Division Of Audit and Compliance Charter Purpose
Internal auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of the University. It assists the University in accomplishing its objectives by bringing systematic and disciplined approach to evaluate and improve the effectiveness of the University’s risk management, control, and governance processes.
In 2005, the Florida A&M University Board of Trustees (BOT) approved Resolution 14-05 adopting a university-wide compliance program as the foundation of the internal control and compliance environment. In support of the compliance program, the BOT maintains an internal audit and compliance function that is an integral component of the governance structure. The Division of Audit and Compliance (DAC) provides insight on the mitigation of business risk to assist the BOT and University management in the effective discharge of their responsibilities as they relate to the University policies, processes, programs, information systems, internal controls, and management reporting.
DAC provides independent, objective assurance and consulting services designed to add value and improve the University’s operations. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
DAC serves as a proactive business partner with University management by evaluating business processes, controls, compliance mechanisms and technologies to ensure:
Standards and Professionalism
- Business risks are appropriately identified and managed;
- Assets and resources are properly controlled;
- Operational, financial, and managerial information is accurate and reliable;
- University actions are in compliance with policies, procedures, standards, and state and federal laws and regulations;
- Effective coordination and cooperation is provided to external auditors to avoid duplication of effort;
- Allegations of fraud, waste, and abuse, and complaints received from the Chief IG and Board of Governors are appropriately investigated; and
- Quality and continuous improvement are fostered in the University’s control process.
Audit and compliance activities shall be performed in accordance with appropriate professional standards, including, but not limited to, generally accepted auditing standards as advocated by the Institute of Internal Auditors in International Standards for the Professional Practice of Internal Auditing, and the Government Auditing Standards as promulgated by the Government Accountability Office.
The IIA Practice Advisories, Practice Guides, and Position Papers will also be adhered to as applicable to guide operations. Additionally, DAC will adhere to the University’s regulations and DAC’s standard operating procedures manual.
DAC staff have a responsibility to maintain exemplary ethics, integrity and objectivity in the performance of their duties. Professional behavior must conform to the Code of Ethics issued by the Institute of Internal Auditors and the University’s Code of Conduct.
DAC provides audit and investigative services to all entities of Florida A&M University, including schools, colleges, administrative departments, auxiliary enterprises, and support organizations. Accordingly, DAC is authorized to:
- Have unlimited and unrestricted access to all data, books, records, files, property, information systems, and personnel of Florida A&M University as necessary to carry out their duties and responsibilities;
- Allocate resources, establish schedules, select subjects, determine scopes of work, and apply the techniques required to accomplish objectives;
- Obtain the essential assistance and cooperation of personnel in areas of the University where audits and investigations are performed, as well as other specialized services from within or outside the University; and
- Have free and unrestricted access to the BOT.
In order to maintain an effective spirit of independence and objectivity, DAC staff shall have no day-to-day authority or operating responsibilities for the management processes and activities reviewed. Thus, audit and review activities do not relieve University administrators, staff and faculty of the responsibilities assigned to them.
The Vice President of DAC, in the discharge of his/her duties, shall be accountable to University management and the BOT Audit Committee to:
- Submit an annual audit plan for review and approval;
- Issue a report upon conclusion of each audit engagement and communicate the results of each to the BOT, including management’s response and timeframe for corrective action;
- Periodically report on the DAC’s purpose, authority, and responsibility, as well as performance relative to its audit plan, identifying any significant deviations from the approved audit plan;
- Confirm to the BOT, at least annually, the organizational independence of the internal audit activity;
- Report allegations of significant wrongdoing, including that for personal financial gain, that if substantiated, could cause significant harm or damage to the reputation of the University;
- Communicate the DAC’s quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every five years; and
- Provide an annual report on the activities and accomplishments of DAC.
The Vice President of DAC shall report directly to the Chair of the BOT and Chair of the BOT’s Audit Committee any allegations by, or about, the University President. Any allegations related to the Vice President of DAC shall be reported to the University President and Chair of the BOT’s Audit Committee. These allegations are not to be handled internally and are not to be investigated by DAC.
Independence and Objectivity
The Vice President of DAC, who serves as the Chief Audit Executive (CAE), reports functionally to the Chair of the BOT and to the Chair of the BOT’s Audit Committee, and therefore communicates and interacts directly with the BOT. The BOT approves all decisions regarding the performance evaluation, appointment, removal, and annual compensation and salary adjustment of the CAE. The CAE is appointed by and reports administratively and operationally to the University President.
This dual reporting relationship promotes independence and objectivity in all work performed by DAC. DAC staff must have no personal and external impairments to their independence, and have no direct responsibility or authority for any of the activities or operations they review. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment.
DAC is responsible for assessing the various functions and control systems of the University and for advising management of their status. The fulfillment of these responsibilities includes the following activities:
The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the University’s governance, risk management, internal process, and ability to achieve its goals and objectives. This can include the evaluation of the following:
- Perform an annual risk assessment of the University’s auditable areas to establish risk rankings relative to the adequacy and effectiveness of the processes/programs for controlling activities and managing risk;
- Develop and submit to the BOT for approval an annual audit plan that utilizes an appropriate risk-based methodology, including any risks or control concerns identified by management and the BOT;
- Perform audits, investigations, and consulting activities in accordance with the audit plan, including any special tasks or projects requested by University management and the BOT audit committee;
- Prepare and distribute a written report following the conclusion of each engagement; (include management’s response and proposed corrective actions)
- Monitor the disposition of planned corrective actions that result from observations or recommendations of DAC or external regulatory agencies;
- Hire and retain professional staff with sufficient knowledge, skills, experience, and professional certifications to fulfill the responsibilities of DAC, and ensure appropriate training and education is provided to staff in accordance with applicable professional education standards;
- Establish a quality assurance program by which the Vice President of DAC assures the operations of internal audit activities;
- Investigate allegations of suspected fraudulent activities within the University and notify University management of the results;
- Ensure effective coordination and cooperation with external auditors and regulators, and consider the scope of their work for the purpose of providing optimal audit coverage to the University at a reasonable overall cost; and
- Support the University President and senior management, as requested, in any manner that improves the overall performance of the University.
- Reliability and integrity of information and the means used to identify, measure, classify, and report such information;
- Compliance with policies, plans, procedures, laws, and regulations that could have a significant impact on the University;
- Extent to which results of processes and programs are consistent with established objectives and goals;
- Safeguarding of assets and, as appropriate, verification of the existence of such assets;
- Effectiveness and efficiency with which resources are employed; and
- Effectiveness of the University’s risk management process.