Professional Documents
Culture Documents
AUDIT
MANUAL
1|Page
Table of Contents
I. Foreword………………………………………………………………………………….Pg. 7
A1. Authority………………………………………………………….……………………..Pg. 8
2|Page
A4.5 Information Systems Technology Auditor
A5.3 Probation
A5.7 Compensation
A5.8 Attendance
A5.11 Grievances
A5.12 Safety
Section B – Audit Procedures and Techniques for Student Activity Fund and
Operational Audits……………………………………………………………..........Pg. 19
B1. Introduction…………………………………………………………………..Pg. 19
3|Page
B2. Auditing Procedures………………………………………………………………...Pg. 20
B2.15 Threats
4|Page
B3.5 Audit Report Referencing
Audits …………………………………………….………………………………...….Pg. 30
C1. Introduction
Audits………………………………………………………………………………………Pg. 38
D1. Introduction
5|Page
Attachment Index
6|Page
I. Preface
Internal Audit responsibilities will be accomplished constant with the Generally Accepted
Government Auditing Standards and International Professional Practice Framework.
Auditors are required to study to the value standards (attributes of company and
personalities performing interior audit services), presentation standards (the landscape
of internal audit services and be in charge for valued criteria against which the
performance of these services can be measured) and implementation standards
(develops upon performance and attribute standards) as well as the strongly
recommended guidance.
The Institute of Internal Auditors Brings the following definition of Internal Auditing:
The function of Internal Audit is to bring value to an organization. Some of the utmost
important benefits comprise but are not limited to the following:
7|Page
Recoveries of unbilled or under-billed revenues and duplicate payments
Recoveries of vendor overcharges
Recognized opportunities to automate procedures
Assurance of automated computer controls
Audits all oraginzation, offices, departments, programs, grants and special
requests
Identification of efficiencies including best practices, cost savings and cost
avoidances
A.1 Authority
A1.1 Mission Statement and Internal Audit Charter Internal Audit’s mission is to
upkeep the organization system’s Board of Directors and management in the
operative discharge of their responsibilities. Moreover, Internal Audit will furnish
them with findings, analysis, recommendations, advisory services and
information concerning the relevant activities with the objective of adding value
and improving the organization system’s operations. Internal Audit shall evaluate
the organization system's controls to determine whether they are designed to
guard its assets and to facilitate the preparation of reasonable and consistent
reports to management. In due course, Internal Audit will assist the organization
system with achieving its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management,
controls and governance processes.
8|Page
A2. Department Standards
9|Page
Professional Behavior – High expectations for the auditing profession
include obedience with all important legal, regulatory and professional
obligations and circumvention of any conduct that might dishonor the
auditor’s work.
Competency - Internal auditors apply the skills, knowledge and
experience needed in the enactment of internal audit services.
Public Interest – Public interest is denoted as the collective well-being of
the of entities work for by auditors and community people. By observing to
the above-mentioned code of ethics in carrying out their responsibilities,
auditors are honoring the public trust.
A2.3 Rules of Conduct for Internal Auditors Internal Audit shows compliance with
ethical principles and a code of conduct by adhering to the following rules:
1.1. Shall abide the law and make admissions expected by the law and the
profession.
1.2. Shall carry-out their work with diligence, honesty and responsibility.
1.3. Shall respect and contribute to the legitimate and ethical objectives of the
organization
1.4. Shall not eloquently be a party to any illegal doings, or engage in acts that
are dishonorable to the organization or to the profession of internal auditing.
2.1. Shall not receive anything that be presumed to impair or may impair their
professional judgment.
2.2. Shall not partake in relationship or any activity that be presumed to impair or
may impair their fair assessment. This involvement includes those activities or
relationships that may be in conflict with the interests of the organization.
10 | P a g e
2.3. Shall communicate all quantifiable facts known to them that, if not
communicated, may misrepresent the reporting of activities under examination.
3.1. Shall not utilize information for personal interest or in any manner that would
be contrary to the law or unfavorable to the ethical and legitimate objectives of
the organization.
3.2. Shall be vigilant in the safety and use of information obtained in the course
of their duties.
