Mission and Scope of Work
The mission of Internal Audit is to provide independent assessment, objective assurance and consulting designed to add value and improve operations of the member institutions. Internal Audit helps each member institution accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The scope of work of Internal Audit is to determine whether the member institutions risk management, control, and governance processes, as designed and represented by management, are adequate and functioning in a manner to ensure that:
- Operations are transacted in accordance with sufficient internal controls, good business judgment, and high ethical standards.
- Assets are safeguarded.
- Accounting and administrative controls are effective and efficient.
- Risks are appropriately identified and managed.
- Significant financial, managerial, and operating information is accurate, reliable, and timely.
- Employee actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
- Quality and continuous improvement are fostered in conjunction with control processes.
- Significant legislative or regulatory issues impacting the member institutions are recognized and addressed properly.
The Director of Internal Audit shall be accountable to member institutions management and the audit committees to:
- Provide annually an assessment on the adequacy and effectiveness of processes for controlling activities and managing risks in the areas set forth under the mission and scope of work.
- Report significant issues related to the processes for controlling the organizational activities, including potential improvements to those processes, and provide information concerning such issues through resolution.
The scope of audit coverage is enterprise-wide and no function, activity, or unit of the member institutions is exempt from audit and review. To provide for the independence of the internal auditing department, its staff report to the Director of Internal Audit. Administratively, the Director of Internal Audit reports to the Managing Director of the Boston Consortium and the member institutions Chief Financial Officers or equivalent. Functionally the Director of Internal Audit reports to the member Boards of Trustees and the audit committees in a manner outlined in the above section on accountability.
The Director and members of the audit staff are authorized to have full, free and unrestricted access to all member institutions functions, records, properties, manual and automated systems, and personnel.
Internal Audit may be asked to participate in management committees or project teams, analyze controls built into processes, development systems, or analyze security products. Because Internal Audit is not a management decision-making function, decisions to develop, adopt and implement policies and/or procedures as a result of an internal audit advisory service must be made by management. Internal audit objectivity will not be impaired as a result of decisions made by management.
Standards of Audit Practice
The Co-Sourced Internal Audit department seeks to fully comply with the International Standards for the Professional Practice of Internal Auditing of The Institute of Internal Auditors. When the Service becomes fully established, we will seek a peer review to ensure compliance with the standards.