Quality Assurance & Improvement Program “QAIP”

The Internal Audit Quality Assurance and Improvement Program (QAIP) is designed to provide reasonable assurance to the various stakeholders of the Internal Audit activity, which ensures that the Internal Audit:

  1. Performs its work in accordance with its Charter, which is consistent with the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing (Standards), Definition of Internal Auditing and Code of Ethics
  2. Operates in an effective and efficient manner
  3. Is perceived by stakeholders as adding value and improving Internal Audit operations. To that end, the Internal Audit QAIP covers all aspects of the internal audit activity.  In his regard, a list of the features of QAIP include:
  • Monitoring the internal audit activity to ensure it operates in an effective and efficient manner
  • Assuring compliance with the Standards and definition of internal auditing and code of ethics
  • Adding value to the internal audit activity and improving organizational operations
  • Including both periodic and ongoing internal assessments
  • Including an external assessment at least once every five years, the results of which are communicated to the Board of Trustees through the Board of Trustees Compliance and Audit Committee

The Director of the Compliance and Audit Office is ultimately responsible for the QAIP, which covers all types of INTERNAL AUDIT activities, including consulting.

Internal Assessment

A.  Ongoing Reviews – Ongoing assessments are conducted through:

  • Supervision of engagements
  • Regular, documented review of work papers during engagements by appropriate Internal Audit staff
  • Audit Charter used for each engagement to ensure compliance with applicable planning, fieldwork and reporting standards
  • Feedback from customer surveys on individual engagements
  • Analyses of performance metrics established to improve IAA effectiveness and efficiency
  • All final reports and recommendations are reviewed and approved by the Director Compliance and Internal Audit Office.

B.  Periodic Reviews – Periodic assessments are designed to assess conformance with Internal Audit Charter, the Standards, Definition of Internal Auditing, the Code of Ethics, and the efficiency and effectiveness of internal audit in meeting the needs of its various stakeholders.  Periodic assessments will be conducted through:
  • Bi-annual customer survey
  • Annual risk assessments for purposes of annual audit planning
  • Semi-annual work paper reviews for performance in accordance with internal audit policies and with Standards
  • Review of internal audit performance metrics and benchmarking of best practices, prepared and analyzed in accordance with the Internal Audit Charter
  • Periodic activity and performance reporting to the Chancellor and the Audit and Compliance Committee

External Assessment

A. General Considerations – External assessments will appraise and express an opinion on the conformance Internal Audit with the Standards, Definition of Internal Auditing and Code of Ethics and include recommendations for improvement, as appropriate.

B. Timing – An external assessment will be conducted every five years.

C. Scope of External Assessment – The external assessment will consist of a broad scope of coverage that includes the following elements of Internal Audit activity:
  • Conformance with the Standards, Definition of Internal Auditing, the Code of Ethics, and the Internal Audit Charter plans, policies, procedures, practices, and any applicable legislative and regulatory requirements
  • Expectations of Internal Audit as expressed by the Board of Trustees Compliance and Audit Committee, executive management, and operational managers
  • Integration of the Internal Audit activity into the University's governance process, including the audit relationship between and among the key groups involved in the process
  • Tools and techniques used by Internal Audit
  • The mix of knowledge, experiences, and disciplines within the staff, including staff focus on process improvement
  • A determination as to whether Internal Audit adds value and improves University operations
D. Considerations – The qualifications and considerations of external reviewers as noted in the IIA's Practice Advisory 1312-1 will be considered when contracting with an outside party to conduct the review.

Reporting on the Quality of the Internal Audit Program

A. Internal Assessments – Results of internal assessments will be reported to the Compliance and Audit Committee and to the senior management at least annually.

B.  External Assessments – Results of external assessments will be provided to the senior management and to the Compliance and Audit Committee.  The external assessment report will be accompanied by a written action plan in response to significant comments and recommendations contained in the report.

C. Follow-up – The Director Compliance and Internal Audit office will implement appropriate follow-up actions to ensure that recommendations made in the report and action plans developed are implemented within a reasonable timeframe.

Administrative Matters

This program will be appropriately updated for changes in the Standards or internal audit operating environment.