Skip navigation, view page content

Ohio State University logo Internal Audit   

  1. Home
  2. Information
  3. Downloads
  4. Business and Finance
  5. OSU Anonymous Reporting Line
  6. Webmaster

 

 

Charterbd21318_

PURPOSE

The Department of Internal Audit (Internal Audit) conducts reviews of university records and operations, and reports the results of these reviews to management and the Board of Trustees. In fulfilling its responsibility to assist the University and the Board of Trustees in the effective discharge of their responsibilities in accordance with policies and procedures, Internal Audit is committed to providing independent, objective, and timely service of value to its customers and responding to their requests for consulting and other services. Internal Audit is also committed to adding value and improving the University’s operations. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. All internal audit projects are conducted consistent with the Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors.

SCOPE OF WORK

The scope of Internal Audit shall be sufficiently comprehensive and risk-based to enable the effective and regular review of financial, operational, and related activities. Internal Audit’s coverage extends to all areas of The Ohio State University and its controlled entities and includes financial, accounting, administrative, computing, compliance, security, and other operational activities. The extent and frequency of internal audits will depend upon varying circumstances such as results of previous audits, relative risk associated with activities, materiality, the adequacy of the system of internal control, and resources available to Internal Audit.

The scope of work for Internal Audit is to determine whether the University’s network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:

·       Risks are appropriately identified and managed.

·       Significant financial, managerial, and operating information is accurate, reliable, and timely.

·       Operations are in compliance with policies, standards, procedures, and applicable laws and regulations.

·       Resources are acquired economically, used efficiently, and protected adequately.

·       Programs, plans, and objectives are achieved.

·       Quality and continuous improvement are fostered in the University’s control process.

·       Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.

ACCOUNTABILITY

The Internal Audit Director shall be accountable to University management and the Audit Committee to:

·       Report significant issues related to the processes for controlling the activities of the University and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.

·       Periodically provide information on the status and results of the annual audit plan and the sufficiency of department resources.

Internal Audit is an advisory function having independent status within the Office of Business and Finance in The Ohio State University. The Internal Audit Director shall:

·       Be directly accountable to the Audit Committee, the President of the University and, administratively, to the Senior Vice President for Business and Finance and be independent of any other section, branch or officer. This reporting relationship promotes independence and assures adequate consideration of audit findings and recommendations.

·       Have no executive or managerial powers, functions or duties except those relating to the management of the Internal Audit office.

·       Not be involved in the day to day operations of the University.

INDEPENDENCE

To provide for the independence of Internal Audit, its personnel report to the Internal Audit Director, who reports functionally to the Audit Committee and the President of the University, and administratively to the Senior Vice President for Business and Finance in a manner outlined in the above section on accountability. concerning independence, the Internal Audit Director and staff should have an impartial, unbiased attitude and avoid conflicts of interest as well as be independent in fact and appearance.

RESPONSIBILITY

The Internal Audit Director and the Internal Audit Staff have a responsibility to:

·       Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the Audit Committee for review and approval.

·       Implement the annual audit plan, as approved, including as appropriate any special tasks or projects requested by University management and the Audit Committee.

·       Maintain sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter.

·       Apply the care and skill expected of a reasonably prudent and competent internal auditor.

·       Evaluate and assess new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.

·       Issue periodic reports to the Audit Committee and management summarizing results of audit activities.

·       Keep the Audit Committee and University management informed of emerging trends and successful practices in internal auditing.

·       Assist in the investigation of significant suspected fraudulent activities within the University and notify management and the Audit Committee of the results.

·       Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.

·       Consider the following using a risk-based approach on a project-by-project basis:

o      Review and appraise the adequacy and effectiveness of the system of internal control.

o      Appraise the relevance, reliability and integrity of management, financial and operating data and reports.

o      Review the systems established to ensure compliance with those policies, plans, procedures, statutory requirements and regulations which could have a significant impact on operations.

o      Review the means of safeguarding assets and, as appropriate, verify the existence of such assets.

o      Appraise the economy, efficiency and effectiveness with which resources are employed.

o      Assess the level of compliance with University policy and State and Federal law.

