BPM-105 Internal Audit
Revised March 13, 2013
Internal Audit provides independent, objective assessment of internal controls, governance and risk management in order to improve the University's operations. Internal Audit is responsible for performing a broad program of operational analyses involving (1) operational, (2) financial, (3) compliance and (4) investigative audits. Internal Audit works with management to identify areas of potential financial and business risk that warrant periodic or special review through the development of a multi-year audit plan.
AUTHORITY, RESPONSIBILITY, AND ACCOUNTABILITY
Internal Audit has a direct reporting line to the President and operationally reports through the office of the Vice President for Finance and Administration. Internal Audit meets regularly with the Audit Committee of the Board of Curators of the University. This committee serves as the Board committee on audit as stipulated in the Collected Rules and Regulations (10.050).
An Internal Audit Steering Committee with representatives from the four campuses, UM Healthcare, the University Controller, UM Information Technology, UM Human Resources, and the General Counsel's office, is chaired by the Director of Financial Services, who reports to the Vice President for Finance and Administration and serves as the Internal Audit liaison for the University of Missouri System.
The Chancellors and the Vice Chancellor for Health Sciences are responsible for any audit findings on their campus/UM Health Care and subsequent corrective action. At the System Office, the Vice Presidents are accountable for any audits occurring within their units.
- Evaluate the adequacy of the system of internal controls;
- Verify the existence of assets and proper safeguards;
- Validate the accuracy and propriety of financial transactions;
- Determine compliance with university policies and procedures and federal and state laws;
- Make process improvement recommendations to management based on evaluation and testing;
- Identify financial, operational, and reputational risks and the adequacy of the related controls;
- Consult with management on internal control matters, operational improvement and mitigation of risk; and
- Assist management in achieving financial and operational goals.
SCOPE OF ACTIVITIES
Internal Audit activities include:
- Developing a multi-year risk based audit plan in conjunction with the Internal Audit Steering Committee and senior university administrators. This plan shall be reviewed by the Audit Committee of the Board as stated in the Collected Rules and Regulations (10.050).
- Implementing the internal audit plan.
- Reviewing automated and manual controls supporting accounting, financial and operating procedures. Test preventative and detective controls.
- Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Assessing the efficiency with which resources are used.
- Evaluating operations and programs to determine if results are consistent with established goals and objectives; that operations and programs are being carried out as planned; and expected benefits are being received.
- Reporting to the President and the Audit Committee of the Board of Curators on a regular basis on all audits performed and on any current issues which may impact University operations.
- Educating the university community on issues related to internal controls and mitigation of risk.
- Investigating or assisting in investigation for special request audits, as requested by the President or Vice President for Finance and Administration.
REPORTS AND FOLLOW-UP
An audit protocol developed by System management, the Internal Audit Steering Committee, and Internal Audit delineates the roles, responsibilities and timelines governing the audit process from the issuance of the scope memorandum through distribution of the final report.
An audit follow-up process on all high and medium risk audit findings requires action by management within six to nine months after an audit has been completed. Internal Audit performs a follow-up to the audits to determine the status of the management initiatives to the audit findings. This web-based process allows the Internal Audit Steering Committee members to interactively work with and monitor their follow-up reports.
Internal Audit reports to the Audit Committee of the Board quarterly on audit reports and biannually on the status of the follow-ups to the audits.