Approve Internal Audit Planned Activities for 2018 and Internal Audit Charter

Similar documents
2 Organizational. The University of Alaska System has six (6) Statewide Offices as displayed in Organizational Chart 2 1 :

FRANKLIN D. CHAMBERS,

2. Related Documents (refer to policies.rutgers.edu for additional information)

Self Assessment. InTech Collegiate High School. Jason Stanger, Director 1787 Research Park Way North Logan, UT

Audit and Compliance Committee - Agenda

Academic Affairs Policy #1

THE COLLEGE OF WILLIAM AND MARY IN VIRGINIA INTERCOLLEGIATE ATHLETICS PROGRAMS FOR THE YEAR ENDED JUNE 30, 2005

Texas Southern University FY 2014 Job Title List (By Alpha)

SORORITY AND FRATERNITY AFFAIRS POLICY ON EXPANSION FOR SOCIAL SORORITIES AND FRATERNITIES

Academic Affairs Policy #1

THE BROOKDALE HOSPITAL MEDICAL CENTER ONE BROOKDALE PLAZA BROOKLYN, NEW YORK 11212

University of Michigan - Flint POLICY ON FACULTY CONFLICTS OF INTEREST AND CONFLICTS OF COMMITMENT

FORT HAYS STATE UNIVERSITY AT DODGE CITY

MSW POLICY, PLANNING & ADMINISTRATION (PP&A) CONCENTRATION

TABLE OF CONTENTS. By-Law 1: The Faculty Council...3

ATHLETIC TRAINING SERVICES AGREEMENT

Charter School Reporting and Monitoring Activity

ITEM: 6. MEETING: Trust Board 20 February 2008

University of Toronto

Faculty Athletics Committee Annual Report to the Faculty Council November 15, 2013

University of Michigan - Flint POLICY ON STAFF CONFLICTS OF INTEREST AND CONFLICTS OF COMMITMENT

IUPUI Office of Student Conduct Disciplinary Procedures for Alleged Violations of Personal Misconduct

University of Toronto

Audit Documentation. This redrafted SSA 230 supersedes the SSA of the same title in April 2008.

Conflicts of Interest and Commitment (Excluding Financial Conflict of Interest Related to Research)

b) Allegation means information in any form forwarded to a Dean relating to possible Misconduct in Scholarly Activity.

SURVEY RESEARCH POLICY TABLE OF CONTENTS STATEMENT OF POLICY REASON FOR THIS POLICY

Standards and Criteria for Demonstrating Excellence in BACCALAUREATE/GRADUATE DEGREE PROGRAMS

Program Change Proposal:

REPORT OF THE PROVOST S REVIEW PANEL. Clinical Practices and Research in the Department of Neurological Surgery June 27, 2013

BHA 4053, Financial Management in Health Care Organizations Course Syllabus. Course Description. Course Textbook. Course Learning Outcomes.

CONFLICT OF INTEREST CALIFORNIA STATE UNIVERSITY, CHICO. Audit Report June 11, 2014

ARKANSAS TECH UNIVERSITY

March 28, To Zone Chairs and Zone Delegates to the USA Water Polo General Assembly:

TITLE IX COMPLIANCE SAN DIEGO STATE UNIVERSITY. Audit Report June 14, Henry Mendoza, Chair Steven M. Glazer William Hauck Glen O.

PATTERNS OF ADMINISTRATION DEPARTMENT OF BIOMEDICAL EDUCATION & ANATOMY THE OHIO STATE UNIVERSITY

DRAFT VERSION 2, 02/24/12

University of Essex Access Agreement

HOUSE OF REPRESENTATIVES AS REVISED BY THE COMMITTEE ON EDUCATION APPROPRIATIONS ANALYSIS

CHARTER SCHOOL APPLICATION TIMELINE

Envision Success FY2014-FY2017 Strategic Goal 1: Enhancing pathways that guide students to achieve their academic, career, and personal goals

Mathematics Program Assessment Plan

Mary Washington 2020: Excellence. Impact. Distinction.

