Internal Auditing and Fraud Investigation

Mark R. Simmons, CIA, CFE

Articles on Internal Auditing

Internal Auditing Charter of Authority and Responsibility

Introduction

The purpose of this charter is to establish the Internal Auditing function within the University, authorize its access to records, personnel, and physical properties relevant to the performance of audits; and to define the nature, objective and scope of internal auditing activities.

Nature of Internal Control and Internal Auditing

Internal control is the responsibility of every member of the University community. It is a process, effected by the Board of Trustees, University leadership, and others, designed to provide reasonable assurance of: (1) effective and efficient operations; (2) reliable financial data; and (3) compliance with applicable laws and regulations. The required reasonable assurance exists when all the components of management control (the control environment; risk assessment processes; control activities; information and communication systems; and monitoring activities) are present and operate effectively.

Internal auditing is an independent, objective assurance and consulting activity which is managed within the University as an integral part of its risk management, control and governance processes. It assists the University leadership in accomplishment of objectives by assessing the state of internal control. In that regard, internal auditing: helps the University community understand and assess risk; evaluates the adequacy of techniques to manage risk; provides an assessment of the level of comfort that risk management, control and governance processes are operating effectively and efficiently; and identifies and recommends changes that add value. Through these assurance and consultative activities, internal auditing helps the University leadership accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

Objective of Internal Auditing 

The objective of internal auditing is to assist the University community in the effective discharge of its control responsibilities and duties. To this end, internal auditing furnishes analyses, appraisals, recommendations, counsel, and information regarding the state of internal control. The auditing objective includes promoting effective control at reasonable cost.

Scope of Internal Auditing

The scope of internal auditing encompasses the examination and evaluation of the adequacy and effectiveness of the system of internal control. Internal auditing seeks to answer one or more of the following risk focused questions:

1. Do controls over operations provide the University leadership with reasonable assurance that operations and programs are being carried out as planned, and that results of operations are consistent with established goals and objectives.

2. Do controls over operations provide the University leadership with reasonable assurance that resources are used efficiently and economically. In this context, internal auditing evaluates whether operating standards have been established for measuring economy and efficiency; whether operating standards are understood and are being met; whether deviations from operating standards are identified, analyzed and communicated to those responsible for corrective action; and whether effective corrective action has been taken.

3. Do controls over assets provide the University leadership with reasonable assurance that assets are protected against loss that could result from fire, theft, other improper or illegal activities, or exposure to the elements.

4. Do controls over compliance with policies, procedures, plans, laws and regulations provide the University leadership with reasonable assurance that proper compliance actually occurs.

5. Do controls over financial and operating data provide the University leadership with reasonable assurance that such data is accurate and reliable.

Responsibilities and Authority of Internal Auditing

The Internal Audit Director is assigned the responsibility for carrying out an auditing program as previously described. This responsibility includes coordinating internal auditing activities with others so as to best achieve objectives and goals. In carrying out this mission, the Internal Audit Director is given free and unencumbered access to all relevant records, personnel, and physical properties.

Upon the completion of an audit, the Internal Audit Director will discuss the results with those members of the University community responsible for the area evaluated. A report of results and the responsible manager's proposed course of action will be sent by the Internal Audit Director to the appropriate executive leader for information, monitoring and follow-up.

The Internal Audit Director will report administratively and functionally to the President of the University, and will have direct access to the Executive Committee of the Board of Trustees. The Internal Audit Director will submit annually to the President of the University for information, and to the Executive Committee of the Board of Trustees for approval, a summary of the audit work schedule and audit results.

Fraud 

Deterrence of fraud is the responsibility of the University’s leadership. Internal auditing is responsible for examining and evaluating the adequacy and the effectiveness of actions taken to fulfill this obligation. Internal auditors should have sufficient knowledge of fraud to be able to identify indicators that fraud might have occurred. If significant control weaknesses are detected, additional tests conducted by internal auditors should include tests directed toward the identification of other indicators of fraud. Unless trained professionally in the investigation of white collar crime, internal auditors are not expected to have knowledge equivalent to that of a person whose primary responsibility is to detect and investigate fraud. Also, auditing procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected.

Internal auditing will assist in the investigation of fraud in order to: (1) determine if controls need to be implemented or strengthened, (2) design audit tests to help disclose the existence of similar frauds in the future, and (3) help meet internal auditing’s responsibility to maintain sufficient knowledge of fraud. At the conclusion of the investigation, the Internal Audit Director will issue a report on internal control findings, conclusions, recommendations, and corrective actions planned or taken.

Performance Standards

Internal audits will be performed according to University policy, the Standards for Internal Auditing promulgated by The Institute of Internal Auditors, and good business sense.

 

Home | Bio  | Internal Auditing | Fraud Investigation | Request to Reprint

© 1996-2008 Mark R Simmons, CIA, CFE. All rights reserved. Updated 05-Jun-2008
Designed and maintained by Web Wise Concepts, LLC for http://www.facilitatedcontrols.com