Policy 3-019: University of Utah Internal Audit Policy

  1. Purpose
    1. To establish the university's policy regarding internal audits, the authority and responsibilities of the Internal Audit Department, and general Procedures for conducting audits.
  2. Department Authority and Function
    1. Authority
      1. The Internal Audit Department derives its authority directly from the Board of Trustees and the president, and is authorized to conduct such reviews of university organizational units or functional activities as are necessary to accomplish its objectives. Internal Audit is authorized access to all records, personnel, and physical properties relevant to the performance of audits.
    2. Function
      1. The Internal Audit Department is charged with the responsibility to review the fiscal operational and administrative operations of the university. It is intended to be a protective and constructive link between policy-making and operational levels. Based on audit findings the department shall make a report to the president which shall include recommendations for improvements in internal control and/or operating efficiency.
  3. Scope
    1. The scope of internal audits encompasses the examination and evaluation of the adequacy and effectiveness of internal controls and the quality of performance in carrying out assigned responsibilities. Included within this scope are:
      1. Reviews of the reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information. Reviews may involve objective standards such as generally accepted accounting principles, or subjective standards such as sound business and management practices.
      2. Reviews of the systems established to ensure compliance with those policies, plans, Procedures, laws, and regulations which could have a significant impact on operations to determine if compliance is adequate.
      3. An evaluation of the means employed to safeguard assets.
      4. Verification and valuation of department assets.
      5. Evaluation of the effectiveness and efficiency with which resources are employed.
      6. An evaluation of the accomplishment of established objectives and goals.
  4. Responsibilities
    1. Responsibilities of the Internal Audit Department include:
      1. Development of an orderly program for the audit of selected university departments or functional activities.
      2. Conduct of audits in accordance with standards established for the professional practice of internal auditing.
      3. Timely communication to appropriate officers of any serious deficiencies noted in an audit.
      4. Preparation of a formal report of findings, conclusions, and recommendations upon completion of the audit.
      5. Review of the implementation of recommendations or of other actions taken as a result of the audit.
  5. General Procedures for the Conduct of Audits
    1. Opening Conference
      1. Internal Audit will ordinarily provide advance notice of the audit to the department head and other responsible administrators. An opening conference will be arranged where specific audit objectives, plans, and Procedures will be discussed. Surprise audits may also be undertaken if appropriate in the circumstances.
    2. Conduct of Fieldwork
      1. Audit fieldwork consists of interviews with responsible employees, observation of Procedures, examination of documentation, and other audit or analytical Procedures considered necessary in the circumstances. Audit observations and tentative findings and recommendations will normally be discussed with responsible employees of the audited department throughout the course of fieldwork.
    3. Closing Conference
      1. A closing conference will be held in which a preliminary draft of the audit report will be reviewed, any differences of fact or interpretation discussed, and any appropriate corrections or revisions made.
    4. Response to Final Audit Report
      1. Within a reasonable time following the audit, normally not to exceed two weeks, the head of the audited department shall deliver a written response to the manager of Internal Audit.
      2. The response should indicate with respect to each finding and recommendation:
        1. A statement of agreement or disagreement. If disagreement, specific provisions of the report to which exception is taken should be identified and
        2. A concise statement of actions undertaken or planned in response to the recommendation, as well as a timetable for implementation.
          1. Upon receipt of the response, Internal Audit shall forward the draft audit report and response to the cognizant vice president, together with explanatory comments. The vice president should respond in writing to the Internal Audit Manager that he/she has reviewed, agrees or disagrees with the audit report and response.
    5. Final Audit Report
      1. After considering the responses of the audited department head and the cognizant vice president, and after making any changes which may be appropriate, the final audit report shall be submitted to the president, with copies to the chairperson of the Board of Regents, Regents audit review subcommittee members, chairperson of the Board of Trustees, cognizant vice president, vice president for administrative services, head of the audited department, the commissioner of higher education, and the associate commissioner for business affairs, and the supervising general auditor. A copy of the responses of the department head and the cognizant vice president will be included in the final report.
    6. Compliance Review
      1. Within a reasonable time following the release of the audit report, ordinarily six months, Internal Audit will conduct a review of actions taken in response to the audit report. At the completion of the review, a compliance report will be distributed to those who received the original audit report. The compliance report will state if appropriate steps have been initiated by the audited department, and will identify any items where further action is considered necessary.
      2. If the report indicates substantial noncompliance, the cognizant vice president shall investigate the reasons for noncompliance, and submit a letter of explanation and resolution to the president, with a copy to Internal Audit who will submit the letter to the Regents audit review subcommittee.

Approved: Institutional Council 2/11/85


Policy: 3-019 Rev: 4
Date: April 3, 1985