SPORTS POLICIES AND GUIDELINES

REQUEST FOR PROPOSALS SUPERINTENDENT SEARCH CONSULTANT

For the Ohio Board of Regents Second Report on the Condition of Higher Education in Ohio

Quality assurance of Authority-registered subjects and short courses

Glenn County Special Education Local Plan Area. SELPA Agreement

Oklahoma State University Policy and Procedures

Occupational Therapist (Temporary Position)

Core Strategy #1: Prepare professionals for a technology-based, multicultural, complex world

Navitas UK Holdings Ltd Embedded College Review for Educational Oversight by the Quality Assurance Agency for Higher Education

2015 Academic Program Review. School of Natural Resources University of Nebraska Lincoln

VIRGINIA INDEPENDENT SCHOOLS ASSOCIATION (VISA)

VI-1.12 Librarian Policy on Promotion and Permanent Status

St. Mary Cathedral Parish & School

Position Statements. Index of Association Position Statements

CAREER SERVICES Career Services 2020 is the new strategic direction of the Career Development Center at Middle Tennessee State University.

Longitudinal Integrated Clerkship Program Frequently Asked Questions

Seminole State College Board Regents Regular Meeting

Thomas Jefferson University Hospital. Institutional Policies and Procedures For Graduate Medical Education Programs

Improving recruitment, hiring, and retention practices for VA psychologists: An analysis of the benefits of Title 38

Goal #1 Promote Excellence and Expand Current Graduate and Undergraduate Programs within CHHS

DEPARTMENT OF FINANCE AND ECONOMICS

FY16 UW-Parkside Institutional IT Plan Report

Nearing Completion of Prototype 1: Discovery

Guidance on the University Health and Safety Management System

Last Editorial Change:

CONTINUUM OF SPECIAL EDUCATION SERVICES FOR SCHOOL AGE STUDENTS

UCB Administrative Guidelines for Endowed Chairs

Procedures for Academic Program Review. Office of Institutional Effectiveness, Academic Planning and Review

Graduate Student Travel Award

CUPA-HR ADMINISTRATORS IN HIGHER EDUCATION SALARY SURVEY (AHESS)

UNIVERSITY OF NORTH GEORGIA ADMINISTRATIVE / PROFESSIONAL PAY PLAN FISCAL YEAR 2015 BENEFITS-ELIGIBLE EXEMPT (MONTHLY) EMPLOYEES

1. Amend Article Departmental co-ordination and program committee as set out in Appendix A.

Consumer Information Boot Camp

SPORT CLUB POLICY MANUAL. UNIVERSITY OF ILLINoIS at CHICAGO

RESEARCH INTEGRITY AND SCHOLARSHIP POLICY

Orange Elementary School FY15 Budget Overview. Tari N. Thomas Superintendent of Schools

Title IX, Gender Discriminations What? I Didn t Know NUNM had Athletic Teams. Cheryl Miller Dean of Students Title IX Coordinator

Delaware Performance Appraisal System Building greater skills and knowledge for educators

AB104 Adult Education Block Grant. Performance Year:

HSC/SOM GOAL 1: IMPROVE HEALTH AND HEALTHCARE IN THE POPULATIONS WE SERVE.

Current Position Information (if applicable) Current Status: SPA (Salary Grade ) EPA New Position

Duke University FACULTY HANDBOOK THE

New Program Process, Guidelines and Template

SAMPLE AFFILIATION AGREEMENT

Consent for Further Education Colleges to Invest in Companies September 2011

Children and Adults with Attention-Deficit/Hyperactivity Disorder Public Policy Agenda for Children

PROGRAM HANDBOOK. for the ACCREDITATION OF INSTRUMENT CALIBRATION LABORATORIES. by the HEALTH PHYSICS SOCIETY

Policy for Hiring, Evaluation, and Promotion of Full-time, Ranked, Non-Regular Faculty Department of Philosophy

LaGrange College. Faculty Handbook

ABET Criteria for Accrediting Computer Science Programs

Conceptual Framework: Presentation

Nichole Davis Mentoring Program Administrator Risk Management Counsel South Carolina Bar

MILTON SANTIAGO, Ed.D.