4.1. Shall constantly improve their effectiveness and proficiency and excellence
of their services.
4.2. Shall perform internal audit services in accordance with the IPPF
4.3. Shall participate only in those services for which they have the essential
skills, experience, and knowledge.
The Internal Audit Department reports functionally to the members of the Board of
Director and administratively to the Chief Executive Officer. The Internal Audit staff has
no direct authority or responsibility for any of the activities reviewed or audited.
Presently the Internal Audit Department is staffed with the Director of Internal Audit,
Supervisor of Internal Audit, 7 Staff Internal Auditors, 1 Investigative Auditor, 2 Property
Audit Technicians, 1 Lead Property Auditor, 1 Business Analyst, and 1 Information
Technology Auditor.
11 | P a g e
A4. Position Responsibilities
Manages and leads Internal Auditors in whole company and audit specific risk
assessments designed to deliver value to organization.
Brings leadership direction to operations and development of Internal Audit
groundwork, projects and resources.
Administers fraud and other examinations directed by the other Internal Auditors
and Investigative Auditor as assigned.
Supervises the maintenance and progress of a cohesive entity-wide internal audit
risk assessment database and approach.
Reports Internal Audit accomplishments and conclusions to the members of the
Board of Directors.
Cooperates frequently with executive staff to guarantee important business risks
are addressed and identified.
12 | P a g e
Frame appropriate decisions relative to procedures and acceptable internal
controls on the basis of audit work performance and information of operations.
Assure key controls are verified and every imperative risk are addressed to
conclude that financial transactions observe the existing contracts, laws, policies
of the Board and standard accounting principles.
Designate staff auditors to perform professional training programs for company
staff as required.
Executes back-up sense of duty in the nonattendance of the Internal Audit
Director.
13 | P a g e
Executes internal compliance audits, organization operational or financial audits
and assists on special projects as mandated by the Internal Audit Director
Reevaluates and reviews and bring up-to-date the Entity-wide Risk Assessment
Partakes with Internal Audit for the Board in collecting data, scrutinizing
information and Brings related services heading toward the evaluation and
compilation of financial evidence for Board Members;
Contributes individually in multifaceted analyses or projects and/or as a team
member in extra compound procedural and financial analysis projects. This
includes:
14 | P a g e
program budgeting system development
payroll and
Accounting.
Delivers support to staff auditors by assisting and Brings analytical support with
organization audits as needed.
Brings general support to the Staff and Internal Audit Director.
A.5 Internal Audit Office Policies and Procedures Important policies and
procedures that are pertinent within the Internal Audit Office are as follows:
A5.2 Probation – Recently hired staff will be subject to a provisional period that
is resolute by Human Resources at hire. Usually this period is 5 months. Staff will
be considered regular employees at the end of this period unless otherwise
informed.
A5.3 Recruitment and Selection of Staff - Internal Audit staff are designated
based upon Board of Director policies that necessitate that application be
submitted in answer to advertised beginnings. The screening process may
include interviews and written tests as soon as deemed necessary. Promotions
are made in the similar method.
15 | P a g e
A5.5 Employee Evaluations – Human Resources (HR) necessitates that
employees are assessed yearly. Staff assessments are completed by the Internal
Audit Supervisor for staff auditors. The Director of Internal Audit Director will
evaluate the other staff members.
A5.6 Training and Continuing Director - GAGAS require that staff directing
and handling audits earn 80 hours continuing Director semiannually, in which 24
of it must be straight related to government auditing. IPPF Attribute Standard
1230 also necessitates internal auditors to improve their knowledge, skills and
other competencies through (CPD) continuing professional development by
completing a minimum of 40 CPEs once a year. Staffs are obligatory to
individually make arrangements to assure that this requirement is achieved.
Training openings comprising conferences, training manuals, online courses,
webinars, and internal training occasions may be accessible to assist in this
effort.
