16.1 Internal Audit Functions Across the ÖгöÉÙ¸¾ÊÓƵ
(Last Modified on February 2, 2024)
The internal audit function may be comprised of several models:
- A dedicated auditor model where an institution employs audit professionals specifically to serve the needs of the institution;
- A shared auditor or regional model where audit professionals are assigned and funded by multiple institutions; and,
- A system office model where the OIAEC staff provides internal audit services for the ÖгöÉÙ¸¾ÊÓƵ system as a whole or assists with engagements at individual institutions as needed.
For institutional models either dedicated or shared, the institutional chief auditor (ICA) has a direct reporting relationship to the president of his or her institution(s) and to the ÖгöÉÙ¸¾ÊÓƵ Chief Audit Officer (CAO). Board Policy 7.9.2 and the ÖгöÉÙ¸¾ÊÓƵ internal audit charter specifies the duties and responsibilities associated with the ICAÖгöÉÙ¸¾ÊÓƵ™s reporting relationships. The institutional president and the CAO approve institutional audit charters. Further duties of the CAO and the ICAs are specified in the internal audit charter and in the CAOÖгöÉÙ¸¾ÊÓƵ™s internal audit manual.
The ICA at each institution must submit an audit plan to the CAO in accordance with guidance provided by the CAO. Any modifications to an institutionÖгöÉÙ¸¾ÊÓƵ™s audit plan must be approved by the CAO. The CAO will review and approve the audit plans, and utilizing a risk-based approach, will develop a system-wide audit plan. The implementation of the system-wide audit plan will be coordinated with the institutional internal audit plans and with external assurance providers to minimize duplication of effort and disruption of auditee operations. The CAO has the authority to direct the ICAs to audit specific functions at their institutions. Additionally, each ICA will submit engagement reports to the CAO for summary reporting to the Board and for the annual report to the BOR Committee on Internal Audit, Risk, and Compliance (IARC Committee).
The ICAs must meet periodically with the CAO to discuss engagements, issues and observations relevant to the ÖгöÉÙ¸¾ÊÓƵÖгöÉÙ¸¾ÊÓƵ™s Internal Audit function.
Institutional audit staff are responsible for performing appropriate audit procedures to verify corrective action of each issue rated as material. Corrective action follow-up will continue until issue(s) are closed or resolved. OIAEC auditors shall verify corrective action for those institutions without an institutional internal audit function.
The CAO reports directly to the Chancellor and to the IARC Committee as required in Board Policy. The CAO is responsible for overseeing all phases of the internal audit function, both at the system level and institutional level. At the system office the CAO is supported by an Executive Director of Internal Audits and an Executive Director of Information Technology Audits along with a staff of audit professionals. The system office audit staff perform system-wide engagements as well as selected campus engagements. If a campus does not have an institutionally funded internal audit function, the system office staff will provide required engagement services for that campus.
↑ Top