IT Use Policy

DIXIE STATE COLLEGE OF UTAH POLICIES AND PROCEDURES MANUAL	Section: 6-Administrative
	Policy No: 18
	Approved: 05/07/10
Policy: INTERNAL AUDIT - GUIDELINES & PROCEDURES

6-18 - INTERNAL AUDIT - GUIDELINES & PROCEDURES

Scope
1. Internal Audit does not involve itself in issues better resolved by departments trained to handle certain types of problems. Examples may include:
  
  Sexual harassment
  
  Employee performance problems
  
  Technical issues requiring lengthy training
  
  Environmental or chemical hazards
  
  Specialized tax concerns
  
  Targeted federal regulation issues requiring specialized expertise
2. Internal Audit may become involved in various projects with ethical implications, such as violations of Utah Code 67; et seq. This involvement in no way relieves management of responsibility for identifying issues and concerns regarding employees under its control. Management's position allows it to observe employees daily and notice any concerns or issues as they occur.
3. Additionally, other work units within Dixie State College may have greater expertise in some areas of violation concerning ethical conduct. In those instances, the other work units may be better suited to conduct the investigation of violations.
Procedures
1. Typical audit areas and objectives include:
  1. Revenue - to determine where your revenue comes from, is it being collected and reported correctly.
  2. Operating Expenditures - to determine if non-payroll expenditures are reasonable, do they comply with College policy, and are they properly authorized and adequately documented.
  3. Financial Management & Reporting - to determine what financial information is needed to meet a department's and the College's needs; if the reports and information generated by internal systems are adequate, and complete; and if the information in those reports accurately reflects the College's records.
    
    Payroll & Personnel - to determine if various records are complete and properly approved, do procedures comply with College policy, and do the practices and procedures used ensure adequate internal control.
  4. Computers - to determine if internal controls for computers, data, networks and systems are adequate.
  5. Assets - to determine if there is adequate accountability and control over the various assets under your department's jurisdiction.
  6. Cash Funds - to determine if security and accountability for cash funds is adequate, are sound business practices used in handling funds and do departmental procedures comply with College policy.
  7. Applicable Policies/Procedures/Rules/Regulations/Statutes to determine if the College is in compliance with those policies/procedures/rules/regulations and statutes that are applicable to various departments.
2. If the audit is to be conducted on the Internal Audit Department or a department where the Internal Audit Director has direct responsibility, then the Internal Audit Director's responsibilities' for that audit would fall on the next higher level of management. If the audit is at the Presidents level, then the responsibilities' would fall to the Chairman of the Board of Trustee's.
3. Audit programs should contain columns identifying the steps to be followed, the person assigned to perform the step, the reference number to detailed supporting documentation, and the time needed to complete the step. This information becomes valuable in planning future audits of the same auditee.
4. Every effort should be made by the auditor to be well organized as he conducts the fieldwork so that disruptions can be minimized to the normal operations of campus departments.
5. All findings should have been thoroughly discussed and corrected for errors of understanding or in presentation before this conference is held.
6. Audit findings should be based on a pattern of identified and documented occurrences of violations. Recommendations should reflect the corrective action needed, not the auditor's preference for corrective action. Both finding and recommendations should be weighed based on the costs and benefits of the findings. Findings and recommendations should be documented in the working papers and be supported by lists of violations or errors. All working papers should be available for the auditee to review except in cases where legal action is anticipated.
7. Workpapers should reflect the following:
  1. Completeness and Accuracy - Workpapers should be complete, accurate, and support observations, testing, conclusions, and recommendations. They should also show the nature and scope of the work performed.
  2. Clarity and Understanding - Working papers should be clear and understandable without supplementary oral explanations. With the information the working papers reveal, a reviewer should be able to readily determine their purpose, the nature and scope of the work done and the preparer's conclusions.
  3. Pertinence - Information contained in working papers should be limited to matters that are important and necessary to support the objectives and scope established for the assignment.
  4. Legibility and Neatness - Working papers should be legible and as neat as practical. Sloppy workpapers may lose their worth as evidence. Crowding and writing between lines should be avoided by anticipating space needs and arranging the workpapers before writing.
  5. Logical Arrangement - Working papers should follow a logical order and include the following seven sections.
8. If management direction is needed and wanted, such should be provided in a management letter. Since management letters do not require a response, this leaves management the option to accept or reject the suggestions and therefore maintains the independence of the auditor.
9. As an added measure, and to provide additional information for the evaluations of auditor performance, at the end of each audit, the auditee will be given a questionnaire intended to evaluate the professional performance of the auditor on the audit. This questionnaire will be completed and returned to the HR department within 30 days following the completion of the audit.