GUIDELINE B-050

SUBJECT:  Internal Auditing

General Statement

The internal audit function contributes to the effectiveness of controls that management is responsible for establishing and maintaining.  While particular responsibilities and activities vary among institutions, the fundamental purpose of internal auditing is to provide an independent, objective assurance and consulting activity designed to add value and improve the institution’s operations.  Each internal audit function shall adhere to The Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing and Code of Ethics.  This guideline addresses staffing, responsibilities of the internal audit function, and audit planning and reporting on internal audit activities.  In addition to this guideline, the internal auditors maintain an audit manual.  The purpose of the audit manual is to provide for consistency, continuity, and standards of acceptable performance.

Internal Audit Personnel

1.       Each university shall employ at least two individuals with full-time responsibility as internal auditors.  Additional internal audit staff shall depend upon institutional size and structure.  Two-year institutions will employ a full-time internal auditor or have an approved agreement with a university or other two-year institution to provide required audit services..  Titles of internal audit staff shall be consistent within the overall institutional structure.

2.       Internal audit staff shall possess professional credentials and experience requisite to position responsibilities.   The campus Internal Audit Director and the Director of System-wide Internal Auditing must be licensed as a Certified Public Accountant or a Certified Internal Auditor.

3.       The appointment or change of status of campus Internal Audit Directors as recommended by the President is subject to approval by the Chancellor or designee. Compensation of the Director of System-wide Internal Auditing and the campus internal auditors is subject to review and approval by the Audit Committee of the Board of Regents.

4.                  The termination of campus internal auditors requires the prior approval of the Chancellor and the Audit Committee of the Board.

 

Internal Auditing Role and Scope

1.       In accordance with T.C.A. § 49-14-102, the Director of System-wide Internal Auditing reports directly to the Audit Committee and the Board of Regents.  Campus internal auditors report to the respective campus President with audit reporting responsibility to the Audit Committee and the Board through the TBR Director of System-wide Internal Auditing.  TBR hosts periodic meetings and communicates with the audit directors on matters of mutual interests.  The TBR maintains an internal audit manual to guide the internal audit activity in a consistent and professional manner at each institution.  This reporting structure assures the independence of the internal audit function.

2.       The internal auditors’ responsibilities include:

n                  Working with management to assess institutional risks and developing an audit plan that considers the results of the risk assessment.

n                  Evaluating institutional controls to determine their effectiveness and efficiency.

n                Coordinating work with external auditors, program reviewers, and consultants.

n                Determining the level of compliance with internal policies and procedures, state and federal laws, and government regulations.

n                Testing the timeliness, reliability, and usefulness of institutional records and reports.

n                Recommending improvements to controls, operations, and risk mitigation resolutions.

n                Assisting the institution with its strategic planning process to include a complete cycle review of goals and values.

n                Evaluating program performance.

n                Performing management advisory services and special requests as directed by the Audit Committee or the institution’s President.

3.       The scope of internal auditing extends to all aspects of institutional operations and beyond fiscal boundaries.  The internal auditor shall have access to all records, personnel, and physical properties relative to the performance of duties and responsibilities.

4.       The scope of a particular internal audit activity may be as broad or as restricted as required to meet management needs.

5.       Objectivity is essential to the internal audit function.  Therefore, internal audit personnel should not be involved in the development and installation of systems and procedures, preparation of records, or any other activities that the internal audit staff may review or appraise.  However, internal audit personnel may be consulted on the adequacy of controls incorporated into new systems and procedures or on revisions to existing systems.

6.                 Management is responsible for identifying, evaluating, and responding to potential risks that may impact the achievement of the institution’s objectives.  The auditors continually evaluate the risk management processes and internal control structures.  Internal Audit will receive copies of external audit reviews, program reviews, fiscally related consulting reports, notices of cash shortages, physical property losses, and employee misconduct.  These will be considered in the evaluation of risks.

Audit Plans

1.       Internal Audit shall develop an annual audit plan using an approved risk assessment methodology.

2.       Audit areas and respective audit programs are available in the TBR Audit Manual for guidance in these areas.

3.       At the beginning of each fiscal year, the campus Internal Audit Director will prepare an annual plan listing proposed areas to be audited.  The audit work plan must be flexible to respond to immediate requests.  The status of the past year's plan will also be prepared in an annual activity report that may include other significant audit services.  The President will submit two copies of the institution's Audit Plan for review by the Director of System-wide Internal Auditing.  The Director of System-wide Internal Auditing will forward one copy to the State Comptroller’s Office.

4.                 The Director of System-wide Internal Auditing will prepare an annual system-wide internal audit plan for approval by the Audit Committee.

Audit Reports

1.                 Each routine internal audit should result in a written report that documents the objectives, scope, and conclusion of the audit.  Management will include corrective action for each reported finding.  Reports on special studies, consulting services, and other non-routine items should be prepared as appropriate, given the nature of the assignment.

2.                 The institution’s president will be notified at the conclusion of a follow-up audit if management has not corrected the reported finding.

3.       All internal audit reports will be signed by the campus Internal Audit Director and transmitted directly to the President in a timely manner.

4.       The President will transmit two copies of the internal audit report to the Director of System-wide Internal Auditing.   The Director of System-wide Internal Auditing will forward one copy to the State Comptroller’s Office.

5.                 The Director of System-wide Internal Auditing will present results of internal audit reports to the Audit Committee at the quarterly Board meetings.

Exceptions

Any exceptions to the guideline established herein shall be subject to the approval of the Director of System-wide Internal Auditing.

 

Source:  June 3, 1981 TBR Presidents’ Meeting; July 1, 1984; May 20,1986; February 14, 1989; November 14, 1989; August 13, 2002; February 10, 2004; November 18, 2004.