Student Transportation

Oklahoma State University Policy and Procedures

World s Best Workforce Plan

INTERSCHOLASTIC ATHLETICS

Transcription:

STANDING COMMITTEES F 1 Finance and Asset Management Committee Approve Internal Audit Planned Activities for 2018 and Internal Audit Charter RECOMMENDED ACTION The administration and the Finance and Asset Management Committee recommend that the Board of Regents, in accordance with the Standards of the Institute of Internal Auditors, approve the University of Washington s 2018 Audit Plan and Internal Audit Charter. BACKGROUND Established in 1941, the Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida. The IIA is the internal audit profession s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. The IIA provides a framework for performing internal auditing, through the publication of International Standards for the Professional Practice of Internal Auditing. It is considered industry best practice to comply with the IIA standards. Standard 2020 requires that the Executive Director of Internal Audit communicate internal audit plans and resource requirements to senior management and the board for review and approval. Standard 1000 requires that the Executive Director of Internal Audit periodically review the internal audit charter and present it to senior management and the board for approval. In order to comply with the above-mentioned IIA standards, the Executive Director of Internal Audit is presenting the 2018 Audit Plan and Internal Audit Charter for approval. There have been no changes in the Internal Audit Charter since it was approved in November 2015. Attachments 1. 2018 Audit Plan 2. University of Washington Internal Audit Charter F 1/211-17

2018 Audit Plan Finance and Asset Management Committee Board of Regents November 2017 ATTACHMENT 1 Page 1 of 10

Table of Contents Executive Summary...1 2018 Audit Plan...2 Analysis of Audit Coverage of University Auditable Units...3 Planned Audit Projects...4 Audit Resources...6 Appendix Risk Assessment Methodology/ Development of Annual Plan...7 University Highest Risks as defined in the 2104/2015 ERM Report...8 Page 2 of 10

Executive Summary The 2018 Audit Plan contains key information on our planned audit activity for calendar year 2018. The plan was based on the results of our annual risk assessment process. Audit Goals Internal Audit s major goals for 2018 are: Complete 30 audits focused on areas identified within Internal Audit s Risk Assessment; Provide the University with value added recommendations to improve controls, mitigate identified risks and increase efficiency of operations; Continue staff training & development, including our student intern program; Complete an internal self-assessment in advance of 2019 s Quality Assurance Review; Continue to manage the University-wide financial fraud and ethics reporting hotline; Contribute and coordinate with the University Institutional Resilience Program managed within the Compliance & Risk Services; and Continue to participate on major system implementations as an advisor on oversight committees and complete pre/post implementation reviews. Audit Plan 2018 The University of Washington Internal Audit Plan for 2018 is designed to provide audit coverage across the entirety of the University, deploying Internal Audit resources in an effective and efficient manner. We continue to focus our audit plan and related projects on the highest risk areas identified in our Internal Audit risk assessment. The risk assessment includes the review of: Strategic plans and initiatives of the University; Interviews with over 100 executive and senior management personnel across all schools, colleges, central units and all four medical centers; Changes impacting the major operating units within the University (Schools, Colleges and Central Administrative units); Emerging risks within higher education, healthcare and information technology as shared with Internal Audit while attending national conferences throughout 2017; and Financial and historical information regarding the University. The Audit Plan documents presented here include: Overview of the Audit Plan; Analysis of Audit Coverage of University Auditable Units from 2014 2018; Listing of Planned Audit Projects; and Allocation of Audit Resources. Page 3 of 10

