Purpose
UK Internal Audit (UKIA) provides independent and objective assurance, accountability and advisory functions that support the University of Kentucky and its affiliate corporations in fulfilling their operational, fiduciary and compliance responsibilities, ultimately improving the effectiveness of internal controls, risk management and governance.
- Assurance Services: UKIA aids in the achievement of institutional objectives by evaluating areas for potential vulnerabilities and furnishing unit management and executive leadership (President’s Cabinet) with expert analyses and actionable resolution strategies.
- Accountability Services: The accountability function within UKIA validates the enterprise’s adherence to federal, state and University regulations and policies to promote transparency
and enhance compliance. - Advisory Services: To collaborate with the client to assist them in achieving their strategic objectives and institutional goals, UKIA assesses their operations for improvement opportunities using mutually agreed-upon procedures.
UKIA has no direct authority over or responsibility for the activities reviewed through its assurance and advisory services. The services provided are intended to offer assurance and advice and do not relieve management of their responsibility for effective operations, risk management or regulatory compliance.
Standards
UKIA conducts its activities in alignment with The Institute of Internal Auditors’ Global Internal Audit Standards and the University of Kentucky Administrative Regulation – Employee Code and in accordance with applicable federal and state regulations, as well as University policies and professional guidance. Additionally, all Internal Audit staff must be impartial, objective and unbiased so that they can carry out their duties with sound judgment. They must maintain the highest standards of professionalism, integrity and communication while avoiding any conflicts of interest.
Authority
The Audit and Compliance Committee of the Board of Trustees grants UKIA the mandate to provide the board and senior management with objective assurance, advice, insight and foresight in accordance with UKIA’s purpose. Additionally, UKIA has unrestricted access to all University data, records, systems, property and personnel necessary to perform its duties.
To maintain independence, the Chief Accountability Officer and Audit Executive (positioned within UKIA) reports functionally to the Audit and Compliance Committee (ACC) of the Board of Trustees and administratively to the President of the University. Accordingly, UKIA’s activities are free from interference in determining audit scope, performing work and communicating results.
Responsibilities of Internal Audit
In fulfillment of its assurance, accountability and advisory functions as outlined in the Purpose section above, UKIA has the following responsibilities:
- Internal Audit Charter: The President has delegated the chief accountability officer and audit executive, in consultation with the Audit and Compliance Committee of the Board of Trustees, the authority to establish guidelines which give direction to the overall internal audit function of the University; this Charter constitutes these guidelines. UKIA must periodically review this Charter and submit proposed revisions for the ACC’s consideration and approval as necessary, in alignment with professional standards and evolving institutional needs.
- Work Priorities: UKIA must submit its risk-based work priorities, including processes, units and information systems, for the upcoming fiscal year to the ACC for approval. Any significant interim changes will also be presented for approval.
- Resources: In accordance with its work priorities, UKIA will determine the following to accomplish its objectives: staff, expertise, cadence, sequence, scope, tools and techniques. Additionally, under certain circumstances, UKIA will co-source with external consultants to supplement expertise or resources in order to complete its work. For all such collaborations, UKIA will define the engagement’s objectives, scope and responsibilities in writing.
- Audit Process: With the exception of inquiries and investigations, UKIA will notify its audit clients prior to engaging in an audit in their area, keep clients apprised of the audit progress and share preliminary results with the client to confirm accuracy. UKIA will then make any appropriate adjustments to the report based on client feedback prior to final report distribution. Should an audit client elect not to remediate an identified risk, UKIA will escalate it to the appropriate stakeholder, to include but not limited to senior management and the ACC.
- Reporting: UKIA’s reporting responsibilities are three-fold:
- Provide regular updates summarizing audit and accountability activity, identified risks, remediation progress and UKIA’s performance metrics to the ACC and University leadership.
- Communicate audit trends to process owners to assist with enterprise solutions to
mitigate risk. - Distribute final audit reports to the client, relevant stakeholders, the president, University leadership, the University’s external auditors and the ACC. Reports involving unsubstantiated inquiries or advisory engagements shall be excluded.
- Collaborations: UKIA will coordinate with external University leadership, relevant stakeholders, including the University’s external auditors, and the ACC auditors, compliance officers, and other institutional functions to avoid duplication and promote synergy in achieving institutional goals.
- Quality Assurance: UKIA must undergo an external Quality Assessment Review every five years (or as recommended by the IIA) to ensure conformance with audit standards. The results will be communicated to University leadership and the ACC. Additionally, UKIA will maintain a Quality Assurance Improvement Program and periodically report the results to University leadership and the ACC.