The Internal Audit Department (Internal Audit) shall provide Michigan State University administrators and Trustees with an independent and objective evaluation of the effectiveness, efficiency, and application of the accounting, financial, and other internal controls necessary to accomplish University objectives in compliance with University policies and procedures, regulatory requirements, and sound business practices.
Internal Audit conducts reviews of University records and operations and reports the results of these reviews to management, including the President, and to the Audit Committee of the Board of Trustees. In fulfilling its responsibility to assist the President, Audit Committee, and University administrators in the effective discharge of their responsibilities, Internal Audit is committed to providing independent, objective, and timely service to its customers, as well as responding to their requests for consulting and other services, and to adding value to and improving the University’s operations. Internal Audit helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes1. Internal Audit conducts its projects in accordance with the Standards for the Professional Practice of Internal Auditing and Code of Ethics issued by The Institute of Internal Auditors. In addition, Internal Audit adheres to University policies and procedures.
The Director of Internal Audit and the Internal Audit staff are authorized to:
- Have full and unrestricted access to any and all University records, physical properties, and personnel relevant to any function under review or audit.
- Request the assistance of all University employees in fulfilling Internal Audit’s function.
- Maintain the independence necessary to render objective reports by assuring all audit activities (including audit scope, procedures, frequency, timing, and report content) are free from influence by auditee.
- Have free and unrestricted access to the President and Audit Committee.
The Director of Internal Audit and the Internal Audit staff are not authorized to:
- Perform any operational duties for the University or its affiliates.
- Initiate or approve accounting transactions external to Internal Audit.
- Assume direct operational responsibility or authority over any of the activities under review or audit.
- Develop or install systems or procedures, prepare records, or engage in any other activity that would normally be audited.
To provide for the independence of the Internal Audit Department, Internal Audit staff report to the Director of Internal Audit, who shall report administratively and functionally to the President with a dotted line to the Audit Committee.
The Director of Internal Audit and the Internal Audit staff have a responsibility to:
- Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the President for review and approval, with a copy to the Audit Committee. Significant changes to the approved plan shall be communicated to the President and to the Audit Committee.
- Implement the approved annual audit plan and any special tasks or projects requested by the President, the Audit Committee, or University management.
- Maintain sufficient knowledge, skills, expertise, and professional certifications to meet the requirements of this Charter.
- Apply the care and skill expected of a reasonably prudent and competent internal auditor.
- Safeguard the documents and information given to Internal Audit during a periodic review or audit in the same prudent manner employed by those employees normally accountable for the documents and information.
- Evaluate and assess new or changing services, processes, and operations coincident with their development, implementation, and/or expansion.
- Issue periodic reports to the President, Audit Committee, and management summarizing results of audit activities.
- Keep the President, Audit Committee, and management informed of emerging trends and successful practices in internal auditing.
- Assist in the investigation of significant suspected fraudulent activities within the University and notify the President, Audit Committee, and management of the results.
- Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.
The scope of Internal Audit encompasses the examination and evaluation of the adequacy and effectiveness of the University’s systems of internal control to achieve the stated goals and objectives of Michigan State University. The scope includes:
- Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
- Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a material impact on operations and reports.
- Reviewing established systems of internal control to ascertain whether they are functioning as designed.
- Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Reviewing specific operations at the request of the Audit Committee, the President, or other managers, as appropriate.
Individual University staff members are urged to contact the Internal Audit Department directly or use the Fiscal Misconduct hotline (800-763-0764) to report financial or operating irregularities or areas of doubt and concern. The identity of any employee making such contact will be kept confidential if so requested by the employee.
A written report will be prepared and issued by the Director of Internal Audit or designee following the conclusion of
each audit. A copy of each audit report will be forwarded to the President and to other affected parties. The Director
of Internal Audit will prepare quarterly reports and a semi-annual summary of significant findings, which will be forwarded to the
Audit Committee after review by the President.
The Director of Internal Audit or designee may include in the audit report the auditee’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management’s response should include a timetable for anticipated completion of the corrective action to be taken and an explanation for any recommendations not addressed by corrective action.
Internal Audit shall be responsible for appropriate follow-up on audit findings and recommendations.
Audit Standards and Ethics
Audit work of Internal Audit shall be performed in accordance with Generally Accepted Auditing Standards endorsed by the Institute of Internal Auditors in Standards for the Professional Practice of Internal Auditing.
Members of the Internal Audit Department are responsible to maintain the high standards of conduct, independence, and character necessary to provide proper and meaningful internal auditing for the University.
Signed September 6, 2012, by Lou Anna K. Simon, President, Thomas N. Luccock, Director of Internal Audit, and George Perles, Chair, Audit Committee
1 Governance processes include the following objectives:
- Promoting appropriate ethics and values within the organization.
- Ensuring effective organizational performance management and accountability.
- Effectively communicating risk and control information to appropriate areas of the organization.
- Effectively coordinating the activities of and communicating information among the board, external and internal auditors, and management.
(The IIA Research Foundation “The Professional Practices Framework” Altamonte Springs, Florida, 2004, p. 17.)