DEFINITION OF INTERNAL AUDITING

Internal auditing is an independent, objective assurance and consulting activity designed to add value and
improve an organization's operations. It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control,
and governance processes.

MISSION OF INTERNAL AUDITING

To enhance and protect organizational value by providing risk-based and objective assurance, advice, and
insight.

CORE PRINCIPLES OF INTERNAL AUDITING

The Core Principles, above all, define tangible internal audit effectiveness. When all Principles are present
and operating cohesively, internal audit function achieves maximum efficiency. Though the way every
internal auditor approaches these Core Principles may vary from organization to organization, there’s no
denying that a failure to achieve any of the Principles would signal an internal audit activity that’s not
performing at its absolute best.
• Demonstrates integrity.
• Demonstrates competence and due professional care.
• Is objective and free from undue influence (independent).
• Aligns with the strategies, objectives, and risks of the organization.
• Is appropriately positioned and adequately resourced.
• Demonstrates quality and continuous improvement.
• Communicates effectively.
• Provides risk-based assurance.
• Is insightful, proactive, and future-focused.
• Promotes organizational improvement.

WHAT IS INTERNAL AUDIT CHARTER?

Audit charter is a formal document that defines internal audit purpose, authority, responsibility and
position within an organization.

WHAT ARE THE TYPES OF AUDIT SERVICES?

Internal audits are conducted in accordance with the International Standard for the Professional Practice
of Internal Auditing as promulgated by the Institute of Internal Auditors (IIA). Other auditing standards
may be followed as deemed appropriate for the types of audits being conducted.
The WIU Office of Internal Auditing provides the following types of audit services to the University and
Foundation:
• Operational, Financial, Compliance and Information Technology Audits / Assurance
Services – Assurance services involve the objective assessment of information, facts, or data
by Internal Auditing to provide an independent opinion or conclusion. The scope and nature
of assurance services may include reviewing and evaluating for: operational efficiencies and
effectiveness; reliability of financial and operational systems; adequacy and clarity of
policies and procedures; compliance with university policy and state and federal law;
safeguarding of assets; accomplishment of objectives and goals; or other agreed-upon
procedures.
 • Consulting Services – Consulting services are advisory and other service activities include
counsel, advice, facilitation, process design and limited training. The objective of consulting
services is to add value in the development or modification of processes, procedures, and
controls to minimize risk and achieve objectives. The nature and scope of particular
consulting services are agreed upon with management. Internal Audit will not assume
management’s responsibilities in order to maintain appropriate objectivity and
independence.
• Special Investigations – Investigations evaluate allegations of fraudulent business practices
and/or misconduct involving financial or operational matters to determine if allegations are
substantiated and to prevent future occurrences.
• Follow-up Engagements – Follow-up engagements evaluate plans and actions taken to
correct previously reported conditions as a result of completed audits and investigations.
• Coordination of External Audits – These services ensure external auditors or regulators
have access to the University staff and resources necessary to conduct their audits. The
coordination through a central office also helps to ensure internal and external efforts are
not duplicated and that Internal Auditing is informed of any identified issues. Any office that
receives notice for an external audit should notify the Director of Internal Auditing.

WHAT ARE THE COMPONENTS OF INSTITUTE OF INTERNAL AUDIT CODE OF ETHICS?

*The Code of Ethics states the principles and expectations governing the behavior of individuals and
organizations in the conduct of internal auditing. It describes the minimum requirements for conduct and
behavioral expectations rather than specific activities.

The Institute's Code of Ethics extends beyond the Definition of Internal Auditing to include two essential
components:
• Principles that are relevant to the profession and practice of internal auditing.
• Rules of Conduct that describe behavior norms expected of internal auditors. These rules are an
aid to interpreting the Principles into practical applications and are intended to guide the ethical
conduct of internal auditors.
Code of Ethics — Principles
Internal auditors are expected to apply and uphold the following principles:
• Integrity
The integrity of internal auditors establishes trust and thus provides the basis for reliance on their
judgment.
• Objectivity
Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and
communicating information about the activity or process being examined. Internal auditors make
a balanced assessment of all the relevant circumstances and are not unduly influenced by their
own interests or by others in forming judgments.
• Confidentiality
Internal auditors respect the value and ownership of information they receive and do not disclose
information without appropriate authority unless there is a legal or professional obligation to do
so.
• Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of
internal audit services.
WHAT ARE THE ROLES AND RESPONSIBILITIES OF MANAGEMENT ACCORDING TO INTERNAL AUDITING?

Management is responsible for establishing internal controls. In order to maintain effective internal
controls, management should:
1. Maintain adequate policies and procedures;
2. Communicate these policies and procedures; and
3. Monitor compliance with policies and practices.
Responsibilities of management include, planning, organizing, directing and controlling. Controlling,
including monitoring, is a process to ensure what is supposed to be done is being done. Control activities
are the policies and procedures, which help ensure that management directives are carried out and
include, but are not limited to the following:
• Authorizations – Transactions must be authorized and executed in accordance with
management’s intent.
• Segregation of Duties – Segregation of duties is adequate when no one person is in a
position to initiate and conceal errors and/or irregularities in the normal course of their
duties.
• Record Keeping – Adequate record keeping ensures that assets are properly controlled
and transactions are properly recorded as to account, amount and period.
• Safeguarding – Limiting access to and controlling the use of assets and records are ways
to safeguard those assets and records.
• Reconciliations – Reconciliations are independent verifications, which help to ensure that
the other four control activities are functioning as intended.