What is the difference between the audit services provided through SOU’s Internal Audit Office (IAO) and external auditors that audit SOU?
IAO works specifically to help SOU achieve its mission and objectives. Internal auditors at SOU are dedicated to helping colleagues by providing independent assessments specific to SOU’s needs, and also offers consulting services and trainings to improve internal controls and risk mitigation processes at SOU. Periodically, SOU has external auditors that conduct a variety of audits at the university. External auditors are not SOU employees, but are granted access to review records and interact with personnel within the scope and objectives of their audit engagement.
Two mandatory audit projects that are conducted each year by external auditors are the:
1) Financial Statement Audit
2) Single Audit
In addition to these mandatory audits at SOU, SOU may be audited periodically by organizations such as the Secretary of State – Oregon Audits Division, the Office of Inspector General, grantors, and/or organizations tasked with laws and regulations relating to health, safety, environmental requirements, and animal welfare
How do you decide what to audit?
Audit topics are identified as part of an annual risk assessment the Internal Audit Office (IAO) conducts. The primary goal of the annual risk assessment is to identify audit topics that will provided value to SOU’s governance processes and will provide reasonable assurance on the operating effectiveness of key operations at SOU. See the annual audit plan here
What is a risk assessment?
A risk assessment serves as a tool for management to share concerns about factors that may prevent the university from meeting its objectives. Auditors gather information that helps to assess risks in generally understood classifications such as high-risk, moderate risk, or low-risk events to the university as a whole. IAO considers multiple factors when assessing risk such as internal and external factors, the likelihood of a negative event occurring and the severity that event would have to SOU if it were to occur, trends within finances over a multi-year time period, and time elapsed since the last time an audit has occurred. IAO then works with the governance structure at SOU to collaborate on next steps to address the results of the risk assessment. The results are used to develop an annual internal audit plan which is vetted through leadership and approved by the President of SOU and the Board of Trustees
Who audits the SOU Internal Audit Office?
SOU’s Internal Audit Office must go through an external peer review every 5 years to comply with the International Standards for the Professional Practice of Internal Auditing Standards. The results of the peer review are shared with the President of SOU and members of the Board of Trustees. Moreover, IAO may be selected for an audit by external organizations such as:
- Secretary of State – Oregon Audits Division;
- An external audit firm hired by SOU; and/or
- Federal agencies like the Office of Inspector General
What authority does the Internal Audit Office have?
The Internal Audit Charter, which was approved by the SOU Board of Trustees, defines the purpose, authority, and responsibility of the SOU’s Internal Audit Office (IAO). The charter grants the IAO full and complete access to any of the University’s records, physical properties, and personnel.
Does Internal Audit have authority for the SOU Foundation?
No, the SOU Foundation is a separate entity from SOU. The SOU Internal Audit Office must obtain authorization from the SOU Foundation before conducting any assurance and/or consulting services for operations and/or transactions processed through the SOU Foundation.
Can I request to have an internal audit performed of my department and/or a process, I would like some assurance on even if my department was not selected on the annual audit plan?
Yes, you can make a formal request to the Director of Internal Audit, after you have obtained approval to submit the request from your supervisor (i.e. Dean, Director, etc…). The request will be reviewed by the Director of Internal Audit and President of SOU and a decision on the request will be communicated back to appropriate personnel. Due to finite resources, IAO may not be able to accommodate the request in the timeframe requested.
Does the department have an opportunity to respond to audit findings and recommendations?
Yes, internal audit observation updates are provided to applicable management on a monthly basis. Throughout the audit project, management has the ability to provide further records and/or updated information to IAO to help address initial audit observations denoted. In addition, management must provide a management response to all formal recommendations made at the audit Exit Conference. This response is included in the final audit results provided to applicable management, the President of SOU, and the members of the Board of Trustees.
What standards do internal auditors follow?
- International Standards for the Professional Practice of Internal Auditing Standards
- Institute of Internal Auditors Code of Ethics
- Committee of Sponsoring Organizations of the Treadway Commission