2018 Audit Plan Internal Audit engages in three primary activities audits, management advisory services, and investigations. Our focus is to actively work with schools, colleges, central administration and UW Medicine to assist management in addressing strategic, financial, operational, and compliance risks and exposures. Internal Audit focuses on both university-wide and departmental level processes and control systems. In order to focus our audit resources, we consider the work completed by other audit professionals and compliance officers across the University such as KPMG LLP, Peterson Sullivan LLP, State Auditor s Office, UW Medicine Compliance, Compliance & Risk Services and other regulatory agencies in setting our overall audit plan and in planning the work conducted on any specific project. Additionally, we provide liaison services between the University and external audit parties to assist in the effective conduct of outside auditor s projects. Internal Audit s goals for 2018 are: Complete 30 audits focused on areas identified within Internal Audit s Risk Assessment; Provide the University with value added recommendations to improve controls, mitigate identified risks and increase efficiency of operations; Continue staff training & development including our student intern program; Continue to manage the University-wide financial fraud and ethics reporting hotline; Contribute and coordinate with the University Institutional Resilience Program managed within Compliance & Risk Services; Continue to participate on major system implementations as an advisor on oversight committees and complete pre/post implementation reviews; Increase use of data analytics and other technologies to enhance audit program; Provide training on internal controls, WA Ethics Law and other related subjects; and Participate in roundtables /conferences with peer institutions to discuss emerging risks; The UW Internal Audit Plan for 2018 is designed to provide audit coverage across the entirety of the University, deploying Internal Audit resources in areas of increased risk or operations we have not audited in the recent past. The methodology that we utilized for performing our risk assessment and developing our audit plan is included in Appendix I. To enable us to focus on the appropriate areas, we considered the strategic plans and significant initiatives of the University, such as the Be Boundless Campaign, Population Health Initiative, Global Innovation, WorkDay system implementation, Finance Transformation, Capital Planning, Outside Consulting Strategy Documents and UW Medicine Initiatives. We have also acknowledged increasing external forces (uncertain compliance oversight by federal government, data breaches and changes to state funding) that could adversely impact the internal controls processes previously developed within the University. Also in conducting our risk assessment, we teamed with Compliance & Risk Services to meet with University executives to learn further about enterprise risks being identified during the Institutional Resilience interviews (next generation ERM). Page 4 of 10

Analysis of Audit Coverage of University Auditable Units The University auditable units, listed below, are ranked from high to low in terms of the risk based on the 2018 risk assessment performed by Internal Audit (IA). Additionally, we have included the rankings from previous risk assessments. The previous year columns identify the IA risk ranking in those periods and the type of audit work conducted within the respective unit. 2018 2017/2016 2015/2014 Rank Audit Coverage Rank Audit Coverage Rank Audit Coverage AUDITABLE UNIT UW Medicine Clinical Enterprise 1 IA 1 IA 1 IA School of Medicine 2 IA 2 IA 2 IA UW Information Technology 3 IA 3 IA 4 IA School of Dentistry 4 IA 7 IA 6 IA Health Sciences Administration 5 IA 5 IA 3 IA Office of the President/Provost 6 IA 8 IA 23 IA* Intercollegiate Athletics 7 IA 4 IA 5 IA Office of the Controller 8 Ext 14 IA* 7 IA UW Bothell 9 IA 10 IA 22 IA Capital Planning and Development 10-6 IA 13 - UW Tacoma 11 IA 16 IA 24 IA CoMotion 12 IA 21-21 IA Enrollment Management 13 Reg 15 IA 8 Reg Office of Planning and Management 14-12 - 14 IA School of Public Health 15 IA 11 IA* 9 IA College of Engineering 16-18 IA 12 IA College of the Environment 17-17 IA 25 IA Enterprise Services 18 IA 13 IA 10 IA Information School 19-33 - 35 IA* College of Arts and Sciences 20-19 IA 15 IA Human Resources 21-9 IA 17 IA School of Nursing 22 IA 22-16 IA* Office of Research 23-20 IA 11 IA Housing and Food Services 24 IA 29 Ext 19 IA Continuum College 25-23 IA 18 IA School of Law 26 IA 34-28 - Treasury Office 27 Ext 26 Ext 26 Ext School of Pharmacy 28-24 IA 27 IA* School of Social Work 29-28 IA* 34 IA College of Education 30-31 IA* 31 - University Advancement 31-25 IA 29 - Student Life 32 IA 27 IA 20 Ext Evans School of Public Affairs 33-38 - 37 IA* University Libraries 34-37 - 36 IA* Foster School of Business 35-30 IA* 33 IA* Graduate School 36-35 - 30 IA* Facilities Services 37-32 IA 32 - College of the Built Environment 38-36 - 38 IA* Legend: IA - Audited by Internal Audit IA* Audited by Internal Audit as part of a university-wide process audit Ext Audited by KPMG LLP or Peterson Sullivan LLP Reg Audited by regulatory agencies, including State Auditor s Office Page 5 of 10

