• A-Z Index
• Search
• Directories
• Maps

Charter

Mission and Scope of Work

The mission of Internal Audit and Advisory Services (IAAS) is to provide independent, objective assurance and consulting services designed to add value and improve the University's operations. IAAS helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risks management, control and governance processes. In pursuit of our mission, IAAS will serve as value-driven internal consultants, change agents, business analysts, risk assessors and quality advocates.

Management of Boise State University and the Idaho State Board of Education has established a network of risk management, control, and governance processes. These processes are meant to provide reasonable assurance that:

• Business opportunities and risks are properly managed.
• Interaction with the various governance groups occurs as needed.
• Financial, managerial, and operating information is accurate, reliable, and timely.
• University business is conducted in compliance with policies, standards, procedures, and applicable laws and regulations.
• Resources are acquired economically, used efficiently, and are adequately
  protected.
• University programs, plans, and objectives are achieved.
• Quality and continuous improvements are fostered in the organization's control process.

Internal Audit and Advisory Services performs objective and independent audits of these processes to ensure that they are properly designed and functioning as intended. Internal Audit and Advisory Services may also perform consulting services to assist management in identifying ways to improve these processes.

Audit Standards and Ethics

All audit work meets the Standards for the Professional Practice of Internal Auditing and Code of Ethics promulgated by the Institute of Internal Auditors, Inc. The department is expected to consistently demonstrate high standards of conduct and ethics as well as appropriate judgment, independence, and discretion. Members maintain a professional image and protect auditees confidences and confidential information.

Independence

The reporting lines described below provides for the functional independence of Internal Audit and Advisory Services. Individually, auditors are required to follow the independence requirements specified by the IIA Professional Practices Framework.

Internal Audit and Advisory Services has no direct operating responsibility or authority for management processes, internal controls, and any of the activities or operations they review; thereby, maintaining a spirit of independence and objectivity. Furthermore, an internal audit does not in any way relieve other university personnel of their responsibilities.

Reporting Lines

The IAAS Director reports directly to the University President. The IAAS Director has an avenue of communication to the Audit Committee of the Idaho State Board of Education.

At least annually, the Audit Director will meet directly with the University President to discuss the audit plan and audit resources. In addition, the Audit Director will periodically meet with the University President to discuss audit progress and to report on audit issues.

A copy of all audit reports will be distributed to the University President. Copies will be distributed to others as appropriate. Audit reports will be provided to the Audit Committee of the State Board of Education upon request.

Authority

The director and staff of IAAS are authorized to:

• Have unrestricted access to all University functions, systems, records, property and personnel.
• Have full and free communication with the audit committee of the State Board of Education
• Allocate audit resources, determine audit frequencies and subjects, determine scopes of work, and apply techniques required to accomplish audit objectives.
• Obtain the necessary assistance of personnel in units of the University where they perform audits, as well as other specialized services from within or outside the University.

The director and staff of IAAS are not authorized to:

• Perform operational duties for the University or its affiliates.
• Initiate or approve accounting transactions external to the internal auditing department.
• Approve changes to accounting processes or systems
• Direct the activities of any University employee not employed by the Internal Audit and Advisory Services, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.

As part of its consulting role IAAS may be asked to provide input into the
development of new policies, procedures, systems or processes. IAAS may
provide such input provided it does not impair audit independence. Ultimately,
management is responsible for making the final decisions on changes to policies,
procedures, systems, or processes.

Responsibility

The director and staff of IAAS have responsibility to:

• Develop a flexible annual audit plan. The plan shall include input from senior managers. The annual audit plan is submitted to the University President for approval.
• Implement the annual audit, as approved, including any special tasks or projects requested by management and update it as needed.
• Maintain a professional audit staff with sufficient knowledge skills, experience and professional certifications.
• Establish a quality assurance program by which the director assures the operations of the internal audit function.
• Perform consulting services, beyond internal audit's assurance services, to assist management in meeting its objectives. Examples may include facilitation, process design, training, and advisory services.
• Keep University management informed of emerging trends and successful practices in internal auditing.
• Respond to allegations of suspected fraudulent, wasteful, or abusive activities within the University. IAAS will coordinate such work with University Counsel and will notify appropriate University management of the results