1. Mission and Scope of Work
The internal auditing function at Stony Brook is established as a staff function to support the teaching, research and service missions of the University by assisting executive and operating management in the effective discharge of their responsibilities. To this end, internal audit provides independent appraisal and objective analysis of the activities of the University, the integrity of its records and the economy, efficiency and effectiveness of its operations (SPPIA 300). This includes:
a) Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information (SPPIA 3 10).
b) Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, regulations and contracts which could have a significant impact on operations and reports and should determine whether the organization is in compliance (SPPIA 320).
c) Reviewing the means of safeguarding assets and, as appropriate, verify the existence of such assets (SPPIA 330).
d) Appraising the economy and efficiency with which resources are deployed (SPPIA 340).
e) Reviewing operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned (SPPIA 350).
The internal auditing function accomplishes this mission and addresses this scope through a variety of means including, but not limited to:
II. Management's Commitment
Management's commitment to the internal auditing function at Stony Brook is demonstrated by its decision to create and maintain the function, to provide adequate staffing and to provide the resources that allow the director to recruit and retain qualified staff, to make necessary and appropriate investments in technology, professional development (SPPIA 540), materials and ancillary services to support that staff and to ensure compliance with the Standards for the Professional Practice of Internal Auditing (SPPIA 110).
III. Independence and Reporting Relationship
In order to ensure the independence and objectivity of the internal auditing function at Stony Brook, it does not participate in the direct operation of any activity other than internal auditing. The Office is directly responsible to the University President and is headed by a director who reports to the President. The Office also has direct access to the University Auditor of SUNY. This organizational status promotes comprehensive audit coverage, assures adequate consideration of audit recommendations, and allows for the accomplishment of the Office's audit responsibilities (SPPIA 100, 110, 120).
IV. Authority and Responsibility
The internal auditing staff, in the performance of audits, reviews and investigations and with stringent accountabilities for safekeeping and confidentiality, has unlimited access to all facilities, personnel, records, systems and properties maintained, either electronically or manually, by all units of the University and its affiliated organizations. While approval is not required for such access, advance notice will normally be given except in cases where the nature and/or sensitivity dictate otherwise (SPPIA 100, 110, 120).
As the University's audit liaison, the director maintains oversight and coordinates all audits, reviews and investigations of the records and activities of the University, its operating units and affiliated organizations conducted by external agencies and coordinates responses to the same (SPPIA 550).
V. Staffing, Supervision and Professional Development
Internal audit staff are recruited and assigned to audit projects based upon their educational background, length, type and content of experience, knowledge, skills and technical proficiency. The staff members are provided with appropriate opportunities for professional development to maintain and improve their knowledge and skills and ensure their continuing professional proficiency (SPPIA 200, 210, 220, 250, 260, 270, 540).
Audit staff are appropriately supervised (SPPIA 230) based on their experience level and the scope/complexity of the assigned work. They plan (SPPIA 4 10) and conduct (SPPIA 420) their audit work, and communicate results (SPPIA 430) and follow up (SPPIA 440) with due care and in compliance with appropriate professional standards of conduct (SPPIA 230, 240, 250, 260, 280, 540) and established department procedures (SPPIA 530, 560).
VI. Annual Audit Plan
The internal auditing function at Stony Brook operates under an annual audit plan developed by the director and approved by the University President. The areas audited are selected based upon consultation with appropriate executive management and assessment of risk. Sufficient staff resources are reserved in the plan to allow the audit function to support management requests for ad hoc inquiries, analyses or audits and to provide for the coordination of external audit activity (SPPIA 520).
In the performance of its auditing responsibilities, the internal auditing function adheres to the Standards for the Professional Practice of Internal Auditing as promulgated by the Institute of Internal Auditors, Inc. and the University's Internal Audit Policy.
Presented by: Director of Internal Audit
Approved by: University President
i As required by Standards 110 and 5 10 of the Standards for the Professional Practice of Internal Auditing.
ii Such participation must be structured in a manner that does not impair the independence of the participating audit staff or of the internal auditing function.