Planned Audit Projects We will continue to focus on the high risk areas as identified in our risk assessment. We identified both audit units and university-wide processes within which to focus our audit activities during 2018. As part of our risk assessment, we continued our focus on audit projects whose results could be shared across the campus to improve control effectiveness. Additionally, based on risk and controls reviews conducted in the audit planning process, we may validate and/or expand upon the areas of focus and risks in each respective audit unit. We will conduct audits in the units identified in the chart below. Our risk assessment process will be further refined for the UW Medicine clinical enterprise to include a more in-depth identification of audit units and possible audit projects within the enterprise. This process will include expanded meetings with the executives within the UW Medicine clinical entities, operational management and meetings with the Boards of UW Medicine and the respective medical centers. Please note that 2018 is the first year of the current two year risk assessment cycle which includes a larger and more comprehensive set of interviews with University Leadership. High risk auditable units not selected for review in 2018 will be considered for selection in 2019, with the goal of covering all high risk units within the two year period. Audit Unit UW Medicine Clinical Enterprise (12) School of Medicine (2) UW Information Technology (2) School of Dentistry Health Sciences Admin Office of the President/Provost Intercollegiate Athletics 2018 UW Bothell UW Tacoma CoMotion School of Public Health Enterprise Services (2) School of Nursing School of Law Housing & Food Services Student Life Audit Focus Revenue Cycle, Charge Capture (multiple units), Tele- Medicine, Virtual Clinic, IT Change Control and additional audit projects Federal Compliance and Business Operations, Shared Service Review Change Control, EDW Governance Financial Stability Plan /Faculty Practice Plans Environmental Health and Safety Global Affairs International Travel Safety Compliance with NCAA Standards & Title IX Business Operations Business Operations Global Innovation Exchange Federal Grant Compliance ISC/WorkDay Security Roles, Finance Transformation Federal Grant Compliance Financial & Business Operations Residence Hall Access Security Use of University Facilities Page 6 of 10

Planned Audit Projects (continued) The following projects were identified as higher risk by Internal Audit and management but not significant enough to be included in the 2018 planned audits due to current resource constraints. We will include certain of these audits in our 2018 audit projects as staffing permits. Audit Unit UW Medicine Clinical Enterprise School of Medicine Health Sciences Administration Office of the Controller Capital Planning & Development Office of Planning & Management Enterprise Services College of Arts & Sciences Human Resources Office of Research Housing & Food Services Treasury Student Life University Libraries Graduate School College of the Built Environment Multiple Unit Audits Multiple Unit IT Audits Audit Focus ALNW, UW Medicine Azure Database, PUMA Physician Incentive Plan, Clinical Research Billing Center for Human Development and Disability Internal Control Checklist Review Lease Management, Capital Spending Deficit Policy Cloud Vendor Management Jackson School Business Operations Benefit Management Export Controls Cash Management Semi-Annual Borrower Reports (SABRe) IMA Fiscal Management Business Operations Electronic Application System Security Training for Shops Financial Stability Plans IT Security Controls GLBA/FERPA/FISMA Page 7 of 10

Audit Resources The audit plan for calendar year 2018 is based on a professional staffing complement of 18.5 FTE, which is consistent with our 2017 Audit Plan. Note that this year of stabilization was expected as part of our overall growth plan to bring UW Internal Audit to a full complement of 21 FTE over the next three to five years dependent on the identification of additional University financial resources to fund the growth. We will augment our staff by continuing our IA Internship Program in which we currently employ two UW students. Approximately 54% of the Internal Audit s available resources are committed to the completion of planned audit projects and follow-up audit procedures. The annual audit plan is designed to provide appropriate coverage utilizing a variety of audit methodologies: audits of individual units on campus and within the UW Medicine clinical entities, functional and process audits, University-wide reviews, and information system projects. Internal Audit semi-annually conducts follow-up audit procedures to ensure that management is implementing controls as described within their responses to Internal Audit report findings. We have a number of audit projects begun in 2017 which will carryover for completion in early 2018. Additionally, we continue to refine our planning process and quarterly reporting to the Audit Advisory Committee to ensure our own accountability and minimize audit slippage. The amount of carryover work is in line with a normal audit process where audits begun in the last few months of the year are completed and issued early in the following year. The remainder of our FY 2018 audit resources is allocated as follows: 16% to accommodate requests from the President, the Board, or other executive management and consultations with University departments. Additionally we plan to incur hours conducting investigations into whistleblower claims, regulatory, ethics and fraud allegations; especially as we began the University wide Fraud, Waste and Abuse Reporting Hotline in the Summer of 2016. 9% for employee professional development, internal quality improvement projects and ongoing expansion and maintenance of our electronic work paper system. Additionally, we participate in national roundtables with peer institutions (large research universities with medical centers). We also participate in one to two Quality Assessment Reviews of peer institutions annually. 6% for risk mitigation efforts such as the audit liaison function for the University, advisory services regarding WA State Ethics regulations, training provided to University personnel, and University risk mitigation committee work. 15% has been further allocated for internal administrative functions, including employee performance evaluations, interviews of Internal Audit candidates and manager/staff meetings. Page 8 of 10

