The Internal Audit function assists the Board of Trustees and Management in satisfying their responsibilities related to maintaining adequate systems of internal controls, ensuring operational efficiencies and compliance with applicable laws and regulations.
Internal Audit fulfills its purpose by independently measuring and evaluating the efficiency and effectiveness of internal controls related to both current and proposed activities of the University. It evaluates compliance with University policies and procedures, the efficiency and effectiveness of those policies and procedures in meeting internal control and University objectives, the adequacy of operational controls in relation to established standards, and the adequacy of processes designed to safeguard and account for assets properly.
The Internal Audit function operates under the authority of the Board of Trustees and has independent status within the University. It shall report administratively to the Senior Vice President and Chief Financial Officer through the Vice President for Business Services and Risk Management, but shall provide a report to the Xavier University Audit Committee of the Board of Trustees (the Committee) during every regularly scheduled Committee meeting and shall have direct access to both the University President and the Chairman of the Committee. In addition, the Vice President for Business Services and Risk Management, shall meet privately with the Committee periodically in a session that excludes all members of the Management team and will report directly to the Committee any conflict of interest with Senior Management relative to any aspect of an audit or other activity associated with fulfilling Internal Audit's purpose.
In performing their function, Internal Audit personnel shall have free and unrestricted access to all University activities, reports, records, property, and personnel deemed necessary to perform their duties, with stringent accountabilities related to safekeeping and confidentiality. All current and proposed University activities shall be subject to review and/or audit by the Internal Audit function, and Management will ensure the cooperation of their respective personnel throughout the internal audit process.
Internal Auditing is a staff function that shall have no direct authority over reviewed activities. In addition, the existence of an internal audit function does not relieve management of their direct responsibility for devising and maintaining an adequate system of internal control that will assure the proper authorization and recording of transactions and the maintenance of records that accurately and fairly reflect the financial activities of the University.
On an annual basis the Vice President for Business Services and Risk Management, shall prepare a risk-based internal audit plan designed to detect and address significant internal control risks. In performing the risk assessment, consideration is given to a number of factors, including University strategic plans and goals, management input, planned system or process changes, and previous audit results. External factors, such as current industry, political, technological, and economic conditions are also prime considerations. Based on the results of the risk assessment, the annual audit plan is developed detailing the specific subject areas and processes to be reviewed during the year.
The plan will be reviewed with Senior Management and reviewed and approved by the Committee. The Vice President for Business Services and Risk Management, will periodically report progress against the plan, any significant changes to the plan, overall audit results, and material findings to the Committee. In executing the plan, Internal Audit shall coordinate with the University's external auditors to maximize efficiencies.
The scope of each audit shall be sufficient to express an informed opinion about the audit subject and an audit report shall be issued to appropriate levels of Management. Reports shall include both findings, if any, and agreed upon corrective actions. Each process owner is responsible for developing and implementing corrective actions to address any issues identified in their area on a timely basis. Agreed upon corrective actions shall be included in the final report and must detail corrective action plans, the management member responsible for completing the corrective actions, and the specific dates for completion.
Because of its breadth of knowledge and ability to cross functional and business unit lines, Internal Audit may also be called upon by Management to facilitate process improvement initiatives, aid in dissemination of both external and internal best practices, and otherwise contribute or add value to the overall objectives of the University. Such activities are an integral part of the scope of the Internal Audit function and aid in the prevention of future control deficiencies.