What is Internal Audit?
Internal auditing is an independent, objective assurance and advisory activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Reporting Relationship
The Internal Audit department reports functionally to the Chair of the Finance and Audit Committee of the Board of Visitors. However, the department reports to the Vice President for Finance and Chief Financial Officer for the purpose of day-to-day administration of the department and its finances.
Why Audit?
In recent years, more and more decentralization of day-to-day business and economic decisions has occurred in higher education. Department Heads and Chairs are often expected to not only be specialists in their field of academic endeavor, but also managers of a small but, hopefully, growing business. Managers are responsible for maintaining an adequate system of controls over their business units and ensuring that resources are applied in the most efficient and effective ways toward the achievement of the department’s goals and objectives. These two areas are where Internal Audit can help.
Internal Controls
An internal control system is a procedure, process, or plan of operation that can provide reasonable assurance that:
• The data used by Management in making decisions is reliable
• Assets are accounted for and properly safeguarded
• Operating practices are sound and ensure compliance with policies, laws, and regulations
• Resources are used efficiently
Put simply, controls are good business practices.
Business Risk
A good system of controls reduces your department’s exposure to business risk, which is the probability that certain exposures will lead to loss or adverse business conditions that will come between you and your mission and objectives. These risks come in many forms:
• Health and Safety
• Loss of Resources or Assets
• Public Relations
• Security
• Non-compliance with laws or regulations
• Inefficiencies
Without a sound system of controls, errors and omissions can occur and go undetected, or the department may be subject to accidents or security breaches. Even well-designed, existing controls can be circumvented by an inappropriate concentration of duties or a dishonest employee.
The “Tone at the Top”
The effectiveness of a control depends upon peoples' willingness to follow it. This is why the importance of such processes must be reinforced by management for them to be effective.
Internal Audit can help chairs and business managers by reviewing the adequacy of the controls as designed, the effectiveness of controls at a point in time, and providing specific recommendations regarding how business practices can be improved where controls are weak or not working as designed.