What is Internal Audit?
Internal Audit is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of Youngstown State University. The role and function of the Internal Audit department is documented in YSU’s Internal Audit Activity Charter.
What does Internal Audit do?
It assists Youngstown State University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the University’s governance, risk management, and system of internal control.
What guides the operations of the Internal Audit function?
Internal Audit adheres to the Institute of Internal Auditors’ guidance, including the Definition of Internal Auditing, Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (Standards).
Who does Internal Audit report to?
The Director of Internal Audit reports functionally to the Audit Subcommittee and administratively (i.e. day to day operations) to the Vice President for Finance & Business Operations.
What is Internal Audit authorized to see?
The internal audit activity, is authorized full, free, and unrestricted access to any and all of Youngstown State University’s records, physical properties, and personnel pertinent to carrying out any engagement.
How will Internal Audit handle the information they obtain during the course of their audit work?
Information obtained during the course of audit work will be handled with strict accountability and confidentiality. Records and information will be safeguarded and not disclosed without appropriate authority unless there is a legal or professional obligation to do so.
When will my area be audited?
Areas are selected for audit on a risk-based approach. Internal Audit performs an annual audit risk-assessment to identify audit priorities for the annual audit plan (i.e. areas that are planned to be audited in coming fiscal year). Since risks are always changing, Internal Audit continues to assess risks on an on-going basis; the audit plan may be updated to respond to changing risks.
How does Internal Audit define “risk” and how is it measured?
Risk is anything that may impact the university’s/department’s/unit’s achievement of its objectives. Simply put, risks are “what could go wrong”.
Internal controls are processes that mitigate risk and help ensure that objectives are achieved.
Risk is measured as a factor of:
- Likelihood – how likely is it that the risk will occur?
- Impact – how severe will the impact be on operations or strategy?