Pima County Community College District Regulation
Regulation Title: Internal Audit
Regulation Number: RG-2402/A
Effective Date: 9/14/95
Approval Date: 9/14/95
Review Date(s): 7/2/03, 2/5/13
Revision Date(s): 7/2/03, 2/5/13, 6/12/15
Schedule for Review and Update: Annually
Unit Responsible for Review and Update: Director of Internal Audit
Sponsoring Unit/Department: Director of Internal Audit
Policy Title(s) & No(s).: Audits, BP-2402
The Office of the Internal Auditor (Internal Audit) is an independent, objective, assurance and consulting activity designed to add value and improve the operations of Pima Community College (PCC). Internal Audit helps PCC accomplish its objectives by bringing a systematic, disciplined approach to evaluate and help to improve the effectiveness of risk management, control, and governance processes.
Internal Audit is an internal resource serving PCC employees, management, the Chancellor, and the Board of Governors. Internal Audit assists PCC with fulfilling its vision, values, mission, and goals. While practicing stringent regard for safekeeping and confidentiality of information received, Internal Audit will furnish analysis, appraisal, recommendations, advice, and information concerning the activities reviewed. Internal Audit is concerned with any phase of PCC activity where the department can be a service to management, faculty, and staff.
Guided by a philosophy of adding value, the mission of Internal Audit is to provide independent, objective assessments of PCC’s system of internal control and underlying business processes, while embodying the commitment of improvement and betterment of the college, its students, and the community.
In addressing its mission, the primary objectives of Internal Audit are to support and assist employees, management, the Chancellor, and the Board of Governors in the effective discharge of their responsibilities by providing analyses, testing, recommendations, advice, and information concerning:
- The adequacy and effectiveness of the PCC’s internal control structure;
- The safeguarding of assets;
- Compliance with applicable laws and regulations;
- Achievement of management’s operational objectives; and
- Effective business processes to achieve internal control at a reasonable cost.
Scope of WorkThe scope of Internal Audit’s responsibilities encompasses all systems, processes, operations, functions, and activities of PCC. In assessing the adequacy and effectiveness of PCC’s governance, internal control structure, risk management processes, and performance in carrying out assigned responsibilities to achieve PCC’s stated goals, Internal Audit will:
- Assist with maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement;
- Assess financial and operating information and the methods used to initiate, authorize, record, process, and report such information to validate the reliability and integrity of the process;
- Review policies, plans, procedures, laws and regulations that could have a significant impact on the processes subject to audit to determine whether PCC is in overall compliance;
- Review the means to safeguard assets as well as the adequacy and effectiveness of applicable policies and practices;
- Evaluate the economy and efficiency with which processes are implemented and performed, and resources are utilized; and
- Review operations and programs to ascertain whether results are consistent with established objectives.
Organization, Independence, Authority
The Director of Internal Audit (Internal Auditor) shall report directly to the Chancellor, or his/her designee, and shall have direct access to the Chancellor and the Board of Governors should matters of immediate importance arise that require their attention. The results of audit activities shall be reported to the Chancellor and the Board of Governors. The Internal Auditor shall remain independent and objective with the ability to report directly to the Board of Governors any situation where the auditor perceives a conflict of interest with, or on the part of, the Chancellor’s involvement with the subject of an audit. In addition, Internal Audit shall have the ability to report directly to outside legal counsel or an applicable state agency any situation where the auditor perceives a conflict of interest with, or on the part of, the Board of Governors involvement with the subject of an audit.
Consistent with applicable laws, the IAD will have full, free, and unrestricted access to all activities, records (in both paper and electronic format), property, and personnel necessary to accomplish the stated purpose. Internal Audit respects the value and ownership of information; information received will not be disclosed without appropriate authority unless there is a legal or professional obligation to do so.
To permit the rendering of impartial and unbiased judgment essential to the proper conduct of audits, Internal Audit will be independent of the activities it audits. Internal Audit will not have direct responsibility for, or authority over, any of the systems, procedures, or activities reviewed. Independence requires that Internal Audit complete work freely and objectively, in a fair and balanced manner, and not be overly influenced by personal interest or the opinion of others. The Internal Auditor may take an advisory role in the formation of policy and procedures and is not precluded from proactive involvement with management in planning processes, committees, or special assignments approved by the Chancellor or Board of Governors.
If Internal Audit lacks the knowledge, skills, competencies, or resources to perform all or part of the audit, or perform the audit within the time constraints necessary, or believes it is in the best interest of the College, the Internal Auditor shall present a recommendation to the Chancellor to contract with an outside party as appropriate and practical. To best fulfill the mission and effectively utilize resources, Internal Audit should be advised of all external audits from firms and Federal or State agencies that are performing audits on PCC.
Internal Audit shall serve PCC, and conduct its work, in a manner consistent with the Institute of Internal Auditors’ (IIA) mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Audit. In addition, Internal Audit will adhere to IIA practice advisories, practice guides, and position papers as applicable to guide operations. Further, Internal Audit will uphold the principles of integrity, objectivity, confidentiality, and competency – as defined the IIA’s Code of Ethics – and adhere to relevant State and Federal law and PCC policies, procedures, and standards.
Accountability and Responsibility
Internal Audit will:
- Develop an annual risk-based audit plan that is reviewed and approved by the Chancellor and Board of Governors;
- Provide management, the Chancellor, and the Board of Governors (as necessary) with a written report on the results of each engagement performed, including management action taken or planned to address issues and concerns noted during the engagement, and the results of follow-up reviews to assess if issues and concerns noted during the engagement have been addressed;
- Coordinate audit efforts with independent or external auditors as well as any examinations performed by regulatory agencies;
- Assess whether PCC’s risk management processes are effective and relevant risk information is communicated timely across PCC enabling staff, management, and the Board of Governors to effectively carry out responsibilities.
- Evaluate the potential for the occurrence of fraud and how PCC manages fraud risks, and assist in the investigation of fraud (if appropriate);
- Evaluate the design, implementation, and effectiveness of PCC’s ethics related objectives, programs, and activities;
- Conduct special projects or studies as requested by the Chancellor or Board of Governors; and
- Meet with the Chancellor at least monthly, and Board of Governors at least quarterly, to discuss the audit activities and results, to identify significant departures from the approved audit plan and reasons, and to discuss emerging trends and successful practices in internal auditing.