The Division of Audit (DoA, or The Division) provides independent, objective assurance and consulting services
designed to add value and improve the University’s operations. It helps the University
accomplish its objectives by bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of risk management, control, and governance processes.
The Division serves as a proactive business partner with University management by
evaluating business processes, controls, compliance mechanisms and technologies to
Business risks are appropriately identified and managed;
Assets and resources are properly controlled;
Operational, financial, and managerial information is accurate and reliable;
University actions are in compliance with policies, procedures, standards, and state
and federal laws and regulations;
Effective coordination and cooperation is provided to external auditors to avoid duplication
Allegations of fraud, waste, and abuse, and complaints received from the Chief IG
and Board of Governors are appropriately investigated; and
Quality and continuous improvement are fostered in the University’s control process.
Internal auditing is an independent and objective assurance and consulting activity
that is guided by a philosophy of adding value to improve the operations of the University.
It assists the University in accomplishing its objectives by bringing a systematic
and disciplined approach to evaluate and improve the effectiveness of the University’s
governance, risk management, and internal control processes.
To accomplish its mission, the University must maintain the confidence of its Board
of Trustees (BOT), faculty, staff, students, alumni, the public, elected officials,
and various other stakeholders. The Division provides valuable support in maintaining
the public’s confidence by performing independent and objective reviews, risk management
activities, and reporting to the Audit and Compliance Committee and responsible administrative
and academic officers so that corrective actions, risk response plans, and enhancements
can be initiated. The Division’s objective is to assist the BOT, President, and University
management in the effective discharge of their responsibilities.
The Division of Audit (Division, or DoA) provides insight on the mitigation of business
risk to assist the BOT and University management in the effective discharge of their
responsibilities as they relate to the University policies, processes, programs, information
systems, internal controls, and management reporting. The Division of Audit is a
point of coordination of and responsibility for activities that promote accountability,
integrity, and efficiency in university operations.
The DoA's mission is to enhance and protect the value of FAMU and its stakeholders
by providing excellence in risk-based and objective assurance, advice, and insight
through the promotion of accountability, integrity, and efficiency.
Audit and consulting activities will conform to the International Professional Practices Framework published by the Institute of Internal Auditors, Inc. and/or the Information Systems Auditing Standards published by ISACA. The DoA shall uphold the principles of integrity, objectivity,
confidentiality, and competency as defined in the Institute of lnternal Auditors'
Code of Ethics. The DoA is to utilize the Committee of Sponsoring Organizations (COSO) as the model
for evaluating the adequacy of internal controls. Additionally, the Division will
adhere to the University's regulations, the Division's standard operating procedures
manual, and Florida Board of Governors regulations and standards.
Investigation activities will conform to standards found in the Principles and Standards for Offices of Inspector General published by the Association of Inspectors General, and professional standards issued
for the State University System of Florida entitled Standards for Complaint Handling and Investigations for the State University System
The Division provides audit, investigative, and risk management services to all entities
of Florida A&M University, including schools, colleges, administrative departments,
auxiliary enterprises, and direct support organizations. Accordingly, the Division
is authorized to:
Have timely, unlimited, and unrestricted access to all data, books, records, files,
property, information systems, and personnel of Florida A&M University as necessary
to carry out the Division’s duties and responsibilities;
Allocate resources, establish schedules, select subjects, determine scopes of work,
and apply the techniques required to accomplish objectives;
Obtain the essential assistance and cooperation of personnel in areas of the University
where audits and investigations are performed, as well as other specialized services
from within or outside the University;
Facilitate the university’s Enterprise Risk Management (ERM) by creating and maintaining
the framework which ensures that risks are appropriately identified, assessed, managed,
and considered in institutional decision making; and
Have free and unrestricted access to the BOT.
The Vice President of the Division of Audit serves as the University's Chief Audit
Executive, as described in the International Standards for the Professional Practice of Internal Auditing, and as Inspector General as authorized in Section 112.3189(1), Florida Statutes. The
Associate Vice President for Audit serves as the University's Chief Risk Officer.
The Chief Audit Executive and/or the Chief Risk Officer shall notify the chair of
the BOT's audit committee or the President, as appropriate, of any unresolved restriction
or barrier imposed by any individual on the scope of an inquiry, or the failure to
provide access to necessary information or people for the purposes of such inquiry.