A5.9 Leave and Absence Policy - Internal Audit staff receive yearly and sick
leave days that may be permitted for use at the discretion of the Internal Audit
Director. Staff must be aware of assignments and responsibilities when
16 | P a g e
demanding leave. The Director of Internal Audit will accept time off while taking
into account these factors. Consent of leave time does associate to an extension
of time for accomplishment of responsibilities. Staff will be likely to reach
prearranged cutoff date unless the Director has approved to an extension. Staff
should not contemplate submission of a leave request as a spontaneous
privilege to yield time off even though they have existing leave balance.
Managerial consent is an important component of the leave management
procedure.
17 | P a g e
result in the extended leave being considered LWOP if failure to present
this document. Sick leave beyond 10 days must be demanded over and
done with Absence Management.
Internal Audit Calendar: Every permitted leave need to be passing in on
the shared Internal Audit calendar. The Director or Business Analyst will
enter called-in leave on the calendar.
18 | P a g e
Audit staffs are given a secure right of entry to the Internal Audit office facility. It
is each employee’s accountability to maintain access keys, combinations, and
codes provided. Personnel are also accountable for safeguarding access to
equipment such as laptops that have been supplied for performing tasks on
audit.
B1 Introduction
This portion of the manual proposes procedures and policies to be used in the
enactment of an internal audit from the point it is assigned up to the issuance of the
audit report. The Director of Audit is principally responsible for every phase described
here, including examination of staff auditor fieldwork. Staff auditors work in the direction
of the Director of Audit, who commends every audit program, work files and work files.
The Director of Audit is accountable for error of work done by the whole Internal Audit
staff. The Internal Audit Director formulates an annual audit plan that shows all activities
to be audited and the projected time for completion. Risk analysis model is used in
establishing audit priorities. The model uses numerous measures to assess functions
inside the organization system that stance the greatest risk to the Board of Director.
Requests from the CEO as well as the Board of Director are also considered in
formulation of the audit plan.
19 | P a g e
B2. Auditing Procedures The following are fundamental steps for carrying out an
internal audit:
Planning,
Fieldwork,
Report Writing and Editing,
Supervisory Review,
Exit Conference and
Auditee’s Action Plan.
20 | P a g e
B2.4 Engagement Letter –An engagement letter should be handed to the top
management accountable for administration of the particular process area,
before beginning the audit when carrying out an operational audit to provide
courtesy and advance notice to the client organization. The letter should pinpoint
the:
Engagement letters are merely sent for IT audits and operational. Organization
audits are routine and numerous. Typically an engagement letter is not sent
whenever special investigation and entity activity fund audits are performed.
B2.5 In-Office Review – An in-office review is essential for the in charge auditor
to gain understanding about the focus area to be audited before the entrance
conference. At this period, the in-charge auditor should start examining
background information regarding the internal control environment and auditee’s
process requirements. Past year workpapers and audit reports may be
reevaluated and should also be held a planning meeting with the audit team to
talk over the assignment of audit. The outcomes of this course should allow audit
staff to determine the audit scope and objectives and make relevant inquiries
throughout the entrance conference.
B2.6 Entrance Conference – The entrance conference with the client should
establish the cooperative manner of the audit. Auditors should be candid and
open about the audit scope and objectives. The assigned Internal Audit staff
should be making known to the client and the auditor should request:
work space,
access to needed files, and
Any other necessary needs at that period.
21 | P a g e
The process of audit should be clarified as well as the issuance of the audit
report and process for discussion of findings.
Narratives,
flowcharts,
internal control evaluations, and
Other key items.
For operational audits the In-Charge auditor should identify the following:
22 | P a g e
Financial profile of the activity to include how much is spent to achieve
goals
The audit program should include steps to identify and assess fraud risks. The
auditor should also consider the risks for fraud (individuals’ incentives or
pressures, opportunity for fraud to occur). An organizational chart as well as
statements of responsibilities of the auditee should be obtained. As the
preliminary survey is conducted, the auditor may identify areas that should be
pursued or tested.
