Introduction

Ball State University supports the Department of Internal Audit and Advisory Services as an independent appraisal function to examine and evaluate University activities as a service to the administration and the Board of Trustees. The mission of the Department of Internal Audit and Advisory Services is to support members of the University in the effective discharge of their responsibilities. To this end, the Department of Internal Audit and Advisory Services will furnish analyses, recommendations, counsel, and information concerning the activities examined.

Organization and Board Reporting

The Director of Internal Audit and Advisory Services will report to the President and to the Audit and Compliance Committee (Committee) of the Board of Trustees. The Committee will carry out the following responsibilities:

  1. Approve the internal audit charter.
  2. Approve decisions regarding the appointment and removal of the Director of Internal Audit and Advisory Services. Ensure there are no unjustified restrictions or limitations, and review and concur in the appointment, replacement, or dismissal of the Director of Internal Audit and Advisory Services.
  3. Approve the annual audit plan and all major changes to the plan. Review the internal audit activity's performance relative to its plan.
  4. Review with the Director of Internal Audit and Advisory Services the internal audit budget, resource plan, activities, and organizational structure of the internal audit function.
  5. At least once per year, review the performance of the Director of Internal Audit and Advisory Services and concur with the annual compensation and salary adjustment.
  6. Review the effectiveness of the internal audit function, including conformance with The Institute of Internal Auditors' Definition of Internal Auditing, Code of Ethics, and the International Standards for Professional Practice of Internal Auditing.
  7. On a regular basis, meet separately with the Director of Internal Audit and Advisory Services to discuss any matters that the committee or internal audit believes should be in executive session.

Annually, the Director of Internal Audit and Advisory Services will submit to the Committee a written report on the internal audit activity during the preceding fiscal year. The Director of Internal Audit and Advisory Services will also make a written report to the Committee whenever there is evidence of misappropriation or other problems exceeding $5,000 or any other circumstances that reveal substantial procedural or ethical irregularities on the part of any university employee. In addition, if the circumstances ever warrant such action, the Director of Internal Audit and Advisory Services may circumvent normal university reporting lines and communicate directly with the Committee.

Authorization and Responsibilities

The Department of Internal Audit and Advisory Services has the authority to audit all parts of the university and shall have full and complete access to any of the organization's records, physical properties, information systems, and personnel relevant to the performance of an audit or investigation. Documents and information given to internal auditors during a periodic review will be handled in the same prudent manner as by those employees normally accountable for them.

The Department of Internal Audit and Advisory Services will have no direct responsibility or authority for any of the activities or operations they review. They should not develop and install procedures, prepare records, or engage in activities that would normally be reviewed by internal auditors. Furthermore, an internal audit does not in any way relieve other university personnel of their responsibilities.

Reporting Responsibilities

A report will be prepared and issued by the Director of Internal Audit and Advisory Services following the conclusion of each audit. Copies of the report will be distributed as appropriate. The head of the activity or department will respond before the final report is issued and the response will be included with the final report. The response will indicate corrective actions taken or planned regarding specific report findings.

The manager receiving the report is responsible for ensuring that progress is made toward correcting any reported findings. The Department of Internal Audit and Advisory Services is responsible for determining whether the action taken is adequate to resolve the audit findings. If the action is not adequate, the Department of Internal Audit and Advisory Services will inform university management and the Board of Trustees of the potential risk and exposure in allowing the unsatisfactory conditions to continue.

Mission Objective

The Department of Internal Audit and Advisory Services’ objectives in accomplishing its mission will include the following:

  1. Determine the accuracy and propriety of financial transactions.
  2. Evaluate, consult, and educate on financial and operational processes, controls, related risks, and exposures. Provide advice and guidance on control and risk aspects of new policies, systems, processes, and procedures.
  3. Verify the existence of university assets and determine whether proper safeguards are maintained to protect them from loss.
  4. Determine the level of compliance with university policies and procedures and state and federal laws and regulations.
  5. Evaluate the accuracy, effectiveness, and efficiency of the university's electronic information and processing systems.
  6. Determine the effectiveness and efficiency of organizations in accomplishing their mission and identify operational opportunities for cost savings and revenue enhancements.
  7. Coordinate audit efforts with, and provide assistance to, the Indiana State Board of Accounts and other external auditors.
  8. Investigate fraud and other types of fiscal misconduct.

Standards and Code of Ethics

The Department of Internal Audit and Advisory Services staff is responsible for conducting themselves so that their good faith and integrity will not be open to question. The Department of Internal Audit and Advisory Services has adopted the Codes of Ethics issued by the Institute of Internal Auditors and the Information Systems Audit and Control Association. Staff shall realize that individual judgment is required in the application of these standards.