SUU Seal (for official use only)
Print Friendly and PDF

POLICY #7.1 
SUBJECT: Internal Audit Policy


The purpose of this Policy is to establish the University’s policy regarding internal audits and the objectives, authority, responsibilities, and scope of the Internal Audit Department (Audit).


  1. The Institute of Internal Auditors of North America, International Standards for the Professional Practice of Internal Auditing (2017)




  1. Objectives
    1. Audit is an independent office within the University established to audit or review operations as a service to management and the governing boards. Audit is a managerial control which functions by measuring and evaluating the effectiveness of other controls and assessing the efficiency and effectiveness of operations.

      The objective of an internal audit is to assist members of management in the efficient and effective discharge of their responsibilities. An internal audit furnishes management with risk assessments, independent analyses, appraisals, recommendations and pertinent comments concerning their areas of responsibility.
  2. Authority
    1. Audit derives its authority directly from the Board of Trustees and the President and is authorized to conduct such audits/reviews of any University department, system, function, or administrative unit as is necessary to accomplish its objectives. Audit is also authorized to have free and unrestricted access to all University records, personnel, and physical properties relevant to the performance of audits/reviews. The auditor will protect the confidentiality of all sensitive information and will not disclose any sensitive information except for purposes of the audit. Release of personnel records must be cleared by the Human Resources Director, the Vice President for Finance and Administration, or the President. The auditor must provide appropriate justification prior to the release of personnel records.

      Although Audit is charged with the responsibility to audit/review the fiscal, operational, and administrative systems of the University, the audit staff has neither authority over, nor responsibility for, any of the activities audited or reviewed. Likewise, Audit’s involvement in no way relieves department supervisors of the operating responsibility assigned to them.
  3. Responsibilities
    1. Audit shall serve the University in a manner consistent with the Standards for Professional Practice of Internal Auditing. Ethical standards of auditors will conform to the standards of conduct as defined in the Code of Ethics of the Institute of Internal Auditors and associated standards of the University.
    2. The Responsibilities of Audit include, but are not limited to, the following:
      1. Preparing and maintaining audit schedules based on evaluations of risk, administrative emphasis, and other exposure of the University.
      2. Planning, conducting, and reporting performance, program, financial and follow-up audits; special projects; and investigations in accordance with audit standards established by relevant authority, state law, and the professional practices of internal auditing.
      3. Maintaining open communication with the audited department supervision and administration before, during, and after fieldwork. However, the regular conduit may not function during other internal work such as special projects or investigations, depending upon security needs. Relevant administrators involved in each work project will be advised as to objectives, findings, issues, and recommendations.
      4. Preparing a report of findings, conclusions, and recommendations upon completing an audit.
      5. Monitoring and testing compliance with institutional policies and procedures related to the financial integrity of the institution and its respective departments. Such monitoring would include compliance with established methods of expense documentation and compliance with other relevant internal controls.
      6. Providing regular reports and updates to the President or their designee and to the Trustee Audit Committee. Appropriate interface will be maintained and integrated with the Trustee Audit Committee.
      7. Coordinating and providing support as appropriate with external auditors in an effort to eliminate duplication of efforts or reduce outside audit scope and costs.
      8. Integrating and maintaining appropriate interface with the State Board of Higher Education audit staff, complying with the applicable State Board of Higher Education Bylaws, policies and regulations, and participating in system-wide audits or other projects and other assignments as directed by the President, their designee, or the Trustees’ Audit Committee.
      9. Maintaining the independent and professional expertise of internal audit staff members to assure objectivity and due professional care in conducting all internal audit work.
  4. Scope
    1. The scope of an internal audit encompasses the examination and evaluation of the adequacy and effectiveness of internal controls and the quality of performance in carrying out assigned responsibilities. Included within this scope are:
      1. Reviews of the reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information. Reviews may involve objective standards such as generally accepted accounting principles, or subjective standards such as sound business and management practices.
      2. Reviews of the system established to ensure compliance with those policies, plans, procedures, laws and regulations which could have a significant impact on operations to determine if compliance is adequate.
      3. An evaluation of the means employed to safeguard assets.
      4. Verification and valuation of department assets.




The responsible office for this Policy is the Vice President for Finance. For questions about this Policy or audit procedures, contact the Director of Internal Audit.


Date Approved: November 9, 2006

Amended: N/A