23 | P a g e
i audit ievidence itaken ias ia iwhole. iWhen iauditors iidentify ilimitations ior
i uncertainties iin ievidence ithat iis isignificant ito iaudit ifindings iand iconclusions,
i they ishould iapply iadditional iprocedures isuch ias iseeking iindependent,
i corroborating ievidence ifrom iother isources. iThe inature iand itypes iof ievidence
i to isupport iauditors’ ifindings iand iconclusions iare ialso imatters iof ithe iauditors’
i professional ijudgment ibased ion iaudit iobjectives iand iaudit irisk. iTestimonial
i evidence imay isometimes ibe iuseful iin iinterpreting ior icorroborating
i documentary ior iphysical iinformation. iDocumentary ievidence imay ibe iused ito
i help iverify, isupport, ior ichallenge itestimonial ievidence. iInternal iAuditors ishould
i attempt ito iobtain idocumentary ievidence iwhenever ifeasible ito isupport iaudit
i conclusions. iSome iconsiderations ifor iauditors iwhen iobtaining isufficient,
i appropriate ievidence iare ithe ifollowing: i
Evidence iobtained iwhen iinternal icontrol iis ieffective iis igenerally imore
i reliable ithan iwhen iinternal icontrols iare iweak.
The igreater ithe iaudit irisk, ithe igreater ithe iquantity iand iquality iof ievidence
i required. i
Stronger ievidence imay iallow iless ievidence ito ibe iused. i
Having ia ilarge ivolume iof iaudit ievidence idoes inot icompensate ifor ia ilack iof
i relevance, ivalidity, ior ireliability. i
Evidence iobtained ithrough ithe iauditors’ idirect iphysical iexamination,
i observation, icomputation iand iinspection iis igenerally imore ireliable ithan
i evidence iobtained iindirectly. i
Examination iof ioriginal idocuments iis igenerally imore ireliable ithan
i examination iof icopies. i
Testimonial ievidence iobtained iunder iconditions iin iwhich ipersons imay
i speak ifreely iis igenerally imore ireliable ithan ievidence iobtained iunder
i circumstances iwhere ipersons imay ifeel iintimidated. i
Testimonial ievidence iobtained ifrom ian iindividual iwho iis inot ibiased iand ihas
i direct iknowledge iabout ian iarea iis igenerally imore ireliable ithan ifrom
i someone iwho iis ibiased ior ihas iindirect ior ipartial iknowledge iof ian iarea.
24 | P a g e
i Evidence iobtained ifrom ia iknowledgeable, icredible iand iunbiased ithird iparty
i is igenerally imore ireliable ithan ievidence ifrom isomeone iwho ihas ia idirect
i interest iin ithe iaudited ientity. i
Evidence iis inot iconsidered isufficient iand iappropriate iwhen iusing ithe
i evidence icarries ian iunacceptably ihigh irisk ithat icould ilead ito ian iincorrect ior
i improper iconclusion. i
b.) iAudit iSampling i– iFrequently ia isampling iof iitems; ii.e. itransactions ior ifiles imust
i be iselected ifor itesting. iWhen isampling iis iused, ithe imethod iof iselection ithat iis
i appropriate iwill idepend ion iaudit iobjectives. iGenerally, ithe iselection ishould ibe
i designed ito ibe irepresentative iand irandom i(each iitem iin ithe ipopulation ihas ian
i equal ichance iof ibeing iselected.) iStratification i(selection iof iitems icontaining
i various icharacteristics) ishould ialso ibe iused iin ithe iselection. iThe isize iof ithe
i sample iselected ishould ibe idesigned ito iprovide iappropriate ireliability iof ithe
i condition iof ithe ipopulation, iusing ia igiven ilevel iof iconfidence. iThe isampling
i technique iused ias iwell ias ithe inature iof isamples ithat iare iused ito igather iaudit
i evidence ishould ibe iclearly idescribed iin ithe iscope. iSampling itechniques iavailable
i to ithe iauditor iare ithe ifollowing: i
Statistical iSampling i– irequires iall isampling iunits iin ithe ipopulation ito ihave
i an iequal ichance iof ibeing iselected. iThe isample isize iis imathematically
i calculated ibased ion ia idesired iconfidence ilevel, idesired iprecision iand
i expected ierror irate. iThe isample iselection iis icomputed iusing ieither
i computer iprograms ior irandom inumber itables. i
Judgmental iSampling i– iselection iis ibased ion iauditors’ isound iand iseasoned
i judgment. iSelections iare ibased ion ithe ivalue iof iitems, irelative irisk iand
i representativeness. i
Random iSampling i(haphazard) i– iitems iare iselected iwithout iintentional ibias
i to iinclude ior iexclude icertain iitems iin ithe ipopulation. iWhile isample isizes iare
i predetermined, ithe iselection iof isampling iunits iis iselected iusing icomputer
i programs ior irandom inumber itables. i
