The Department accomplishes its mission by:
Reviewing the effectiveness institutional governance processes to include the:
- Promotion of ethical behavior within the organization;
- Efficiency of organizational performance management and accountability;
- Communication of risk and control information to appropriate areas of the organization; and,
- Coordination of activities and information among external auditors and management.
Reviewing the effectiveness of risk management processes to include the:
- Alignment of organizational objectives in support of the institution’s mission, goals, and objectives;
- Identification and assessment of significant risks;
- Alignment of risk responses with the appropriate institutional appetite and BOR enterprise risk management guidance and policy;
- Capturing and communication of relevant risk information across the institution to enable management to carry out its objectives.
Reviewing the accuracy and propriety of financial and operating information and the means used to identify, measure, classify and report such information.
Reviewing the systems established to ensure compliance with policies, plans, procedures, laws, and regulations which could have a significant impact on operations.
Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Validating that the institution is in compliance with established plans, policies, and procedures.
- Providing recommendations and consultation to improve operating efficiency, policies, procedures and/or changes to the system of internal control.
Reviewing and appraising the economy and efficiency with which resources are employed.
Reviewing operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
Reviewing the status of Information Technology policies and procedures, verifying that required hardware, software and process controls have been implemented and that the controls are functioning properly.
Consulting and educating on financial and operational processes, controls, related risks, exposure and fraud awareness; providing guidance and advice on control and risk aspects of new policies, systems, processes, and procedures.
Conducting special audits and/or reviewing specific operations at the request of the University President or the USG Chief Audit Officer as appropriate.
Investigating fraud and other types of fiscal misconduct in compliance with applicable laws and guidelines.
Although the list below is not included to be an exhaustive list, DIA strives for exceptional quality in our work and quality is achieved when:
- The engagement results in a positive impact on processes where such an opportunity exists.
- The engagement objectives, scope, and procedures are constantly reassessed to ensure efficient use of resources.
- Engagement objectives are achieved in an efficient and timely manner.
- Customers have an opportunity to review our findings, conclusions, and recommendations as we strive for mutual agreement.
- There is good communication within the department and with relevant stakeholders.
- The perspective and needs of the engagement client and supported management are incorporated into the work process.
- Professional standards are met.
Frequency of Audits and Reviews
Frequency of audits and reviews shall be determined by the risk assessment process and the proposed annual audit plan will be reviewed and discussed with the President or his/her designee. The finalized audit plan will be forwarded to the Board of Regents for review and approval. Reviews may range from annual audits to one audit in four years, depending on the relative risks involved, staff available, requests from Vice Presidents and other responsible officers, and the interests of relevant third parties.
The Department upholds the Code of Ethics as set forth by the Institute of Internal Auditors including the principles of integrity, objectivity, confidentiality and competency.
The Department follows the International Standards for the Professional Practice of Internal Auditing (Standards) as issued by the Institute of Internal Auditors and the related Practice Advisories.
Additionally, the Department adheres to the policies and procedures of the Board of Regents of the University System of Georgia as well as those of Clayton State University.
The Department maintains independence by reporting directly to the University President and to the USG Chief Audit Officer as described in the Board of Regents Policy Manual, Section 710.02. The USG Chief Audit Officer has the authority to instruct the Department Director to audit specific areas at the University as needed to fulfill the system-wide audit plan. The reporting relationship provides assurances that both a broad range of audit coverage and adequate consideration of any effective action on the audit issues and recommendations will be accomplished.
To the extent permitted by law, the Department of Internal Audit has full access to all activities, records, properties, and personnel within Clayton State University. The Department is authorized to review and appraise all policies, plans, and procedures. Documents and other materials provided to the Department will be handled in a prudent and discreet manner.
In performing its duties and to maintain independence, the Department will not any time have direct responsibility or authority over any of the activities which it reviews. The Department will not develop and install procedures, prepare records, or engage in activities that would normally be reviewed by internal audits. Internal audit reviews, assessments, evaluations or appraisals do not relieve other persons in the University of any roles, duties, or responsibilities assigned to them.
Often audits performed will likely include data collected and/or reviewed from samples of relevant data/information and thus a Department could have received a satisfactory audit report although fraud, abuse, and/or other malfeasance exist. Traditionally, audits are conducted by DIA and the auditor is expected to express an opinion on processes and procedures but these opinions should serve to provide management with reasonable assurance only and does not alleviate any responsibility of management.