Approved December 9, 2019
The Kansas State University Internal Audit Department provides independent and objective assurance and consulting activities designed to add value and improve Kansas State University’s operations. The Internal Audit Department provides analyses and recommendations to assist University managers in effectively discharging their administrative responsibilities. The Department assesses the adequacy and effectiveness of internal controls with the goal of promoting effective controls at reasonable costs. The Internal Audit Department performs internal audits in accordance with their annual audit plan and conducts special audits or reviews at the request of University management or the Kansas Board of Regents.
The Internal Audit activity will govern itself by adherence to the IIA’s mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, and the International Standards. This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the internal audit activity’s performance.
The IIA’s International Standards for the Professional Practice of Internal Auditing shall constitute the Office’s operating procedures. Internal Audit will obtain resources, tools, and guidance through the Association of College and University Auditors and the Committee of Sponsoring Organizations. In addition, Internal Audit will adhere to the University's relevant policies and procedures.
The Internal Audit Department, with strict accountability for confidentiality and safeguarding records and information, is authorized to have full, free, unrestricted access to any and all of Kansas State University and University Controlled Affiliated Corporation records, physical property, and personnel pertinent to carry out any engagement. All employees are requested to assist the internal audit activity in fulfilling its roles and responsibilities. The internal audit activity will also have free and unrestricted access to the Board of Regents Fiscal Affairs and Audit Committee (BOR-FAAC).
The Chief Audit Executive reports administratively to the President and functionally to the BOR-FAAC. The Chief Audit Executive has a dotted reporting relationship to the Vice President, Chief Operating Officer.
Independence and Objectivity
The internal audit activity will remain free from interference by any element in the organization, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.
Internal auditors will have no direct operational responsibility or authority over any of the activities they review. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair internal auditor’s judgment.
Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interest or by others in forming judgments.
The Chief Audit Executive will confirm to the BOR-FAAC, at least annually, the organizational independence of the internal audit activity.
The Chief Audit Executive of the Internal Audit Department shall report annually to the BOR-FAAC, summarizing the prior year's activities and audit plans for the coming year. Any completed internal audit reporting material financial weakness or fraud is to be submitted to the Board President and Chief Executive Officer, who shall be responsible for recommending to the KBOR-FAAC any specific audit findings that should be further reviewed by the Committee.
The Internal Audit Department advises University management on the adequacy and effectiveness of internal controls. The Internal Audit Department is guided by the International Professional Practices Framework (IPPF) adopted by the Institute of Internal Auditors. Additional resources, tools, and guidance include those obtained through the Association of College and University Auditors and the Committee of Sponsored Organizations. The major principles considered by the Internal Audit Department as it develops audit guidelines and conducts audits include the following:
- Assess the soundness, adequacy and application of accounting, financial, and other operating controls;
- Determine adherence to University plans, policies, and procedures;
- Assess compliance with applicable laws, regulations and generally accepted accounting principles;
- Ascertain whether program results are consistent with established objectives;
- Ascertain the adequacy of controls for safeguarding University assets from losses of all kinds; and
- Assist in the improvement of University operations by making appropriate constructive suggestions and recommendations.
Their scope of work shall also include the review of university controlled affiliated corporations, including a review of the IRS form 990 for each such corporation, with a focus on potential conflict of interest and transactions between the university and university controlled affiliated corporations. The Internal Audit Department shall report to the BOR-FAAC any situation wherein the internal auditor perceives a conflict of interest with or on the part of the President relative to any aspect of an audit.
Internal Audit Plan
At least annually, the Chief Audit Executive will submit to senior management and the BOR-FAAC an internal audit plan for review and approval. The internal audit plan is developed based on a prioritization of the audit universe using a risk-based methodology, including input of senior management and the Board. The Internal Audit Department will assess on a regular basis the internal controls for the University’s highest risk units, based on public funds exposure. Any significant deviation from the approved internal audit plan will be communicated to the President and the BOR-FAAC by the Chief Audit Executive.
The Chief Audit Executive or designee shall prepare and issue a written report following the conclusion of each audit and will distribute to the University President and other Vice Presidents, and levels of management, as appropriate. The University shall submit each completed internal audit report identifying material financial weaknesses or fraud to the Kansas Board of Regents President and CEO who shall be responsible for recommending to the BOR-FAAC any specific audit findings that should be further reviewed by the Committee. The Chief Audit Executive shall report to the BOR-FAAC any situation wherein the auditor perceives a conflict of interest with or on the part of the President’s involvement with the subject of an audit.
Quality Assurance and Improvement Program
The internal audit activity will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of the internal audit activity’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.
The Chief Audit Executive will communicate to senior management and the Board on the internal audit activity’s quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every five years.