Appendix I Risk Assessment Methodology / Development of Annual Plan We use a two year risk assessment model to prioritize audit coverage and ensure timely reviews of high exposure areas. 2018 is the first year of the current two year cycle which includes Internal Audit undertaking a larger and more comprehensive set of interviews of University leadership. The Audit Plan is a calendar year plan to align with the finalization of budget data and annual approval processes of the Board of Regents. We began the process in year one by utilizing previous Internal Audit risk assessments as a starting point. We identified the risk categories to be considered in the risk assessment and updated the categories to acknowledge the changing profile of the University. The following risk categories were considered in the development of our annual plan: Strategic Risk Operational Risk Compliance Risk Financial Risk Reputational Risk Impairment to the strategic mission of the University. Impairment of the ability to carry out the operations of the University. Failure to comply with laws, regulations and policies of the University. Loss of financial resources or assets. Risk that public image or reputation is damaged by actions of a unit or individual connected to the University. We reviewed risk assessment models and processes used by peer institutions and utilized their experience and knowledge of university and medical center operations to ensure our risk assessment model included factors relevant to the University of Washington and UW Medicine clinical entities. We gathered information about any trends or emerging risks, significant changes in organizations, information systems complexity, prior audits/results, and obtained input from key senior management regarding high risk areas. We reviewed new and developing information being provided to the University from the President and Provost offices over the last twelve months. We then evaluated both the financial and budgetary data for all audit units identified and updated our current risk assessment model and related risk rankings identified during prior years. We conducted our risk assessment interviews in 2017 along with Compliance & Risk Services, as they rollout a new tool Institutional Resilience. In completing the 2018 Risk Assessment, we have suspended the process of linking the risks identified in the Universities former ERM process to our audit coverage as we are expecting an updated set of risks to be developed in 2017/18 by Compliance & Risk Services. Our proposed audit projects for 2018 will be selected from a number of the highest ranked auditable units. We will also revisit our plan and consider areas identified by Institutional Resilience tool in 2018. Page 9 of 10

Appendix II University Highest Risks as defined in the 2014/15 ERM Report The chart below represents a listing of the top University risks as defined by UW Enterprise Risk Management 2013/2014 Annual Report presented to the Board of Regents in January 2015. In prior years, Internal Audit aligned its mapped audit plan to the list of risks identified to ensure that we both considered the risks and identified those areas where we might conduct audits, this year we have provided as a simple reference of prior audits. Risk Ranking Risk Title Risk Area 2017 2016 2015 1 Information systems assurance Compliance X X X 2 Safety of students, faculty, staff, visitors Operations X X X 3 Age of IT systems Operations X 4 Age of facilities Operations 5 Recruit and retain top faculty, and maintain research competitiveness Strategic X X X 6 Changing revenue streams Financial X X X 7 Federal grant regulations Compliance X X X 8 Crime on or near campus Operations X 9 Minors on campus Operations X X 10 Environmental and occupational health, lab safety and hazardous materials Compliance X 11 Information security and back up Operations X X X 12 Academic, scientific misconduct, research integrity, and conflict of interest Compliance X 13 Student wellness Operations X 14 Healthcare regulations Compliance X X X 15 Investments in capital reduce financial flexibility for other initiatives Strategic X X 16 Enrollment and yield rates Financial X X 17 Emergency and disaster preparedness Mega/External X 18 Student athlete code of conduct Compliance X X X 19 Animal research regulations Compliance 20 Patient safety Operations X X X 21 Online learning capabilities Strategic 22 Human resource regulations Compliance X X X 23 International student regulations Compliance 24 NCAA compliance Compliance X X X 25 Alliances, affiliations, industry consolidations Strategic X X X 26 Recruit and retain top graduate students Strategic X Page 10 of 10

