Indiana University supports Internal Audit as an
independent appraisal function to examine and evaluate University activities as
a service to management and the Board of Trustees. The mission of Internal Audit
is to support members of the University in the effective discharge of their
responsibilities. To this end, Internal Audit will furnish them with analyses,
recommendations, counsel, and information concerning the activities examined.
Organization and Board
The Internal Audit Director will report to the Indiana
University President and to the Finance and Audit Committee (Committee) of the
Board of Trustees. The Committee will have final approval of the hiring, firing,
and salary changes of the Director.
Annually, the Director will submit to the Committee a
written report on the internal audit activity during the preceding fiscal year.
The Internal Audit Director will also make a written report to the Committee
whenever there is evidence of defalcations or other problems exceeding $25,000.
In addition, if the circumstances ever warrant such action, the Internal Audit
Director may circumvent normal university reporting lines and communicate
directly with the Committee.
Internal Audit has the authority to audit all parts of the
university and shall have full and complete access to any of the organization's
records, physical properties, information systems, and personnel relevant to the
performance of an audit or investigation. Documents and information given to
internal auditors during a periodic review will be handled in the same prudent
manner as by those employees normally accountable for them.
Internal Audit will have no direct responsibility or
authority for any of the activities or operations they review. They should not
develop and install procedures, prepare records, or engage in activities that
would normally be reviewed by internal auditors. Furthermore, an internal audit
does not in any way relieve other university personnel of their
A report will be prepared and issued by the Internal Audit
Director following the conclusion of each audit. Copies of the report will be
distributed as appropriate. The manager of the activity or department will
respond before the final report is issued and the response will be included with
the final report. The response will indicate corrective actions taken or planned
regarding specific report findings.
The manager receiving the report is responsible for
ensuring that progress is made toward correcting any reported findings. Internal
Audit is responsible for determining whether the action taken is adequate to
resolve the audit findings. If the action is not adequate, Internal Audit will
inform university management and the Board of Trustees of the potential risk and
exposure in allowing the unsatisfactory conditions to continue.
Internal Audit's objectives in accomplishing its mission
will include the following:
- Determine the accuracy and propriety of financial transactions
- Evaluate, consult, and educate on financial
and operational processes, controls, related risks, and exposures. Provide advice and guidance on control and risk aspects of new policies,
systems, processes, and procedures
- Verify the existence of university assets and determine whether proper
safeguards are maintained to protect them from loss
- Determine the level of
compliance with university policies and procedures and state and federal laws
- Evaluate the accuracy,
effectiveness, and efficiency of the university's electronic information and
- Determine the effectiveness
and efficiency of organizations in accomplishing their mission and identify
operational opportunities for cost savings and revenue enhancements
- Coordinate audit efforts with,
and provide assistance to, the Indiana State Board of Accounts and other
- Investigate fraud and other
types of fiscal misconduct
Standards and Ethics
Code of Ethics
The Internal Audit staff is
responsible for conducting themselves so that their good faith and integrity
will not be open to question. Internal Audit has adopted the Codes of Ethics
issued by the Institute of Internal Auditors and the Information Systems Audit
and Control Association. Staff shall realize that individual judgment is
required in the application of these standards.
Approved: Board of Trustees, May 6, 2005