10.3 Internal Audit

POLICY

It is the policy of this university to establish and support an internal auditing department as an independent appraisal function to examine and evaluate university activities as a service to management and the Board of Governors. The Office of Internal Audit (IA) reports administratively to the President and functionally to the Audit Subcommittee of the Executive Committee of the Board of Governors and provides an assessment of the University's internal control environment and risks.

MISSION

The mission of the Office of Internal Audit is to provide an independent, objective assurance and consulting activity designed to add value and improve the University's operations. The Office of Internal Audit aims to help the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

AUTHORITY

To accomplish its assigned responsibilities, IA has full access to all university records, properties and personnel, and is free, within its scope, to review plans, systems, procedures and records. Refer to the Office of Internal Audit Charter at: 
https://internalaudit.wayne.edu/docs/ia_charter_june_2022

SERVICES

The Office of Internal Audit audits for internal controls related to:

  • Compliance with policies and procedures, laws, and regulations
  • Accomplishment of goals and objectives and authorization of transactions
  • Reliability and accuracy of data
  • Efficiency and effectiveness of operations and the economical use of resources
  • Safeguarding of assets
  • Fraud prevention and detection

In conducting its work, IA performs the following services:

  • Audits: Audits are scheduled annually based on assessed risk or by management request. Audits are more detailed in nature and are intended to provide a certain level of assurance on the adequacy of internal controls for the business unit or process and may encompass various business processes. The scope of all audits may be integrated to include audit procedures which may include the following engagement types and scope:
    • Operational effectiveness and efficiency of operations and the economical use of resources
    • Financial fiscal management and the validity, accuracy, and proper accounting of financial transactions
    • Compliance compliance with federal, state, and/or local laws and regulations, and university or other applicable policies, procedures, and contractual requirements
    • Information Technology (IT) general controls over systems, applications, and IT equipment to ensure the security and integrity of data and data processing
  • Reviews: Higher level engagements addressing a specific concern or activity and is intended to provide a basic level of understanding of the process and its internal controls for the business unit. Procedures may include trend analysis, business process review, inquiries or other highlevel procedures.
  • Forensic Investigations: Conducted on a case-by-case basis by specific request or notification via the anonymous tips webpage, hotline or other media (i.e., e-mail, phone call, etc.). The scope of the investigation depends on the nature of the allegation and may be very detailed in nature. The anonymous tips webpage is located at www.internalaudit.wayne.edu. The hotline is (313) 577-5138.
  • Consulting: Engagements conducted at the request of or in collaboration with management to review specific processes and provide advice on policy development, operations, internal controls, system development initiatives, process improvements, and an array of other business matters.
  • Compliance: IA serves as the University's liaison to coordinate, monitor, respond to, and report on all external audits, reviews and site visits. Management is required to report to IA the notification of any compliance activities they may receive from external agencies/auditors. IA will collaborate with the unit management to provide assistance to external auditors, to prepare the departmental auditees(s) for the visit, and write the response to all external audit reports.

INTERNAL AUDIT FILES

All documentation obtained during the course of an IA engagement are the property of WSU's Office of Internal Audit and are maintained in accordance with IA's record retention policy. Requests for audit files and reports must be made in writing to the Associate Vice President and Chief Audit Executive (CAE).

AUDIT REPORTS

Upon completion of an audit, review, or investigation, IA will provide management with a draft report that will include IA's findings and recommendations. Management must provide IA with a response to the findings and recommendations within 10 calendar days. The final IA report will be distributed electronically to senior and departmental management and others as deemed appropriate. Copies of IA's reports will also be provided to the external auditors and the Audit Subcommittee of the Board of Governors.

FOLLOW-UP

IA will follow up with management to ensure that all of management's action plans are implemented within the prescribed timeframes. The status of all open items will be reported to management on a monthly basis and to the President and the Audit Subcommittee of the Board of Governors on a quarterly basis. Management will be required to report, in person, to the Audit Subcommittee on any open items in excess of 90 calendar days past due.

PROFESSIONAL STANDARDS

Internal Audit complies with the University policies and procedures and various professional accounting, auditing, investigative and information technology standards, which include, but are not limited to the following:

  • The Institute of Internal Auditors (IIA)
  • The Information Systems Audit and Control Association (formally known as ISACA)
  • The Association of Certified Fraud Examiners (ACFE)
  • The National Association of College and University Business Officers (NACUBO)
  • The American Institute of Certified Public Accountants (AICPA)
  • The Governmental Accounting Standards Board (GASB)
  • The Federal and State Government where applicable

For additional information about the Office of Internal Audit, please visit our website at http://internalaudit.wayne.edu/.

PROCEDURES

Task

Responsibility

Process

Requesting IA Services

 

Unit Management

 

  1. Email the IA AVP/CAE and include the following:
    • Unit or process
    • Type of IA service needed
    • Desired timing
    • Justification for the request
  IA AVP/CAE
  1. Provide management with a response to the request and plan the engagement accordingly.
Notification of External Audits, Reviews, and Site Visits Unit Management
  1. Email the IA Quality Assurance Manager and include the following:
    • Agency name
    • Auditors' names
    • Proposed date(s)
    • Copy of any written correspondence
    • Unit name, account number(s), grant(s) or contract(s) involved
    • Grant/contract award amount
    • Grant/contract term
    • Documentation request list
  Internal Audit
  1. Conduct a pre-audit meeting with the unit management. Include a representative from Sponsored Program Administration (SPA) if a grant or contract.
  2. Coordinate the audit with the external agency and other WSU personnel as needed.
  3. Attend meetings with management and the external auditors as needed.
  4. Obtain support for all potential findings.
  5. Prepare all audit responses in collaboration with unit management and others as needed.
  6. Submit the final response to the external auditors.
  7. Report all external audits to the President, senior management, the external auditors, and the Audit Subcommittee of the Board of Governors.
  8. Follow up on management's action plans to ensure they are implemented in compliance with the external auditor's recommendations.
Engaging External Auditors Internal Audit
  1. Serves as the lead liaison for all University external audit services.
  2. Collaborates with the President, Audit Subcommittee, and the Chief Financial Officer on the external audit services needed.
  3. Collaborates with the Procurement and Strategic Sourcing (PSS) department, and other unit management as needed, on executing a competitive bid process if the estimated audit fees will exceed the required dollar limit for such a process.