Presentation is loading. Please wait.

Presentation is loading. Please wait.

SOU Internal Auditing By Ryan Schnobrich, C. P. A

Published byHope Leonard Modified over 6 years ago

Similar presentations

Presentation on theme: "SOU Internal Auditing By Ryan Schnobrich, C. P. A"— Presentation transcript:

1

2 SOU Internal Auditing By Ryan Schnobrich, C. P. A
SOU Internal Auditing By Ryan Schnobrich, C.P.A. Slides available on

3 Definition of Internal Auditing
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” – The Institute of Internal Auditors (IIA)

4 Types of Auditors . Internal Auditors External Auditors
Annual risk-based audit plan Process audits - identify, assess and evaluate areas of significant risk Annual Assessment of Management Responsibilities Assessment of Management’s Control of Fraud Risk Follow-up engagements Consulting services Investigative services External Auditors Accounting Firms Financial audits – concerned about material accuracy at SOU) Compliance audits – A-133 for Financial Aid Technical assessments – network security Government Agencies Regulatory compliance Performance audits

5 The Three Lines of Defense
The first line of defense is operational management who owns the risks and controls to mitigate those risks.   The second line of defense is the risk management and compliance functions which establish and monitor controls.   The third line of defense is internal audit who independently and objectively provides assurance on the effectiveness of governance, risk management and internal control including the manner in which the first and second lines of defense achieve their risk management and control objectives.

6 What is Assurance? Absolute assurance does not exist.
There are inherent limitations in systems: Use of judgment in establishing estimates; Human error; Interpretations of accounting and other standards; Degree of uncertainty, complexity, subjectivity, bias, possible concealment or fraud, etc.; There is audit risk: Use of sampling; Persuasive evidence instead of conclusive evidence; Limitations on access, scope, cost-benefit, etc.; Reasonable assurance Affirmatively, but not absolutely, proves that things are as they should be. Limited assurance Means nothing has come to my attention that would cause me to believe that things are not as they should be.

7 Standards Internal Audit operates within The Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing (“Standards” or “Red Book”) including the IIA’s Definition of Internal Auditing, Code of Ethics, Rules of Conduct and Quality Assurance Improvement Program: Independently identify and assess significant risks and their internal control processes. Provide independent and objective assurance to the Board of Trustees and assist the President via consulting and investigative services per Internal Audit’s Charter and Annual Internal Audit Plan. Integrate with executive management and coordinate alignment with enterprise risk management. Integrate with the General Counsel and coordinate alignment with legal standards. Integrate with the Board Secretary and coordinate alignment with governance standards. Internal Audit is part of the governance function, but it is not a part of the management or compliance functions. Therefore, Internal Audit does not make management decisions, direct employees, nor ensure that objectives are met.

8 Standards Internal Audit utilizes the Committee of Sponsoring Organizations of the Treadway Commission (COSO) control framework(s), Internal Audit’s procedure manual, and when required and not otherwise in conflict with the Standards, the Generally Accepted Government Auditing Standards (“Yellow Book”).  The IIA's Practice Advisories, Practice Guides, and Position Papers will guide operations as applicable.  Internal Audit will adhere to Southern Oregon University’s relevant policies and procedures, but in the event of conflicting direction, the Standards shall prevail. The Association of Independent Certified Public Accountants (AICPA) Professional Standards uses "consider" when the member is required to think about various matters, whereas "evaluate" is used when the member is to assess and weigh the importance of the matter.  "Determine" is used when a member is to arrive at a conclusion and make a decision.

9 Standards-Based Audit Process
1/15/2015 Standards-Based Audit Process Planning Preliminary research Entrance meeting Process discussions Information gathering Identification of audit scope Engagement outline Fieldwork Engagement plan Interviews Process reviews Testing and verification Document audit observations and conclusions Reporting Draft audit engagement report Exit meeting Management responses Final engagement report Final report distribution Fieldwork Discussion of audit issues/findings Audit findings are normal and expected during an internal audit. Audit findings themselves are not generally alarming to senior leadership or Audit Committee. Only when audit findings stay unresolved, they become an issue. Reporting Audit Report Draft Engagement background Opinion on control environment Findings and recommendations Distribution list CONTINUOUS COMMUNICATION

10 Purpose It is the purpose of Internal Audit to support the Executive and Audit Committee of the Southern Oregon University Board of Trustees and the University President by providing independent, objective assurance and consulting services designed to add value, support accountability and improve University operations. 