25 | P a g e
c.) iData iReliability i– iAudit istandards irequire idetermination ithat icomputer-
processed idata iis ireliable ienough ito ibe iused. iWhen ithe idata iis iintended ito ibe iused
i to isupport iengagement ifindings, iconclusions iand irecommendations, ireliability
i must ibe iassessed. iThis iwork iis irequired iwhether ithe idata iis iprovided ito ithe iauditor
i or ithe iauditor iextracts ithe idata. iInformation ican ibe iassessed iin ithe iform iof ireports
i or iinterviews iwith iindividuals iwho iare iknowledgeable iabout ithe idata iand ithe
i system. iThe iInformation iTechnology iAuditor imay ialso iassist iwith ithis iprocess. i
Audit Report
The main objective of the audit report is to present the only acceptable means
of communicating the auditor’s entire task to management and key personnel
within the BOE. Nothing else produced by the auditor is probably seen by anyone
outside the Internal Audit Department and therefore, the audit report must
concisely report the total significance of the audit effort. A well-managed audit
report is important to maintain a reputation for reliability and to provide a high
level of confidence by management in the findings.
The report must be appropriate, clear and concise. Although there are subjects
that may require detailed explanations, every effort must be made to organize the
facts and provide meaningful conclusions in the fewest possible words without
diluting the significance of the report. The report must be clear enough so that
the independent of the audit can understand it. The audit report must also be
26 | P a g e
accurate. Every statement, figure, or reference must be based on evidence
documented in the work papers. Moreover, auditors must use acceptable
grammar, sentence structure and context. The audit report must also be written
and presented in a neutral tone. The wording selection must be calm, objective,
thoughtful and dispassionate. Wording with negative connotations must be
avoided.
The use of individuals’ names, and other specific identifying information must be
avoided within the context of the report. However, this information may be
presented in the addendum.
Audit reports must also be prepared soon after the exit conference has
been conducted. The result of the report will be weakened if it is not
received promptly. Promptness must not conflict with adequate preparation, they
are both important. Properly written audit findings facilitate extraction of
information most probably for the audit report.
B3.1 Audit Report Organization – the audit report package has two
main elements, namely; transmittal memorandum and the auditor’s report
described below. An addendum must also be attached naming
individuals referenced in the audit report.
27 | P a g e
response most especially when missing funds are identified. The memo must
include the date that it was prepared. CEO must be copied on the memo and
other staff may also be copied but depending on the nature of the audit.
28 | P a g e
B3.2 Audit Report Review – Following the initial supervisory review of the audit
presentation and work papers, a second independent review must probably be
done prior to distribution. At a minimum this review must consist of determining
as to whether the reviewer can gain an understanding of the audit results. Also,
the reviewer must determine that the memorandum is properly addressed, the
report is grammatically correct, meets standards and the report is mathematically
correct. This review is normally done by the Internal Audit Director prior to issuing
the report.
B3.3 Audit Report Filing – A “file copy” of the report must be organized
and filed with the associated work papers within the “Audit Work papers”
folder on the G-share. A second “Chron copy” (hard copy) must be
filed chronologically in a separate folder.
B3.4 Audit Report Numbering –Reports for audits that are not organizations
activity funds are assigned numbers by the Audit Director. Report numbers
are assigned by year, type and number: For example, R16-001 or S16-001.
The R identifies an audit engagement included on our audit plan or “regular” and
the “S” indicates “special” audits which are probably not a part of our
regularly scheduled audits as indicated on the plan, but requested due
to fraudulent activity, a specific concern. The number “001” indicates that the first
audit for the year and subsequent audits will be numbered consecutively.
