Internal Auditing Policies and Procedures
Illinois’ state statutes mandate the Office of Internal Auditing. Links to these statutes and other requirements appear below:
One of the most important policies of the Office of Internal Auditing is that of independence. Internal auditors are independent when they can carry out their work freely and objectively. Independence permits internal auditors to render the impartial and unbiased judgments essential to the proper conduct of audits. This is achieved through organizational status and objectivity.
Objectivity is an independence in mental attitude which internal auditors maintain in performing their duties. Objectivity requires that internal auditors perform their work in such a way that they have an honest belief in their work product and that no significant quality compromises are made. Internal auditors are not placed in situations in which they feel unable to make objective professional judgments.
Quality Assurance Policy
An effective quality assurance program is essential in order to achieve and maintain a high level of credibility with management and others who rely on the work of the Office of Internal Auditing. Following is a brief description of each element of a quality assurance program:
- Supervision - Adequate supervision is the most fundamental element of any quality assurance program.
- Internal Reviews - Internal reviews are periodic self assessments of the Office of Internal Auditing. They primarily serve the needs of the director, but can also provide senior management with an assessment of the internal auditing function. Due to the limited staff size of the internal audit operations at Eastern, it is not possible to perform "formal" internal reviews (i.e., a review performed by a team of OIA members).
- External Reviews (“Peer Reviews”) - External reviews are performed to appraise the quality of an auditing office's operations and compliance with the standards. The reviews are performed by qualified persons who are independent of the University and who do not have either a real or apparent conflict of interest. Currently, the State's Internal Audit Advisory Board (SIAAB) has the responsibility for coordinating external (peer) reviews among the state's internal audit units.
Continuing Professional Education Policy
All internal auditors are responsible for maintaining their knowledge, skills and abilities. The office emphasizes the development of an annual program of continuing professional education (CPE) as a method to increase the professional competence of staff members.
All staff members must complete 80 hours of acceptable CPE during two successive annual years, with a minimum of 20 hours in each annual year. Acceptable CPE activities include:
- Professional education and development programs of national, state, and local accounting and auditing organizations.
- Technical sessions at meetings of national, state, and local accounting and auditing organizations and their chapters.
- College and university courses, programs of other sponsors (i.e., industrial, professional, etc.)
- Self-study programs (that include evidence of completion) from any of the above.
Procedures for Choosing Auditees
Audit coverage is university-wide and no function, activity or unit of the university is exempt from audit and review. In carrying out their duties and responsibilities, internal auditors have full, free and unrestricted access to all university activities, records, property and personnel.
In determining areas to audit, and evaluating the consequences of leaving other areas unaudited, the following factors are considered:
- Audits that are needed to meet external requirements - i.e., state law, agency regulations, contractual agreements, etc.
- Areas where noncompliance with guidelines could result in severe penalties to the university.
- Opportunities to achieve operating benefits.
- Turnover of key personnel or significant increases in activities.
- New programs/functions or major changes in operations. (These need to be audited early to detect potential problems before they become significant.)
- Dollar value of resources - not only in terms of absolute magnitude but also in terms of the resource's susceptibility to loss or misuse.
- Date and results of the last audit.
- Special requests (those of upper management and other university personnel).
- Capability of the audit staff.
- Work of others - i.e., governmental auditors, CPAs, results of inspections or evaluations by specialists, etc.
The Office of Internal Auditing assists management in the effective discharge of its responsibilities by furnishing management with analyses, recommendations, counsel, and pertinent comments concerning the activities reviewed. Such activities include:
- Determining that the overall system of internal control and the controls in each activity under audit are adequate, effective, efficient, and functioning.
- Determining the reliability and adequacy of the accounting, financial and reporting systems and procedures.
- Determining that university activities conform with generally accepted accounting principles, university policies and procedures, state and federal laws and regulations, contractual obligations and good business practices.
- Ascertaining the extent to which university assets exist, are properly accounted for, and are safeguarded from losses of all kinds.
- Reviewing operational procedures to ascertain whether results are consistent with established objectives and goals and whether the procedures are being carried out as planned.
- Recommending operational improvements.