Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The purpose of the Department of Audit Services is to provide Stephen F. Austin State University (SFASU) Board of Regents and the President an independent appraisal of the adequacy and the effectiveness of the University's system of internal administrative and accounting controls and the quality of performance when compared with established standards. The primary objective is to assist the Board of Regents, the President and University management in the effective discharge of their responsibilities.
The internal audit activity is established per the Texas Internal Auditing Act. The Department of Audit Services at SFASU is the internal audit activity. The SFASU Board of Regents Finance and Audit Committee provides oversight. The Department of Audit Services works to be a trusted advisor to management in the areas of governance, risk management and internal controls.
The Department of Audit Services will govern itself by adherence to The Institute of Internal Auditors' mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, the Core Principles, and International Standards for the Professional Practice of Internal Auditing (Standards), as well as Generally Accepted Governmental Auditing Standards as required by the Texas Internal Auditing Act. This mandatory guidance constitutes principles of the fundamental requirements for the Professional Practice of Internal Auditing and for evaluating the effectiveness of the internal audit activity’s performance.
The Institute of Internal Auditors' Implementation Guidance and Supplemental Guidance will also be adhered to as applicable. In addition, the Department of Audit Services will adhere to relevant SFASU policies and procedures and the Department of Audit Services procedures manual.
The Department of Audit Services, with strict accountability for confidentiality and safeguarding records and information, is authorized unrestricted access to any and all of SFASU records, both manual and electronic; physical properties and assets; activities; systems; and personnel pertinent to carrying out any engagement. All SFASU employees should make an effort in a timely and ethical manner to assist the Department of Audit Services in fulfilling its roles and responsibilities when requested for an audit, investigation, or other activity. The Chief Audit Executive (CAE) will also have free and unrestricted access to the Finance and Audit Committee.
The Department of Audit Services is an integral part of SFASU and functions in accordance with the policies established by the Board of Regents and President. To provide for the independence of the Department of Audit Services, the CAE is appointed by the Board of Regents in accordance with the Board of Regents Rules and Regulations. The CAE reports functionally to the Board of Regents and administratively to the President.
The CAE will communicate and interact directly with the Finance and Audit Committee, including committee meetings, executive sessions where allowed by law, and between committee meetings, as appropriate. Responsibilities of the Finance and Audit Committee are outlined in the Board of Regents Rules and Regulations.
INDEPENDENCE AND OBJECTIVITY
The Department of Audit Services will remain free from interference by any element in the University, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.
Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair internal auditor judgment. Internal auditors may provide assurance services where they have previously performed consulting services provided the nature of the consulting did not impair objectivity, and provided individual objectivity is managed when assigning resources to the engagement.
Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.
The CAE will confirm to the Finance and Audit Committee Chair the organizational independence of the Department of Audit Services and its staff members.
The Department of Audit Services scope encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the University's governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the University's stated goals and objectives. This includes:
INTERNAL AUDIT PLAN
At least annually, the CAE will submit to the Finance and Audit Committee an internal audit plan for review and approval. The internal audit plan will consist of a work schedule as well as budget and resource requirements for the next fiscal year. The internal audit plan will be developed based on a prioritization of the audit universe using an appropriate risk-based methodology, including input of senior management and the Finance and Audit Committee Chair. The CAE will consider audits such as those required for information security, contracts, contract administration, investments, and other areas. The CAE will review and adjust the plan, as necessary, in response to changes in the internal audit resource levels or the University’s business, risks, operations, programs, systems, and controls. Any significant deviation from the internal audit plan will be communicated to the Finance and Audit Committee Chair.
REPORTING AND MONITORING
The CAE or designee will communicate the results of each internal audit engagement to the appropriate individuals. Internal audit results will also be communicated to the Finance and Audit Committee and state and federal oversight agencies as required.
Communication of the engagement results may vary in form and content depending upon the nature of the engagement and the needs of the client. Where applicable, a formal internal audit report will include management’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management's response should include an implementation date for anticipated completion of action.
The Department of Audit Services will be responsible for appropriate follow-up on management action plans to address engagement findings and recommendations and reporting the results to appropriate management members and the Finance and Audit Committee. All significant findings will remain as open issues until reviewed and cleared by the Department of Audit Services.
The Department of Audit Services will fulfill reporting requirements for audit reports and the annual report, including the annual audit plan, as prescribed by the Texas Internal Auditing Act.
The CAE will periodically report to the Finance and Audit Committee on the Department of Audit Services’ purpose, authority, and responsibility, as well as performance relative to its audit plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the President and the Finance and Audit Committee.
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
The CAE will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of the internal audit activity’s conformance with the Definition of Internal Auditing, the Core Principles, and the Standards and an evaluation of whether internal auditors apply the Code of Ethics, as well as Generally Accepted Government Auditing Standards and the Texas Internal Audit Act as applicable. The program also assesses the efficiency and effectiveness of the Department of Audit Services and identifies opportunities for improvement. The CAE will communicate to the Finance and Audit Committee on the Department of Audit
Services quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every three years.
RELEVANT STATUTES AND POLICIES
The Internal Audit Activity Charter was submitted by the Chief Audit Executive for review and approval by the Finance and Audit Committee and Board of Regents on April 25, 2017.