2022 Charter and Governing Documents
UK Internal Audit (UKIA) is an independent and objective assurance, advisory and consulting function that assists units of the University of Kentucky in the effective performance of their operational and fiduciary responsibilities with respect to proper internal controls. The advisory activities incorporate university transparency overseen by the accountability office within UKIA. UKIA aids in the achievement of management’s objectives by reviewing areas of potential vulnerability and furnishing unit management and executive leadership (President’s cabinet) with expert analyses, information and recommendations concerning the activities examined. Additionally, UKIA offers consulting services to validate the governance, fiscal stewardship and processes related to new and/or expanding units, programs or systems. UKIA has no authority over, nor direct responsibility for, any of the activities reviewed. The services performed by UKIA provide advisory assurance and guidance only, and in no way relieve these units of their responsibilities to achieve their unit objectives in compliance with federal, state and university regulations, policies and procedures.
UKIA governs its activity in accordance with The Institute of Internal Auditors' mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing and Core Principles for the Professional Practice of Internal Auditing. In addition, the Internal Audit and Accountability functions adhere to the University of Kentucky Governing Regulation XIV Ethical Principles and Code of Conduct and other internal professional policies. UKIA staff members will carry out the mission of the department by exhibiting professionalism, ethics, strong communication skills, and knowledge of federal, state and university regulations. Each member of the department shall consistently demonstrate high standards of conduct, as well as appropriate judgment and discretion.
UKIA provides assurance, advisory and consulting services to all entities and affiliates of the University of Kentucky. For engagements related to entities outside of the university’s jurisdiction, UKIA shall communicate in writing the objective, scope, responsibilities and other pertinent expectations. UKIA’s activity is independent and free from interference in determining the scope of audits, performing audit work and communicating results. This independence is ensured through UKIA’s reporting relationship. The Chief Accountability Officer and Audit Executive reports directly to the President and the Audit and Compliance Committee (ACC) of the Board of Trustees. In carrying out these responsibilities, UKIA personnel have unrestricted access to all data, records, files, property and personnel of the university. Per GR XIV, Ethical Principles and Code of Conduct, university employees are required to assist UKIA in fulfilling its roles and responsibilities. These responsibilities are in conformance with International Professional Practices Framework implementation guidelines.
Responsibilities of Internal Audit
- Internal Audit Charter: At least annually, UKIA will review this Charter and the Charter for the Audit and Compliance Committee (ACC) with the ACC and discusses proposed revisions that may be appropriate based on changes to industry standards, the university and/or UKIA responsibilities. All such revisions to either charter will be approved by the ACC.
- Audit Project Prioritization: At least annually, UKIA will submit its risk-based, dynamic Work Prioritization Plan to the ACC for review and approval; any significant interim changes will also be submitted.
- Progress Reports: Quarterly, and other times as requested, UKIA will provide a progress report summarizing audit activity to both university executive management and members of the ACC. In addition, UKIA will provide regular updates to the ACC regarding its metrics and its other activities, as well as the effectiveness of the university's system of internal controls and compliance with applicable laws, regulations and university policies.
- Final Audit Reports: To ensure transparency and appropriate communication of results, UKIA will devise a unique distribution list for final audit reports. Such distribution lists shall always include executive leadership and stakeholders. The members of the ACC and independent external auditors shall receive all final reports, with the exception of the final reports for follow-up reviews, results regarding procedural infractions that incur low risk to the university and inquiries that are not substantiated and elevated to investigation status.
- Quality Assurance: UKIA will undertake a Quality Assessment Review by qualified external consultants every five years, or as recommended by the Institute of Internal Auditors, to be in compliance with the International Standards of the Professional Practice of Internal Auditing and the core principles of the International Professional Practices Framework. Additionally, UKIA will enhance its Quality Assurance and Improvement Program with periodic self-assessments to evaluate the performance of internal audit activity and conformance with the standards noted above to be conducted midway between each external assessment. The results of these reviews will be communicated to the ACC at the first meeting following the receipt of the results. UKIA will also report out on metrics used to gauge efficiency and effectiveness as a regular means of monitoring quality.
- Collaborations: UKIA will work collaboratively with the university's independent external auditors to ensure that efforts are not duplicated, and resources are leveraged. Additional relationships and collaborations will be formed with other university functions to improve operations across the enterprise and to promote the achievement of management objectives.
- Accountability: The Accountability Office within UKIA shall work to enhance operational efficiency and increase effectiveness across the university by evaluating regulatory compliance and monitoring performance against established metrics to mitigate risk and ensure data integrity. To promote transparency regarding these standards, associated information flows will also be assessed and adjusted as appropriate.