The Internal Audit Quality Assurance and Improvement Program (QAIP) is designed to provide reasonable assurance to the various stakeholders of the Internal Audit activity, which ensures that the Internal Audit:
- Performs its work in accordance with its Charter, which is consistent with the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing (Standards), Definition of Internal Auditing and Code of Ethics
- Operates in an effective and efficient manner
- Is perceived by stakeholders as adding value and improving Internal Audit operations.
To that end, the Internal Audit QAIP covers all aspects of the internal audit activity. In this regard, a list of the features of QAIP include:
- Monitoring the internal audit activity to ensure it operates in an effective and efficient manner
- Assuring compliance with the Standards and definition of internal auditing and code of ethics
- Adding value to the internal audit activity and improving organizational operations
- Including both periodic and ongoing internal assessments
- Including an external assessment at least once every five years, the results of which are communicated to the Board of Trustees through the Board of Trustees Compliance and Audit Committee
The Director of the Compliance and Audit Office is ultimately responsible for the QAIP, which covers all types of Internal Audit activities, including consulting.
- General Considerations – External assessments will appraise and express an opinion on the conformance Internal Audit with the Standards, Definition of Internal Auditing and Code of Ethics and include recommendations for improvement, as appropriate.
- Timing – An external assessment will be conducted every five years.
- Scope of External Assessment – The external assessment will consist of a broad scope of coverage that includes the following elements of Internal Audit activity:
Considerations – The qualifications and considerations of external reviewers as noted in the IIA's Practice Advisory 1312-1 will be considered when contracting with an outside party to conduct the review.
- Conformance with the Standards, Definition of Internal Auditing, the Code of Ethics, and the Internal Audit Charter plans, policies, procedures, practices, and any applicable legislative and regulatory requirements
- Expectations of Internal Audit as expressed by the Board of Trustees Compliance and Audit Committee, executive management, and operational managers
- Integration of the Internal Audit activity into the University's governance process, including the audit relationship between and among the key groups involved in the process
- Tools and techniques used by Internal Audit
- The mix of knowledge, experiences, and disciplines within the staff, including staff focus on process improvement
- A determination as to whether Internal Audit adds value and improves University operations
Reporting on the Quality of the Internal Audit Program
- Internal Assessments – Results of internal assessments will be reported to the Compliance and Audit Committee and to the senior management at least annually.
- External Assessments – Results of external assessments will be provided to the senior management and to the Compliance and Audit Committee. The external assessment report will be accompanied by a written action plan in response to significant comments and recommendations contained in the report.
- Follow-up – The Director Compliance and Internal Audit office will implement appropriate follow-up actions to ensure that recommendations made in the report and action plans developed are implemented within a reasonable timeframe.
This program will be appropriately updated for changes in the Standards or internal audit operating environment.