The Chief Audit Executive and/or Chief Risk Officer shall work with the BOT and university
management to remedy scope or access limitations. If the university is not able to
remedy such limitations, the Chief Audit Executive shall timely notify the Board of
Governors, through the Office of Inspector General and Director of Compliance (OIGC),
of any such restriction, barrier, or limitation.
The Chief Audit Executive and Chief Risk Officer reports functionally to the Chair
of the BOT and to the Chair of the BOT's Audit and Compliance Committee, and therefore
communicates and interacts directly with the BOT, including at BOT meetings and between
BOT meetings as appropriate. The Chief Audit Executive reports administratively to
the President of the University. The Chief Risk Officer reports administratively to
the Vice President of Audit but shall have free and unrestricted access to the President
of the University.
The BOT will:
Approve the charter of the Division of Audit;
Approve the risk-based internal audit plan;
Receive communications from the Chief Audit Executive on the internal audit activity's
performance relative to its plan and other matters;
Approve all decisions regarding the performance evaluation, appointment, removal,
and annual compensation and salary adjustment of the Chief Audit Executive;
Approve ERM annual reports, institutional risk portfolio, risk appetite guidance,
and reports on the status of risk response efforts; and
Make appropriate inquiries of management and the Chief Audit Executive to determine
whether there is inappropriate scope or resource limitations.
The Chief Audit Executive shall report directly to the Chair of the BOT and Chair
of the BOT's Audit and Compliance Committee any allegations about the University President.
Any allegations related to the Chief Audit Executive shall be reported to the University
President and Chair of the BOT's Audit and Compliance Committee. Any allegations against
BOT members shall be reported to the Board of Governors. These allegations are not
to be handled internally and are not to be investigated by the Division.
The Division will remain free from interference by any element in the University,
including matters of audit and investigation selection, scope, procedures, frequency,
timing, or report content to permit maintenance of a necessary independent and objective
Division staff must have no personal and external impairments to their independence,
and have no direct responsibility or authority over any of the activities audited.
Accordingly, they will not implement internal controls, develop procedures, install
systems, prepare records, or engage in any other activity that may impair their judgment.
Division staff will exhibit the highest level of professional objectivity in gathering,
evaluating, and communicating information about the activity or process being examined.
Division staff will make a balanced assessment of all the relevant circumstances and
not be unduly influenced by their own interests or by others in forming judgments.
The Chief Audit Executive will confirm to the BOT, at least annually, the organizational
independence of the internal audit activity.
The scope of internal audit encompasses, but is not limited to, providing assurance
to management by examining and evaluating of the adequacy and effectiveness of the
university’s governance, risk management, and internal controls as well as the quality
of performance in carrying out assigned responsibilities to achieve the University’s
stated goals and objectives.
Chief Audit Executive
The Chief Audit Executive is responsible for fulfillment of the following activities:
Provide direction for, supervise, and coordinate audits, investigations, and risk
management activities which promote economy, efficiency, and effectiveness in the
administration of university programs and operations including, but not limited to,
auxiliary facilities and services, direct suppo1t organizations, and other component
Conduct, supervise, or coordinate activities for the purpose of preventing and detecting
fraud and abuse within university programs and operations including, but not limited
to, auxiliary facilities and services, direct support organizations, and other component
Maintaining a professional audit staff with sufficient knowledge, skills, abilities,
experience, and professional certifications;
Perform consulting and advisory services related to governance, risk management and
control as appropriate for the University. Such services include management requests,
and participation in institutional committees;
Review statutory whistle-blower information and coordinate all activities of the university
as required by the Florida Whistle-blower's Act;
Address significant and credible allegations relating to waste, fraud, or financial
mismanagement as provided in Board of Governors Regulation 4.001;
Keep the President and BOT informed concerning significant and credible allegations
and known occurrences of waste, fraud, mismanagement, abuses, and deficiencies relating
to university progran1s and operations; recommend corrective actions; and report on
the progress made in implementing corrective actions;
Promote, in collaboration with other appropriate university officials, effective coordination
between the university and the Florida Auditor General, federal auditors, accrediting
bodies, and other governmental or oversight Consider the scope of their work for the
purpose of providing optimal audit coverage to the University at a reasonable overall
Review and make recommendations, as appropriate, concerning policies and regulations
