Internal Audit is an important tool of management and is one of the ways by which Central Michigan University maintains the integrity, efficiency, and effectiveness of financial and other management control systems.
A Director of Internal Audit is hired by the President of the University, with concurrence by the Board of Trustees' Audit Committee, to administer the Internal Audit Department. Although internal auditing is an integral part of the organization, it functions independently of all other divisions and departments. Independence and accessibility to information sources are essential elements that permit audit work to be performed freely and objectively. The Director of Internal Audit is to submit an annual audit plan to the President and the Audit Committee.
The following is the Board of Trustees policy regarding Internal Audit, as amended on February 18, 1994. (Please note that the titles contained in this policy are the ones in effect in 1994 and have since been changed.)
The function of internal audit is established at Central Michigan University to assist the Board of Trustees in fulfilling its responsibility for continuing oversight of the management of the University and to be of service to all levels of management of the University. The position of Director of Internal Audit is established and assigned responsibility for conduct of the University internal audit function. The Board Audit Committee Chair must concur in the appointment or removal of the Director of Internal Audit.
Internal audit shall be an independent appraisal function to examine and evaluate the activities of the University. The objective is to assist officers and employees of the University in the proper discharge of their responsibilities by providing analyses, appraisals, recommendations, counsel and information concerning the activities reviewed.
The Director of Internal Audit, in the performance of his/her duties, shall report administratively to the President and functionally to the Board Audit Committee Chair.
The administrative responsibility to ensure an effective system for internal control is assigned to the Vice President for Business and Finance.
It is the intention of the Board that the Director of Internal Audit shall have access to the Board Audit Committee at any time with regard to matters affecting conduct of the internal audit function; that the Director of Internal Audit shall provide a report on his/her activities directly to the Board Audit Committee or its chair describing the current status of work toward the goals of the annual audit plan; that the Director of Internal Audit shall be present to advise the Board Audit Committee, as may be appropriate, when the external auditor presents its audit results to the committee; and that the Director of Internal Audit shall have full access to all of the University records, properties and personnel relevant to the subject under review.
Statement of Responsibility
While the approved annual audit plan shall prescribe assignment priorities for the Director of Internal Audit, he/she shall be concerned with any phase of institutional activity where the internal audit function may provide a beneficial service to management. This management service involves going beyond the accounting and financial records to obtain a full understanding of the operations under review and will require the following activities:
- Examination of transactions for accuracy and compliance with institutional policies.
- Evaluation of financial and operational procedures for adequate and effective internal controls and safeguarding assets.
- Testing of the timeliness, reliability, and usefulness of institutional records and reports.
- Evaluation of the economical and efficient use of resources.
- Monitoring the development and implementation of methods, systems, and procedures, and major revisions to them, including those pertinent to computer applications.
- Evaluation and monitoring of the computer center's system of internal control to ensure adequate security and controls related to hardware, software, data, and operating personnel; and to ensure retrieval of necessary data for audit purposes.
- Determination of the level of compliance with required internal policies and procedures, state and federal laws, and government regulations; and appraisal of the effectiveness and appropriateness of internal policies and procedures under current conditions.
- Program performance evaluation.
- Liaison with external auditors.
No member of Internal Audit shall have authority over or responsibility for any of the activities reviewed.
Internal Audit reports will be distributed to the following:
- Chair, Board of Trustees
- Board Audit Committee
- Vice President of the audit area
- Director/Dean of the audit area
- Manager/department head of the audit area
- Members of the Board of Trustees upon request
Internal Audit reports containing items concerning internal control will also be distributed to the Vice President for Finance and Administrative Services.
It is the expectation of the Board that the operations of the Internal Audit department shall be consistent with the Standards for the Professional Practice of Internal Auditing and the Code of Ethics of the Institute of Internal Auditors, and that an evaluation of the University internal audit function shall be conducted on a regular basis as a part of the external audit.
Annual Audit Plan
An Audit Plan shall be prepared by the Director of Internal Audit each year to establish the general scope of audit coverage and the cycle of the plan shall coincide with the fiscal year of the University. Further, the development of an annual plan should be accomplished within the context of a longer-range, five-year plan for scheduling audits of University departments and activities.
The annual audit plan shall be prepared in consultation with the Board Audit Committee, the Administrative Officers of the University, and the external auditor. A formal, written program shall be prepared for each audit included in the annual plan.
An annual audit plan shall be implemented by the Director of Internal Audit upon approval by the Board Audit Committee, which approval shall occur no later than July of each fiscal year. Mid-year modifications to the plan are subject to the approval of the Board Audit Committee.