Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The primary purpose of Internal Audit is to function as a service unit to assist all levels of management in the effective discharge of their responsibilities. Through consulting and performing independent audits, reviews, and investigations, the office seeks to provide reasonable assurance to management that effective stewardship is maintained over the University's resources. Internal Audit also serves as a liaison between management and all external auditors.
In general, the objectives of Internal Audit are to:
- Evaluate the adequacy of the internal control structure within a department or unit.
- Assess the extent of compliance of each area with applicable laws, regulations, policies, and procedures.
- Verify the existence of University assets and ensure proper safeguards for their protection.
- Evaluate the reliability and integrity of data produced by information systems.
- Investigate concerns relating to fraud, embezzlement, and theft.
- Consult with management and provide methodologies, facilitation, focus, knowledge, technology, best practices, and independence that help solve managements' problems.
- Consult with management and provide methodologies, facilitation, knowledge, technology, best practices, and independence that help solve problems.
- Verify the existence of university assets and ensure proper safeguards for their protection.
- Evaluate the reliability and integrity of data produced by information systems.
- Assess the extent of compliance of each area with applicable laws, regulations, accreditation standards, policies, and procedures.
- Evaluate the adequacy of the internal control structure within a department or unit.
- Investigate concerns relating to fraud, embezzlement, and theft.
Internal Audit develops an annual audit plan (work plan) to identify the engagement projects to be conducted during the upcoming fiscal year. Throughout the year the audit plan may be amended to include requested reviews, special projects, or changes in priority. Some of the things we consider when developing our audit plan include:
- To what extent is the process or area required to comply with state or federal regulations?
- Is this area subject to a great deal of public scrutiny?
- Has recent organizational change occurred?
- What is the volume of activity?
- How reliant is the area on technology?
- When was the last time Internal Audit reviewed it?
- Have concerns about conduct resulted in a requested review?
- Does management have concerns that they'd like us to look into? Concerns can be about the internal structure, regulations, complexity of operations, or any prior audit findings
The annual audit plan is reviewed and approved by the Audit Committee of the Winston-Salem State University Board of Trustees and the Chancellor.
- Research audit area
- Determine criteria
- Notify auditee
- Assess risk
- Plan audit
- Refine scope/objective/methodology
- Develop audit program
- Perform field work
- Communicate results
- Issue draft report
- Obtain management responses
- Issue final report
- Follow-up review
- Feedback from auditee
Yes! The "peer review" process draws upon the standards and guidelines set forth by the Institute of Internal Auditors (IIA) in their International Standards for the Professional Practice of Internal Auditing, which requires a Quality Assurance Review (QAR) be performed by an external party at least every five years. The peer reviewers typically include auditors from other universities, public accounting firms, or specialists in an audit area and they issue a report with findings and recommendations, just as we do when we audit university units.
