and will be adopted by the department in question and a timetable for such implementation; or
  2. If all or part of the recommendations contained in the Audit Report are not accepted or are disputed, a written confirmation that the acceptable recommendations, if any, will be adopted by the department a timetable for such implementation, and a written response to the Vice President for Internal Audit as to which recommendation (or all of them) are not accepted.  If there is disagreement with any Internal Audit Department recommendation, the written reply should state the reason for the disagreement.  All replies should be addressed to the Vice President for Internal Audit.
  3. In the event of no reply within the required thirty (30) day time period is provided, the recommendations contained in the Audit Report will be deemed accepted and the manager shall be responsible for their implementation.

Reporting is normally conducted on an exception basis, with exemplary areas mentioned as well.  While all audit reports and written responses will be available for executive management review, the normal reporting to these offices will be made on a regular basis in summary form highlighting audits performed and significant findings and observations.

PROFESSIONAL STANDARDS AND ETHICS

To satisfy its objectives, Internal Audit subscribes to the Code of Ethics, Statement of Responsibilities, and Standards for the Professional Practice of Internal Auditing as stated by the Institute of Internal Auditors; and, as applicable, the American Institute of Certified Public Accountants in “Statements on Auditing Standards”, the Information Systems Audit and Control Association in “General Standards for Information Systems Auditing”, and other auditing standards as they apply.  Additionally, the Internal Audit Department shall maintain and promote the core values of Drexel University.

Members of the Department have the responsibility to maintain high standards of conduct, character, and independence to carry out proper and meaningful internal audits within the University.  The Code of Ethics covers basic principles in the various functions of the Internal Audit Department.  Internal Audit staff shall realize that individual judgment is required in the application of these principles, and they have a responsibility to act in good faith and maintain a high degree of integrity.  The Internal Audit staff will promote the highest internal auditing standards to the end of advancing the interest of Drexel University.