Internal Audit Home

Vision & Mission

Our Charter

Organization
Chart

Contact Information

Ask the Auditors

Affiliations & Links

Publications
Audit Manual
Audit Process
Function & Services
Internal Controls
Computers
Control Workbook

CPE Resource

Audit Terms

Feedback Form

IU Home

Search

Internal Audit: Function, Services, & Scheduling

Internal Audit's Mission
Organizational Structure
Internal Audit Services
Audit Scheduling and Assignment

Internal Audit provides a variety of services to all levels of University management.

Internal Audit's Mission

Internal Audit exists to support University administration and the Board of Trustees in the effective discharge of their responsibilities. Using our knowledge and professional judgment, we will provide an independent appraisal of the University's financial, operational, and control activities. We will report on the adequacy of internal controls, the accuracy and propriety of transactions, the extent which assets are accounted for and safeguarded, and the level of compliance with institutional policies, government laws and regulations. Additionally, we will provide analyses, recommendations, counsel, and information concerning the activities reviewed.

Top of Page

Organizational Structure

Internal Audit is a central administrative unit of Indiana University with offices located on the Bloomington, Indianapolis, and South Bend campuses. Internal Audit reports operationally to the University President and to the Indiana University Board of Trustees. Internal Audit's coverage and service extends to all Indiana University campuses (except IPFW at Fort Wayne, which is administered by Purdue).

Top of Page

Internal Audit Services

Focal Point of Control

Internal Audit is a control which functions by examining and evaluating the adequacy and effectiveness of other controls throughout Indiana University for administrators, the Board of Trustees and external auditors.

Loss and Fraud Investigations

Loss/fraud investigations are conducted to determine existing control weaknesses, assist Risk Management in determining the amount of the loss, and assist the unit by recommending corrective measures to prevent subsequent recurrences.

Mandatory Audits

Several annual audits are legally mandated by federal, state, and public regulatory agencies.

Scheduled Audits

Internal Audit schedules and performs audits based on a systematic, risk/exposure methodology to provide an independent appraisal of Indiana University processes and controls to administrators, the Board of Trustees and external auditors. These audits include:

• An evaluation of the efficiency and effectiveness of the processes and the adequacy of internal controls
• A written report containing an opinion on the degree of compliance with government regulations and University policies and procedures; the accuracy and propriety of financial transactions; the adequacy of safeguards for University assets; the efficiency of the unit in effecting its mission
• The presentation of verbal and/or written recommendations for improving operations and preventing/detecting irregularities

Requested Audits

Audits are performed in response to requests and provide the independent appraisal and assurances as described above.

Audit Follow-up Reviews

Follow-up reviews are performed to appraise management of post audit actions and provide assurance that implemented changes adequately resolved audit findings. These reviews also ensure that upper management has been properly notified of the University exposure related to unresolved audit findings.

Asset and Safeguard Verification

An independent appraisal of University operations is provided through the verification of accountability, physical safeguards, and valid use of distributed University assets. This service is often performed in conjunction with an audit of an individual department or function.

Consultation Services

Internal Audit commonly addresses a variety of issues concerning Indiana University policies, procedures, and internal controls as questions arise. With the addition of an information system audit function these services now include:

• Assistance on evaluation of backup procedures and contingency planning
• Information and assistance in evaluating computer system controls
• Assistance with implementation of information systems

Computer System Design and Enhancement

Internal Audit actively participates in the development of new systems or enhancements to current systems, to promote the design of adequate internal controls prior to implementation and reduce the need for corrective measures at a later date.

External Auditor Assistance

Internal Audit's independence and familiarity with Indiana University operations and the internal control environment contributes to our unique expertise with which we assist state, federal, and public external auditors. We commonly provide information, develop computerized information retrieval programs, and perform audit tests for these organizations. Internal Audit's efforts are designed to complement and coordinate with the State Board of Accounts' audits of the University Financial Statements and A133-Federal Awards.

Top of Page

Audit Scheduling and Assignment

Audit Areas and Risk Assessment

Internal Audit's scheduling process begins with a review of activity for all University accounts. Requests or suggestions for audits and the results of recent solicitations are also included in the potential audit pool. To direct our audit efforts, we use a technique to identify projects or activities that represent considerable risk or exposure to loss. We decide what factors to use in assessing risk, and then quantify the potential risk for each area. Projects considered to be high-risk receive priority in Internal Audit's long range audit plan. However, not all audits are scheduled based on risk assessment results, some audits are performed to meet regulatory requirements.

One source of audit suggestions is our own Internal Audit management group. Our broad knowledge of the University gives us a unique perspective on the types of projects in which the University's risk can be reduced. Hence, some audit suggestions are prompted by prior audit findings or related audit work in another area.

We also maintain a working relationship with the State Board of Accounts and provide assistance in their audit efforts. Findings or questions arising during this work may prompt a subsequent internal audit.

Indiana University and departmental management represent other sources of requests. Members of senior management regularly call on Internal Audit for assistance. Since our objective is to serve all levels of University management, we give full consideration to departmental requests in our planning process. If your unit has a request, contact the Director of Internal Audit as soon as you identify the need for our assistance.

Scheduling and Assignment Factors

Several factors influence the scheduling and assignment of projects:

• Degree of risk or exposure to loss
• Type of audit
• Availability of appropriate client staff resources
• Skills and availability of Internal Audit staff
• Reduced availability of staff resources due to unanticipated audits

Types of Audits

Audits are performed in accordance with standards established by the Institute of Internal Auditors. There are five general categories of audits. Most of our examinations encompass aspects of more than one type.

• Operational efficiency and effectiveness
• Financial accounting and reporting
• Compliance with policies, procedures, and governmental regulations
• Investigations of thefts, losses, or allegations
• Information system operating controls and security
• Investigative Audits and Fraud

The investigative audit deserves special mention. Some people believe that Internal Audit's primary function is to uncover employee fraud or theft. Actually, Internal Audit seeks to determine that the University's controls function to promote efficient and effective processes and provide reasonable assurance that errors or irregularities will be detected during the normal course of operations.

In case of suspected financial irregularities, misuse of systems, or other complex situations, Internal Audit conducts a specialized audit, tailored to the circumstances. When investigative audits are emergency situations, they receive priority in scheduling.

IU Financial Policy I-30 - Fiscal Misconduct states, "If any employee knows or suspects that other university employees are engaged in theft, fraud, embezzlement, fiscal misconduct or violation of university financial policies, it is their responsibility to immediately notify the Internal Audit department or the appropriate campus police department."

Last revised July 2000

Top of Page

Other available Internal Audit materials include:

• The Audit Process How We Work With You (brochure)
• Internal Controls A Guide for Managers (brochure)
• Protecting Departmental Computing Resources (brochure)
• Internal Controls (video and booklet)

Internal Audit is committed to serving the University community.
For more information, contact us at:

Internal Audit
Poplars 319
Bloomington Campus
(812) 855-3361

E-mail: teradke @ indiana.edu