11 Mission It is the mission of Internal Audit to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight.

12 Executive & Audit Committee
Role It is required by professional standards that Internal Audit be totally independent and objective.  Therefore, Internal Audit is functionally accountable to the Executive and Audit Committee of the Board of Trustees, but reports administratively directly to the President. Board of Trustees Executive & Audit Committee President General Counsel Internal Auditor Board Secretary

13 Objectives It is the objective of Internal Audit to determine whether the University’s network of governance, risk management and control processes, as designed and represented by management, is adequate and functioning in a manner to confirm that: risks are appropriately identified and managed; specifically including management compliance with laws and regulations. governance interaction occurs as needed. significant financial, managerial, and operating information is accurate, reliable and timely. employee actions are in compliance with policies, standards, procedures, professional ethics and applicable laws and regulations; specifically including privacy and security. resources are acquired economically, used efficiently and adequately protected; specifically including review of management processes and internal controls and the deterrence, detection and prevention fraud. accountability systems are in place to ensure organizational and program missions, goals, plans, and objectives are achieved. the University’s control processes foster quality and continuous improvement; and significant legislative or regulatory issues affecting the University are recognized and properly addressed. Internal Audit communicates opportunities for improving managements’ governance, risk management, control processes, effectiveness and the University’s image to the appropriate level of management.  Significant opportunities and feedback are summarized and reported to the Executive and Audit Committee of the Board of Trustees.

14 Management Responsibilities
University management is responsible for establishing a network of processes with the objective of controlling the operations of the University in a manner that provides the Board of Trustees reasonable assurance that: data and information, whether published internally or externally, is accurate, reliable, timely, transparent and accessible; the actions of employees comply with the University’s policies, standards, plans and procedures, and all relevant laws and regulations; the University economically acquires, profitably employees and adequately protects its resources;. quality business processes and continuous improvement are emphasized; and the University’s plans, programs, goals, and objectives are achieved. Controlling is a function of management and is an integral part of the overall process of managing operations. As such, it is the responsibility of managers at all levels of the organization to: identify and evaluate the exposures to loss that relate to their particular sphere of operations; specify and establish policies, plans, and operating standards, procedures, systems, and other disciplines to minimize, mitigate, and/or limit the risks associated with the exposures identified; establish practical controlling processes that require and encourage directors, officers, and employees to carry out their duties and responsibilities in a manner that achieves the five control objectives outlined in the preceding paragraph; and maintain the effectiveness of the controlling processes they have established and foster continuous improvement to these processes.

15 Internal Audit Responsibilities
Develop an annual internal audit plan using risk-based methodology including the consideration of any risks or control concerns identified by management. Submit the plan along with a financial budget, human resource plan and any resource limitations or significant interim changes to the President and Executive and Audit Committee of the Board of Trustees for review and approval. Implement the annual internal audit plan and report results to the President and Executive and Audit Committee of the Board of Trustees. Periodically provide information to the President and Executive and Audit Committee of the Board of Trustees on the status and results of the annual internal audit plan, the sufficiency of Internal Audit resources relative to its Objectives and Responsibilities, and emerging trends and successful practices in internal auditing. Provide reports to the Board of Trustees Executive and Audit Committee and President on the implementation status of prior audit recommendations. Provide advisory and consulting services, beyond internal audit assurance services, to assist management in meeting their objectives, including participating in the development or modification of major information systems, significant changes in functions, services, processes, operations, control processes or strategies and substantiation of allegations. Provide an annual assessment on the adequacy and effectiveness of the University’s processes for controlling its activities, managing its risks, governance, and the performance of management responsibilities in the areas set forth in Internal Audit’s Objectives. Report significant issues related to the processes for controlling the activities of the University and its applicable affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution. Assist in the investigation of allegations of fraud or fraudulent actions in accordance with Southern Oregon University fraud policy. Maintain a professional internal audit function with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter. Report the results of internal and external assessments conducted in association with the Quality Assurance and Improvement Program. Confirm annually the organizational independence of Internal Audit.

