What We Do
The Office of Internal Audit is committed to assisting Central Michigan University in accomplishing its vision and mission by utilizing a risk-based approach to provide objective assurance and consulting services as described below to promote a strong internal control environment and assist members of management and the Board of Trustees in the effective and efficient discharge of their responsibilities.
Audits and follow-up reviews are assurance services that are designed to evaluate the adequacy and effectiveness of internal controls and associated policies and procedures. Audit objectives may include, assessing whether controls, and risk management and governance processes are designed and functioning to provide assurances that:
- Risks are appropriately identified and managed.
- Significant financial, managerial, and operating information is accurate, reliable and timely.
- Employees comply with policies and procedures and applicable laws and regulations.
- Resources are used efficiently and are properly safeguarded.
- Programs achieve associated goals and objectives.
Consulting may range from formal engagements with defined scope and objectives, to advisory activities, such as providing informal guidance in response to general inquiries, or participating on university committees. However, in all cases, Internal Audit functions only as an advisor, with management responsible for final decisions.
In the performance of its mission, the Office of Internal Audit adheres to the mandatory nature of guidance provided by the Institute of International Auditor's Definition of Internal Auditing, Code of Ethics, and International Standards for the Professional Practice of Internal Auditing (Standards). A copy of the Standards and Code of Ethics are in the IA Manual Section II, Subjects 2-01 and 2-02 respectively.
An audit plan is prepared by the Director of Internal Audit each year to establish the general scope of audit coverage. The cycle of the plan coincides with the fiscal year of the university. In addition to the audit plan, the director develops a five-year strategic plan.
The internal audit plan is developed based on a prioritization of the audit universe using a risk-based methodology, including input from senior management, the Board of Trustees, and the external auditor. The audit plan is implemented by the Director of Internal Audit upon approval from the Board Audit Committee.
The director will review and adjust the plan as necessary, in response to changes in the university’s business, risks, operations, programs, systems, and controls. Midyear modifications to the plan are subject to the approval of the Board Audit Committee. A formal, written audit program shall be prepared for each project included in the annual plan.