AUTHORITY

The Internal Audit Director and the Internal Audit Staff are authorized to:

·       Have unrestricted access to all functions, records, property, and personnel. (As referenced in Operations Manual, section 28.E.1 and Board of Trustee Resolution 2005-51).

·       Have full and free access to the Audit Committee.

·       Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.

·       Have the right at reasonable times to enter any premises of the University and to request any officer to furnish all information and such explanations deemed necessary for them to form an opinion on the probity of action, and adequacy of systems and or of controls. The officer concerned shall respond promptly to such inquiries.

·       Be free from undue influence in selecting activities to be examined and the audit techniques and procedures to be used.

Internal Audit will make special efforts to protect the confidentiality of information covered in a review, as well as any recommendations pertaining thereto. To the extent possible, Internal Audit will accommodate the daily operations of the audit client in scheduling and conducting reviews.

The Internal Audit Director and the Internal Audit Staff are not authorized to:

·       Perform any operational duties for the University or its affiliates.

·       Initiate or approve accounting transactions external to Internal Audit.

·       Direct the activities of any University employee not employed by Internal Audit, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.

LIMITATION OF AUTHORITY AND RESPONSIBILITY

In performing their functions, Internal Audit Director and Internal Audit Staff have no direct authority over, nor responsibility for, any of the activities reviewed. Internal auditors will not develop and install procedures, prepare records, make management decisions, or engage in any other activity which could be reason-ably construed to compromise their independence. Therefore, internal audit review and appraisal do not in any way substitute for, nor relieve other persons in the University of the responsibilities assigned to them.

AUDIT PLAN

A strategic audit plan providing for the review of significant operations of The Ohio State University based on an assessment of risk pertaining to the achievement of the University’s objectives shall be prepared for the approval of the Audit Committee, if practicable, prior to the commencement of each fiscal year.

AUDIT PROGRAM

A written report will be prepared and issued by Internal Audit at the conclusion of each audit and will be distributed as considered appropriate. A summary of reports will be made available on a timely basis to the President, Senior Vice President for Business and Finance, and the Audit Committee.

Audit reports will explain the scope and objectives of the audit, present findings and conclusions in an objective manner relevant to the specific user's needs and make recommendations where appropriate. 

LIAISON WITH THE EXTERNAL AUDITOR

The Internal Audit Director shall communicate with the external auditor in order to:

·       Foster a cooperative working relationship.

·       Reduce the incidence of duplication of effort.

·       Ensure appropriate sharing of information.

·       Ensure coordination of the overall audit effort.

The Internal Audit Director shall make available to the external auditor all internal audit working papers, programs, flow charts, and reports.

QUALITY ASSURANCE

In order to ensure that the quality of the Internal Audit work is consistently at a high standard, the Internal Audit Director shall:

·       Develop and maintain comprehensive work reporting systems.

·       Maintain a regular review of audit plans, reports and working papers.

·       Provide for staff training as appropriate.

·       Evaluate current Internal Audit operations.

·       Provide assurance that Internal Audit is in conformity with the Standards of the Institute of Internal Audit and its Code of Ethics.

The internal audit activity has adopted both an internal and external quality assurance program to monitor and assess the overall effectiveness of the department. Internal reviews, primarily through self-assessments, should be performed periodically to appraise the quality of work performed. External peer reviews of Internal Audit should be performed at least once every five years by qualified persons who are independent of the University.

AUDIT STANDARDS AND ETHICS

Audit work of Internal Audit shall be performed in accordance with Generally Accepted Auditing Standards as advocated by the Institute of Internal Auditors in Standards for the Professional Practice of Internal Auditing.

Members of Internal Audit have the responsibility to maintain high standards of conduct, professionalism, independence, and character to carry on proper and meaningful internal auditing within the University. In addition, Internal Audit’s activities and conduct shall be consistent with the policies of the University.

NOTE

The Ohio State University Board of Trustees adopted the charter for the University’s Internal Audit Department in a unanimous vote November 5, 2004.

 

 

 

return to top