Indiana University supports Internal Audit as an independent appraisal function to examine and evaluate University activities as a service to management and the Board of Trustees. The mission of Internal Audit is to support members of the University in the effective discharge of their responsibilities. To this end, Internal Audit will furnish them with analyses, recommendations, counsel, and information concerning the activities examined.
Organization and Board Reporting
The Internal Audit Director will report to the Indiana University President and to the Finance and Audit Committee (Committee) of the Board of Trustees. The Committee will have final approval of the hiring, firing, and salary changes of the Director.
Annually, the Director will submit to the Committee a written report on the internal audit activity during the preceding fiscal year. The Internal Audit Director will also make a written report to the Committee whenever there is evidence of defalcations or other problems exceeding $25,000. In addition, if the circumstances ever warrant such action, the Internal Audit Director may circumvent normal university reporting lines and communicate directly with the Committee.
Authorization and Responsibilities
Internal Audit has the authority to audit all parts of the university and shall have full and complete access to any of the organization's records, physical properties, information systems, and personnel relevant to the performance of an audit or investigation. Documents and information given to internal auditors during a periodic review will be handled in the same prudent manner as by those employees normally accountable for them.
Internal Audit will have no direct responsibility or authority for any of the activities or operations they review. They should not develop and install procedures, prepare records, or engage in activities that would normally be reviewed by internal auditors. Furthermore, an internal audit does not in any way relieve other university personnel of their responsibilities.
A report will be prepared and issued by the Internal Audit Director following the conclusion of each audit. Copies of the report will be distributed as appropriate. The manager of the activity or department will respond before the final report is issued and the response will be included with the final report. The response will indicate corrective actions taken or planned regarding specific report findings.
The manager receiving the report is responsible for ensuring that progress is made toward correcting any reported findings. Internal Audit is responsible for determining whether the action taken is adequate to resolve the audit findings. If the action is not adequate, Internal Audit will inform university management and the Board of Trustees of the potential risk and exposure in allowing the unsatisfactory conditions to continue.
Internal Audit's objectives in accomplishing its mission will include the following:
- Determine the accuracy and propriety of financial transactions
- Evaluate, consult, and educate on financial and operational processes, controls, related risks, and exposures. Provide advice and guidance on control and risk aspects of new policies, systems, processes, and procedures
- Verify the existence of university assets and determine whether proper safeguards are maintained to protect them from loss
- Determine the level of compliance with university policies and procedures and state and federal laws and regulations
- Evaluate the accuracy, effectiveness, and efficiency of the university's electronic information and processing systems
- Determine the effectiveness and efficiency of organizations in accomplishing their mission and identify operational opportunities for cost savings and revenue enhancements
- Coordinate audit efforts with, and provide assistance to, the Indiana State Board of Accounts and other external auditors
- Investigate fraud and other types of fiscal misconduct
Standards and Ethics
Code of Ethics
The Internal Audit staff is responsible for conducting themselves so that their good faith and integrity will not be open to question. Internal Audit has adopted the Codes of Ethics issued by the Institute of Internal Auditors and the Information Systems Audit and Control Association. Staff shall realize that individual judgment is required in the application of these standards.Approved: Board of Trustees, May 6, 2005