16 Authorized by the Board to:
have full, free and unrestricted access to any and all functions, records, information, property, and personnel of the University to the extent permitted by law.  audit any function, program, account or system deemed necessary and appropriate in its sole judgement, notwithstanding a pre-approved internal audit plan. have full and free access to the Executive and Audit Committee of the Board of Trustees in whole or in part in conjunction with open meeting laws. allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish internal audit objectives in accordance with professional Standards. request the assistance of any and all University employees in fulfilling Internal Audit’s function; obtain the necessary assistance of specialized personnel and services from within or outside the organization. preserve the necessary independence to render objective reports that assure all audit activities, specifically including audit scope, procedures, frequency, timing, report content, finalization and distribution to relevant parties are free from management influence; and accordingly, only take direction solely from the Executive and Audit Committee.

17 Not Authorized by the Board to:
perform, direct or manage any operational duties for the University external to Internal Audit.  accordingly, Internal Audit will not design, implement, or approve internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair, or give the perception of impairing, Internal Audit’s judgment, independence or objectivity. direct the activities of any University employee not employed by Internal Audit, except to the extent such employees have been appropriately assigned to an internal audit team or to otherwise assist the internal auditor(s).  initiate or approve accounting transactions external to Internal Audit; and perform internal audits of any area or activity where they have worked or for which they have been principally responsible for at least two years after they leave the position.

18 The Board of Trustees Expects:
University employees to comply with requests made by Internal Audit in a complete and timely manner. University employees not to interfere, impede or affect Internal Audit’s necessary independence and objective mental attitude, specifically including: audit selection, scope, procedures, frequency, timing, report content, timely provision of or access to information, timely management response to draft reports, and identification of corrective action taken or to be taken within a specific period of time in response to Internal Audit’s conclusions and recommendations. Internal Audit’s conclusions and recommendations to be taken seriously and that steps shall be taken to assess conclusions, identify corrective action within specific periods of time and implementing recommendations. Internal Audit to report any non-compliance or acceptance of risk believed to be in excess of the University’s risk tolerance on the part of University programs or employees to the President, the Executive and Audit Committee of the Board of Trustees and/or its Chairperson.

19 IIA Code of Ethics Integrity - The integrity of Internal Auditors establishes trust and thus provides the basis for reliance on their judgment. Objectivity - Internal Auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal Auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments. Confidentiality - Internal Auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. Competency - Internal Auditors apply the knowledge, skills, and experience needed in the performance of internal auditing services.

20 IIA Rules of Conduct 1. Integrity - Internal Auditors: 1.1. Shall perform their work with honesty, diligence, and responsibility Shall observe the law and make disclosures expected by the law and the profession Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization Shall respect and contribute to the legitimate and ethical objectives of the organization. 2. Objectivity - Internal Auditors: 2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization. 2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment. 2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review. 3. Confidentiality - Internal Auditors: 3.1 Shall be prudent in the use and protection of information acquired in the course of their duties. 3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization. 4. Competency - Internal Auditors: 4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience. 4.2 Shall perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing. 4.3 Shall continually improve their proficiency and the effectiveness and quality of their services.

21 IIA Core Principles Demonstrates integrity.
Demonstrates competence and due professional care. Is objective and free from undue influence (independent). Aligns with the strategies, objectives, and risks of the organization. Is appropriately positioned and adequately resourced. Demonstrates quality and continuous improvement. Communicates effectively. Provides risk-based assurance. Is insightful, proactive, and future-focused. Promotes organizational improvement.

22 Fraud Hotline by EthicsPoint:
Questions? Ryan Schnobrich, C.P.A. Internal Auditor Please complete a Quality Assurance & Improvement Program Survey: Fraud Hotline by EthicsPoint: sou.ethicspoint.com

Download ppt "SOU Internal Auditing By Ryan Schnobrich, C. P. A"

Similar presentations

Code of Ethics for Professional Accountants

Code of Ethics for Professional Accountants
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
What is the role of internal auditors in financial auditing?

What is the role of internal auditors in financial auditing?
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
Internal Audit Awareness

Internal Audit Awareness
ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.

ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
IS Audit Function Knowledge

IS Audit Function Knowledge
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Professional Ethics. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 3-2 Steps in Resolving an Ethical Dilemma Identify.

Professional Ethics. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 3-2 Steps in Resolving an Ethical Dilemma Identify.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Internal Audits, Governmental Audits, and Fraud Examinations

Internal Audits, Governmental Audits, and Fraud Examinations
The CPA Profession Chapter 2.

The CPA Profession Chapter 2.
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
Purpose of the Standards

Purpose of the Standards
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.

Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.

Similar presentations

Ads by Google