University of Washington Internal Audit Charter Mission - The mission of Internal Audit is to assist the Board of Regents and University management in the discharge of their oversight, management and operating responsibilities. This is achieved by providing independent assurance, consulting and education services to the University community. Our services add value by improving the control, risk management and governance processes to help the University achieve its business objectives. Authority Internal Audit functions under the authority of the Finance and Asset Management Committee of the Board of Regents of the University of Washington. Internal Audit is authorized to have full, free, and unrestricted access to information including records, computer files, property, and personnel of the University. Internal Audit is free to review and evaluate all policies, procedures and practices of any University activity, program or function. In performing the audit function, Internal Audit has no direct responsibility for, or authority over any of the activities reviewed. Therefore, the internal audit review and appraisal process does not in any way relieve other persons in the organization of the responsibilities assigned to them. Scope - The scope of the internal audit activity encompasses:. 1. Assurance Services. Assurance services are objective examinations of evidence for the purpose of providing an independent assessment. This includes assessing and reporting on the adequacy and effectiveness of the internal controls and the quality of performance in carrying out assigned responsibilities. The scope includes reviewing and evaluating: Internal controls established to ensure compliance with applicable policies, plans, procedures, laws, regulations, and contracts; The means with which assets are safeguarded; The reliability and integrity of financial and operating information; The economy, efficiency, and effectiveness with which resources are employed; and IT systems to determine if they are appropriately managed, controlled, and protected. 2. Management Advisory Services. Advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation, and training. 3. Investigative Engagements. Investigations evaluate allegations of unethical business practices and/or financial and operational misconduct to determine if allegations are substantiated and to prevent future occurrences. F-1.2/211-17 ATTACHMENT 2 1 P a g e

University of Washington Internal Audit Charter (Continued) Independence - To permit the rendering of impartial and unbiased judgment essential to the proper conduct of audits, internal auditors will be independent of the activities they audit. This independence is achieved through organizational status and objectivity. Organizational Status: The Executive Director of Internal Audit is responsible to the Treasurer, Board of Regents, whose scope of responsibility and authority assures that audit findings and recommendations will be afforded adequate consideration and the effectiveness of action will be reviewed at an appropriate level. The Executive Director of Internal Audit has direct access to both the President and the Board of Regents, and may take matters to them that are believed to be of sufficient magnitude and importance to require their immediate attention. Objectivity: Because objectivity is essential to the audit function, an internal auditor does not develop and install procedures, prepare records, or engage in any other activity which the auditor would normally review and appraise and which could reasonably be construed to compromise the auditor s independence. The auditor s objectivity is not adversely affected, however, by determining or recommending standards of control to be adopted in the development of systems and procedures under review. Responsibility - The internal audit staff has a responsibility to report to University management on the areas examined and to evaluate management s plans or actions to correct reported findings. In addition, the Executive Director of Internal Audit has a responsibility to report at least annually to the Board of Regents Finance and Asset Management Committee and to inform the Board of any significant findings that have not been reasonably addressed by University management. The Executive Director of Internal Audit will coordinate internal and independent outside audit activities to ensure adequate coverage and minimize duplication of effort. Standards The responsibility of Internal Audit is to serve the University in a manner that is consistent with the standards established by the internal audit community. At a minimum it shall comply with the relevant professional audit standards and the Institute of Internal Auditors (IIA) mandatory guidance including the Definition of Internal Auditing, the Code of Ethics and the International Standards for the Professional Practice of Internal Auditing. For approval by the Board of Regents - November 9, 2017 F-1.2/211-17 2 P a g e

2024 © educationdocbox.com Privacy Policy | Terms of Service | Feedback