29 | P a g e
provide a specific corrective action that will be taken to address each audit
finding and recommendation in the report.
The response must also clearly state agreement or disagreement with the
finding being addressed. The response must be prepared most probably by the
person to whom the audit report memorandum was addressed and must also
contain their original signature. The response is required to be recorded on the
audit response template and provided to the Business Analyst in Microsoft Word
within the prescribed timeframe. Also, the signed action plan may be submitted
electronically in a pdf format.
B3.7 Internal Audit Report Tracking - Audit reports that are issued are
recorded on an Internal Audit tracking document. The objective of this system is
to monitor management responses and determine whether they have been
returned timely and that each finding was properly addressed. Executive level
staff must be notified when audit responses are not received.
C1. Introduction
30 | P a g e
Association for Certified Fraud Examiners. Auditors must also be mindful of
Generally Accepted Government Auditing Standards.
Matters related to fraud that are governed by applicable audit standards; IIA or
GAGAS, include the following:
31 | P a g e
judgment, they are rarely susceptible to investigation and most probably not
appropriate for review as a Special Investigation audit. There are some example
of these matters may be “fairness” of compensation, adequacy of supervision,
co-worker relationships, etc. Activities that will typically be classified as Special
Investigations include but are not limited to the following:
• Payroll Time/Charge Abuse – involves receipt of pay for time not worked,
employee receipt of payroll fringe benefits for themselves or someone falsely
reported as a relative, non-recording of vacation and sick-time used;
ghost employees, etc.
32 | P a g e
• 4.1 Planning Budget - A planning budget as described in B2.3 is not typically
done for special investigation audits. There is normally minimal
advance notification of the need to perform SI audits. Moreover, there is a
requirement for reporting of audit results as promptly as possible. This makes it
not prudent to provide a planning budget as required of more routine audits
that are included on the audit planning schedule.
• 4.2 Entrance Letter – Special Investigation audits are not preceded by issuance
of an Entrance Letter as presented in B.24. Due to the necessity for maintaining
confidentiality and audit timing, this process must not be conducted.
• 4.6 Audit Report – An audit report as explained in B3 is not always done for
every special investigation conducted. The format for communication of results
mostly varies on the circumstances. A SI report addressed only to those
33 | P a g e
appointed by the Audit Director to have a “need to know” is done for hotline
allegations that are deemed to be credible.
The hotline vendor interviewer has the following responsibilities when answering
a call:
• TONKS has a bylaw that will protect employees from retaliation for disclosing
what the employee believes evidences certain unlawful, wasteful, or hazardous
practices.
34 | P a g e
• Caller may leave name and number just in case there are additional information
is needed. If caller wants to remain anonymous, an identification number will
automatically be provided at the end of the interview.
• Ask caller to give as much detail as possible to explain the activity that
is taking place including department/subject involved; description of activity;
dates, times and places; identification of corroborating evidence and names of
possible credible witnesses.
The hotline investigator has the listed responsibilities once they are notified of the
hotline call:
● Discuss the hotline information received with the Director of Internal Audit
35 | P a g e
the conclusions and audit engagement results. Care must be taken to
gather evidence so as not to compromise its admissibility as evidence and
with consideration for the potential of its use in a legal action, whether in the
form of hearings, litigation or criminal proceedings. Often in the case of
a deposition or trial, the auditor that gathered the evidence is
personally accountable for giving testimony as to the means and authority for
gathering the evidence. There are specific documentation commonly found in
work paper files will not be present for special investigation audits.
d.) Investigation Audit Work paper Reviews – Investigation Audit work papers
will be checked in the same manner as noted in Section B2.13. All work
papers will be reviewed by the Audit Director or Supervisory staff to make sure
that there is sufficient evidence to support conclusions and to justify the
objectives of the Investigation.
36 | P a g e
Security Services, Office of General Counsel and Child Protective Services for
investigation and follow-up.
