The purpose of this charter is to establish the Internal Audit position within UW-Whitewater, authorize its access to records, personnel, and physical properties relevant to the performance of audits, and to define the scope of Internal Audit activities.
Nature of Internal Audit
The Internal Audit function is an independent appraisal activity established within an organization to examine and evaluate its activities as a service to the organization. It functions by examining the adequacy and effectiveness of controls.
Objective of Internal Auditing
The objective of Internal Auditing is to assist management in the effective discharge of their responsibilities. To this end, the Internal Audit function furnishes management with analyses, appraisals, recommendations, counsel, and information concerning activities reviewed to promote effective control at a reasonable cost.
Authority of Internal Audit
Internal Audit reports administratively to the Vice Chancellor for Administrative Affairs; however, it may report audit matters directly to the Chancellor and to UW System Administration. To achieve this objective, Internal Audit will have free and unrestricted access to the Chancellor at all times, including two scheduled meetings each year to discuss audit matters.
In the performance of audits, the Internal Auditor is granted access to all university activities, records, property, and employees. The Internal Auditor will exercise discretion and ensure the safekeeping and confidentiality of audit matters.
Internal Audit is a staff function and has no direct responsibility for, nor authority over, any of the activities reviewed. Therefore, an Internal Audit review in no way relieves management of any assigned responsibilities.
Because performance of line responsibility may compromise objectivity, the Internal Auditor should not perform non-audit work except under unusual circumstances. The Internal Auditor is assigned the responsibility for carrying out an Internal Audit program as described under section "Internal Auditor-Duties and Responsibilities." This responsibility includes coordinating Internal Audit activities with the organization's external auditors and others to best achieve organizational and auditing objectives.
All requests for special (unscheduled) audits will be directed to the Vice Chancellor for Administrative Affairs.
Responsibility of Internal Audit
The Internal Audit function has the following responsibilities:
- Examine and evaluate the adequacy and effectiveness of the University's system of internal controls and the quality of performance in carrying out assigned responsibilities.
- Review the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
- Review the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports, and determine whether the organization is in compliance.
- Review the means of safeguarding assets from various types of losses, such as those resulting from theft, fire, improper or illegal activities, and exposure to the elements and, as appropriate, verify the existence of such assets.
- Appraise the economy and efficiency with which resources are employed.
- Review operations or programs to ascertain whether results are consistent with established goals and objectives and whether the operations or programs are being carried out as planned.
- Serve as liaison with external auditors and coordinate audit efforts with the UW System Internal Audit Department to avoid duplication of effort and increase audit coverage.
- Conduct follow up reviews on audit reports issued by UW System Internal Audit Department, State Legislative Audit Bureau, and other external agencies.
- Serve on committees as appointed or elected.
- Participate in, or conduct evaluations, financial and management studies, special audits and fraud investigations as directed.
- Maintain technical competence through continuing education and active participation in professional activities.
Procedures to be followed in carrying out the Internal Audit Function:
- Provide advance notice to each department to be audited. An annual audit plan will be established after securing input from the Audit Advisory Committee and approval of the plan from the Vice Chancellor for Administrative Affairs.
- Conduct an opening meeting with the managers of the unit being audited to discuss the nature of the audit, length of engagement and to coordinate the timing of review by area. Review the audit program with functional managers to ensure proper and thorough audit coverage.
- Conduct interim meetings with the auditee Manager-in-Charge to recap findings presented during the audit.
- A written, draft Audit Report will be prepared by Internal Audit following the conclusion of the audit. An exit meeting will be held to discuss the written audit findings with the auditee's appropriate management and come to a consensus on the accuracy of the findings and the propriety of the recommendations. Any revisions will be included in the final report. The auditee will have 30 days to respond to the recommendations presented in the report. The unit's responses to the recommendations will be included in the final report as applicable to each specific finding. Copies of the final report will be distributed as appropriate.
- Management of the unit receiving the report is responsible for ensuring that progress is made toward implementing the audit recommendations. If the unit proposes alternative actions, Internal Audit is responsible for determining whether the action taken is adequate to resolve audit findings.
Fraud/Abuse of Resources
Deterrence of fraud/abuse of resources is the responsibility of management. The Internal Audit function is responsible for examining and evaluating the adequacy and the effectiveness of actions taken by management to fulfill this obligation.
Internal auditors should have sufficient knowledge to be able to identify indicators that fraud/abuse may have occurred. If sufficient control weaknesses are detected, additional tests conducted by internal auditors should include tests to identify other indicators of fraud/abuse.
Internal auditors are not expected to have knowledge equivalent to a person whose primary responsibility is to detect and investigate fraud/abuse. Also, auditing procedures alone, even when carried out with due professional care, do not guarantee fraud/abuse will be detected.
Internal Audit will assist in the investigation of fraud/abuse in order to:
- Determine if controls need to be implemented or strengthened.
- Design audit tests to help disclose the existence of similar frauds in the future.
- Help meet the Internal Auditor's responsibility to maintain sufficient knowledge of fraud.
A written report will be issued at the conclusion of each investigation. It will include all findings, conclusions, recommendations, and corrective action taken.
Internal audits will be performed in accordance with University policy, the Standards as issued by the Institute of Internal Auditors (IIA), and good business sense.