related to the university's programs and operations including, but not limited to,
auxiliary facilities and services, direct support organizations, and other component
Evaluate the systems established to ensure compliance with policies, plans, procedures,
laws and regulations which could have a significant impact on the University;
Evaluate the reliability and integrity of information and the means used to identify,
measure, classify, and report such information;
Evaluate risk exposures relating to achievement of the university's strategic objectives;
Evaluating the means of safeguarding assets and, as appropriate, verifying the existence
of such assets;
Communicate to the president and the board of trustees, at least annually, the office's
plans and resource requirements, including significant changes, and the impact of
Provide training and outreach, to the extent practicable, designed to promote accountability
and address topics such as fraud awareness, risk management, controls, and other related
Coordinate or request audit, financial- and fraud-related compliance, controls, and
investigative information or assistance as may be necessary from any university, federal,
state, or local government entity;
Develop and maintain a quality assurance and improvement program for the office of
Chief Audit Executive. This program must include an external assessment conducted
at least once every five (5) The external assessment report and any related improvement
plans shall be presented to the BOT, with a copy provided to the Board of Governors;
Establish policies that articulate the steps for reporting and escalating matters
of alleged misconduct, including criminal conduct, when there are reasonable grounds
to believe such conduct has occurred;
Inform the BOT when contracting for specific instances of audit or investigative assistance;
Report routinely to the BOT on matters including significant risk exposures, control
issues, fraud risks, governance issues, and other matters requested by the President
and the BOT.
Chief Risk Officer
The Chief Risk Officer is responsible for fulfillment of the following activities:
Primary responsibility for facilitating the design and implementation of Enterprise
Risk Management consistent with COSO's Enterprise Risk Management: Integrated with
Strategy and Performance in collaboration with university leadership;
Responsible and accountable for overseeing the development, implementation, and fostering
of a collaborative, can1pus-wide approach to ERM at the University;
Promote the consistent use of risk management and ownership of risk at all levels
of the institution;
Build a risk-aware culture, including appropriate education and training;
Lead the institution's processes for identifying, analyzing, evaluating, responding
to and controlling, monitoring, and reporting on key risks;
Submit risk information for review on a regular basis to the Board of Trustees Audit
and Compliance Committee and the full Board;
Charge, appoint, and oversee the work of an ERM Advisory Committee (ERMAC);
Submit high-level recommendations to the President for keeping identified risks within
tolerance levels; and
Annually submit a Risk Appetite Statement to the BOT for review.
We will be championed by our customers, benchmarked by our peers (counterparts), and
dedicated to excellence in our products and services.
The Division's mission is to enhance and protect the value of FAMU and its stakeholders
by providing excellence in risk-based and objective assurance, advice, and insight
through the promotion of accountability, integrity, and efficiency.
Values, Principles, and Priorities
Accountability - Accountability is an obligation or willingness to accept responsibility or to account
for one's actions
Inclusion - Inclusion is the act of including; the state of being included; the act or practice of including and accommodating people who have historically been
excluded (as because of their race, gender, sexuality, or ability)
Innovation - Innovation is a new idea, method, or device.
Integrity - Firm adherence to a code of especially moral or artistic values; incorruptibility;
an unimpaired condition : soundness; the quality or state of being complete or undivided;
Responsibility equals accountability equals ownership. And a sense of ownership is the most powerful weapon a team or
organization can have. – Pat Summitt
Diversity is having a seat at the table, Inclusion is having a voice, and Belonging is having a voice be heard. – Liz Fosslien
Innovation is the ability to see change as an opportunity – not a threat. – Steve Jobs
If you have integrity, nothing else matters. If you don’t have integrity, nothing else matters. – Alan Simpson
Efficiency - the quality or degree of being efficient; capable of producing desired results with little or no waste (as of time or materials)
Objectivity - the quality or character of being objective; lack of favoritism toward one side or another; freedom from bias
Confidentiality - the state of keeping or being kept secret or private
Competency - possession of sufficient knowledge or skill
Efficiency is the foundation for survival. Effectiveness is the foundation for success. – John C. Maxwell
Dispassionate objectivity is itself a passion, for the real and for the truth.– Abraham Maslow
Privacy [confidentiality] is an inherent human right, and a requirement for maintaining the human condition
with dignity and respect. – Bruce Schneier
Competence goes beyond words. It’s the leader’s ability to say it, plan it, and do it in such
a way that others know that you know how – and know that they want to follow you.
– John C. Maxwell