37 | P a g e
SECTION D: AUDIT PROCEDURES AND TECHNIQUES FOR
INFORMATION TECHNOLOGY AUDITS
D1. Introduction
38 | P a g e
D4. Audit Reports
Guidance for preparing IT audit reports may be located in Section B3. Reporting
on IT operations may also be encompassed within an audit presentation instead
of separated when the IT auditor has only reviewed a related component for an
operational or investigative audit.
39 | P a g e
ATTACHMENT 1
Board of Director
Purpose
The Board of Director of TONKS has established the Office of Internal Audit as
an independent office that reports directly to the Board. The primary objective of
the Office of Internal Audit is to assist the Board of Director in effectively
discharging its duties and responsibilities for oversight of the management of the
(TONKS). To accomplish this objective, the Office of Internal Audit shall complete
audits of TONKS and furnish the Board of Director with analyses,
recommendations, counsel, and information concerning the activities audited or
reviewed. The Office of Internal Audit shall also facilitate and support any audit
processes and assist external auditors to the extent required by the Board of
Director and/or federal, state or local authorities. In addition, the Office of Internal
Audit may conduct special audits requested by the Board of Director and/or the
Chief Executive Officer, as authorized by the Board of Director.
Organization
40 | P a g e
Board approval is required for the hiring, removal or replacement of the Director
of Internal Audit. The Board of Director shall be responsible for annually
evaluating the Director of Internal Audit. All employees in the Office of Internal
Audit are responsible for assisting and acting in a confidential capacity to the
Board of Director and the Chief Executive Officer.
4. Access and inspection rights to all TONKS assets, property and facilities
owned, leased or borrowed by TONKS and the authority to request assistance
from appropriate TONKS personnel in locating assets, property and facilities.
C. The Office of Internal Audit shall maintain its independence and objectivity at
all times and avoid conflicts of interest. In performance of duties, no staff member
of the Office of Internal Audit shall have any direct responsibility or authority over
any of the activities audited. The Office of Internal Audit shall not draft or
implement procedures, prepare records, or engage in any other activity that it
would normally review and evaluate, which could be construed as compromising
its independence and objectivity. However, such objectivity shall not be
considered as compromised when the Office of Internal Audit recommends
standards for internal controls, recommendations to modify or change existing
policies, administrative procedures, labor agreement provisions, and/or practices
and procedures.
Scope of Work
41 | P a g e
A. The Office of Internal Audit shall evaluate the reliability and integrity of
financial and operational information and the means used to identify, measure,
classify, and report such information.
B. The Office of Internal Audit shall determine proper compliance by TONKS staff
with Board Policies, Administrative Procedures, applicable laws and regulations,
and grant(s) requirements, where failure to comply would have significant impact
on TONKS.
C. The Office of Internal Audit may evaluate the security and accountability over
TONKS assets and resources, and as appropriate, verify the existence of such
assets and resources.
E. The Office of Internal Audit shall conduct special reviews and investigations as
directed by the Board of Director and may seek assistance from legal counsel as
designated by the Board.
G. The Office of Internal Audit shall provide support to the Board of Director. This
support includes analysis of Board Office appropriations, assistance with review
during the annual budget development process, and other pertinent requests
from the Board Chair.
Reporting
A. The Office of Internal Audit shall prepare draft audit reports and provide to
appropriate TONKS management following the conclusion of each
operational audit. Management shall be required to respond to the findings
42 | P a g e
and recommendations included in the draft audit report within 15 to 30
business days as determined by the Director of Internal Audit. The response
should include actions management intends to implement to properly address
each audit finding and recommendation, along with a time table to complete
such actions. A final audit report shall be prepared and issued by the Director
of Internal Audit that will address management’s responses. Internal Audit will
inform Executive staff and the Chief Executive Officer when management
does not provide a response.
Copies of the final audit report shall be provided to the Board of Director, Chief
Executive Officer, and Executive and management staff as appropriate. Student
activity fund reports issued with management responses attached are considered
final reports.
The Office of Internal Audit shall conduct follow-up audits to ensure that
management implements corrective actions.
Policy Adopted
9/18/20
43 | P a g e
ATTACHMENT 2
44 | P a g e
ATTACHMENT 3
45 | P a g e
ATTACHMENT 4
46 | P a g e