Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Mission and Scope of Work
The mission of the Office of Internal Audit is to provide independent, objective assurance and consulting services, using a risk-based approach, to add value and improve the operations of the University of Florida and its affiliated organizations, including its direct support organizations and Faculty Practice Plan corporations. The OIA will serve as a central point for coordination of and oversight for activities that promote accountability, integrity, efficiency, and compliance.
The scope of work of the OIA is to determine whether the university's network of risk management control and governance processes as designed and represented by management is adequate and functioning in a manner to ensure:
- Risks are appropriately identified and managed
- Interaction with the various governance groups occurs as needed
- Significant financial, managerial, and operating information is accurate, reliable, and timely
- Employee’s actions are in compliance with policies, standards, procedures, and applicable laws and regulations
- Resources are acquired economically, used efficiently, and protected adequately.
- Programs, plans, and objectives are achieved
- Quality and continuous improvement are fostered in the university’s controls process
- Significant legislative or regulatory issues impacting the university are recognized and addressed properly
Opportunities for improving management control may be identified during audits. They will be communicated to the appropriate level of management.
Organization, Independence, and Authority
To provide for the independence of the OIA, its staff report to the Chief Audit Executive (CAE), who is appointed by and operates under the general oversight of the university President. The CAE reports administratively to the Senior Vice President and Chief Operating Officer and functionally to the Board of Trustees through its Committee on Audit and Operations Review as to the process and content of its reports. This reporting relationship promotes independence and assures adequate consideration of audit findings and planned actions.
The CAE and staff of the OIA are authorized to:
- Have unrestricted access to all functions, records, property, and personnel
- Have full and free access to the Committe on Audit and Operations Review
- Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives
- Obtain the necessary assistance of personnel in units of the university where they perform audits, as well as other specialized services from within or outside the university
The CAE and staff of the OIA are not authorized to:
- Perform any operational duties for the university or its affiliated organizations
- Initiate or approve accounting transactions external to the OIA.
- Direct the activities of any university employee not employed by the OIA, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the OIA staff
The CAE, in the discharge of his/her duties, shall be accountable to management and the Committee on Audit and Operations Review to:
- Provide assessments on the adequacy and effectiveness of the university’s processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work
- Report significant issues related to the processes for controlling the activities of the university and its affiliated organizations, including potential improvements to those processes, and provide information concerning such issues through resolution.
- Provide information periodically on the status and results of the annual audit plan and the sufficiency of department resources
- Coordinate with other control and monitoring functions (e.g., risk management, compliance, security, information technology legal, ethics, environmental, and external audit)
- Communicate the results of the quality assurance and improvement program.
Duties and Responsibilities
- Develop a flexible annual audit plan using appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the Committee on Audit and Operations Review
- Implement the annual audit plan as approved, including, as appropriate, any special tasks or projects requested by management and the Committee on Audit and Operations Review
- Conduct and coordinate audits, investigations, and management reviews relating to the programs and operations of the university and its affiliated organizations.
- Perform, or coordinate, other consulting services or activities carried out or financed by the university for the purpose of assisting management in meeting its objectives, promoting economy and efficiency in the administration of, or preventing and detecting fraud and abuse in its programs and operations. These may include facilitation, training and advisory services
- Issue periodic reports to the Committee on Audit and Operations Review and management summarizing results of audit activities
- Receive complaints and coordinate all activities of the university as required by the Whistle-blower's Act pursuant to Sections 112.3187-112.31895, Florida Statutes
- In accordance with the university’s Policy on Fraudulent and Dishonest Acts, receive and consider complaints that do not meet the criteria for an investigation under the Whistle-blower's Act and conduct, supervise, or coordinate such inquiries, investigations, or reviews as appropriate
- Keep the university President, the Senior Vice President and Chief Operating Officer, management and the Committee on Audit and Operations Review for the university’s Board of Trustees informed concerning fraud, abuses, and internal control deficiencies relating to programs and operations, initiate corrective actions, and report on the progress made in implementing corrective actions
- Consider the scope of work and ensure effective coordination and cooperation between the Auditor General, federal auditors, and other governmental bodies and external auditors with a view toward avoiding duplication.
- Review, as appropriate, rules and procedures relating to the programs and operations of the university and make recommendations concerning their impact
- Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter
- Provide the Committee on Audit and Operations Review a report on the OIA organizational and staff independence
- Establish a quality assurance program by which the CAE assures the operations of the OIA activities.
- Keep the Committee on Audit and Operations Review informed of emerging trends and successful practices in internal auditing
- Provide an annual report with significant measurement goals and results to the Committee on Audit and Operations Review
In the performance of these services, the Office of Internal Audit will ensure that an appropriate balance is maintained between audit, investigative, and other activities. Detailed operational procedures for the OIA will be established and maintained.
Standards of Audit Practice
The OIA will meet or exceed the Institute’s International Standards for the Professional Practice of Internal Auditing.
The OIA staff members have a responsibility to the interest of those they serve and should refrain from entering into any activity that may create a conflict of interest. They have an obligation of self-discipline above and beyond the requirements of laws and regulations. They should uphold and demonstrate qualities of integrity, honesty, loyalty, morality, dignity, and confidentiality consistent with the Institute of Internal Auditors Code of Ethics.