Internal Audit

In addition to the University of Wyoming Code of Ethical Conduct, the Internal Audit Department adheres to the mandatory elements of The Institute of Internal Auditors' (IIA) International Professional Practices Framework (IPPF), which includes the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing (the Standards), and the Definition of Internal Auditing. 

The purpose of The Institute’s Code of Ethics is to promote an ethical culture in the profession of internal auditing. A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about governance, risk management, and control. The Institute’s Code of Ethics extends beyond the Definition of Internal Auditing to include two essential components:

These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors

This Code of Ethics applies to both entities and individuals that perform internal audit services. For IIA members and recipients of or candidates for IIA professional certifications, breaches of the Code of Ethics will be evaluated and administered according to The Institute’s Bylaws and Administrative Directives. The fact that a particular conduct is not mentioned in the Rules of Conduct does not prevent it from being unacceptable or discreditable, and therefore, the member, certification holder, or candidate can be liable for disciplinary action.

Internal auditors are expected to apply and uphold the following principles:

Internal auditors:

1.1- Shall perform their work with honesty, diligence, and responsibility.

1.2- Shall observe the law and make disclosures expected by the law and the profession.

1.3- Shall not knowingly be a party to any illegal activity or engage in acts that are discreditable to the profession of internal auditing or to the organization.

1.4- Shall respect and contribute to the legitimate and ethical objectives of the organization.

2.-Objectivity

Internal auditors:

2.1- Shall not participate in any activity or relationship that may impair, or be presumed to impair their unbiased exam. This participation includes those activities or relationships that may be in conflict with the interests of the organization.

2.2- Shall not accept anything that may impair, or be presumed to impair their professional judgment.

2.3- Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

3.-Confidentiality

Internal auditors:

3.1- Shall be prudent in the use and protection of information acquired in the course of their duties.

3.2- Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

Internal auditors:

4.1- Shall engage only in those services for which they have the necessary knowledge, skills, and experience.

4.2- Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.

4.3- Shall continually improve their proficiency and the effectiveness and quality of their service.

Internal Audit Charter

The purpose of the University of Wyoming’s internal audit department is to provide independent, objective assurance and consulting services designed to add value and improve university operations.

The mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. The internal audit department helps the University of Wyoming accomplish its strategic objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.

Internal Audit will serve as one point of contact for the receipt of reports regarding suspected violations of laws, misuse of university resources, fraud, waste, abuse, etc., and cooperate with other units to coordinate a review of those concerns as deemed appropriate.

The internal audit department will govern itself by adherence to the mandatory elements of The Institute of Internal Auditors' (IIA) International Professional Practices Framework (IPPF), which includes the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing (the Standards), and the Definition of Internal Auditing.

The Director of Internal Audit will report periodically to senior management and the Fiscal and Legal Affairs Committee regarding the internal audit department’s conformance to the Code of Ethics and the Standards.

The Director of Internal Audit will report functionally and administratively to the Fiscal and Legal Affairs Committee of the Board of Trustees.  Administrative tasks (i.e., approval of leave, and expenditures) will be provided by the Office of the President.

To establish, maintain, and assure that the University of Wyoming’s internal audit department has sufficient authority to fulfill its duties, the Fiscal and Legal Affairs Committee will:

The Director of Internal Audit will have unrestricted access to, and communicate and interact directly with, the Fiscal and Legal Affairs Committee, including in private meetings without management present.

The Fiscal and Legal Affairs Committee authorizes the internal audit department to:

The Director of Internal Audit will ensure that the internal audit department remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of audit selection, scope, procedures, frequency, timing, and report content. If the Director of Internal Audit determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to appropriate parties.

Internal auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively and in such a manner that they believe in their work product, that no quality compromises are made, and that they do not subordinate their judgment on audit matters to others.

Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, internal auditors will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment, including:

Where the Director of Internal Audit has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards will be established to limit impairments to independence or objectivity.

Internal auditors will:

The Director of Internal Audit will confirm to the Fiscal and Legal Affairs Committee, at least annually, the organizational independence of the Internal audit department.

The Director of Internal Audit will disclose to the Fiscal and Legal Affairs Committee any interference and related implications in determining the scope of internal auditing, performing work, and/or communicating results.

The scope of internal audit activities encompasses, but is not limited to, objective examinations of evidence for the purpose of providing independent exams to the Fiscal and Legal Affairs Committee, management, and outside parties (as requested and approved by General Counsel) on the adequacy and effectiveness of governance, risk management, and control processes for the University of Wyoming. Internal audit exams include evaluating whether:

The Director of Internal Audit will report periodically to senior management and the Fiscal and Legal Affairs Committee regarding: 

The Director of Internal Audit also coordinates activities, where possible, and considers relying upon the work of other internal and external assurance and consulting service providers as needed.

Internal Audit will serve as one point of contact for the receipt of reports regarding suspected violations of laws, misuse of university resources, fraud, waste, abuse, etc., and cooperate with other units to coordinate a review of those concerns as deemed appropriate.

The internal audit department may perform advisory and related client service activities, the nature and scope of which will be agreed with the client, provided that the FLAC is aware of the allocation of resources, and the internal audit department does not assume management responsibility. Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during engagements. These opportunities will be communicated to the appropriate level of management.

The Director of Internal Audit has the responsibility to:

The internal audit department will initiate and maintain a quality assurance and improvement program that covers all aspects of the internal audit department. The program will include an evaluation of the internal audit department’s conformance with the Standards and an evaluation of whether internal auditors apply The IIA’s Code of Ethics.

The program will also assess the efficiency and effectiveness of the internal audit department and identify opportunities for improvement.  The Director of Internal Audit will communicate to senior management and the Fiscal and Legal Affairs Committee on the Internal audit department’s quality assurance and improvement program, including results of internal exams (both ongoing and periodic) and external exams conducted at least once every five years by a qualified, independent assessor or exam team from outside the University of Wyoming.

As adopted by the University of Wyoming Board of Trustees in May 2022 and approved by the President.

Internal Audit Charter

AUTHORITY:

The Board of Visitors has been authorized by the Commonwealth of Virginia to govern William & Mary and Richard Bland College.  The Board of Visitors has appointed the Committee on Audit, Risk and Compliance with oversight responsibility of the Office of Internal Audit (Internal Audit).  The Director of Internal Audit shall report directly to the Committee on Audit, Risk and Compliance.

 PURPOSE AND MISSION:

Internal audit is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of William & Mary and Richard Bland College (“the Colleges”). The mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.  Internal audit assists the Colleges in accomplishing their objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the Colleges’ governance, risk management, and internal controls. Internal audit shall consider and make recommendations on policy matters pertaining to campus safety and security and risk management.

 AUDITING STANDARDS:

Internal audit will govern itself by adherence to The Institute of Internal Auditors' mandatory guidance including the International Professional Practices Framework, the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing.

 UNRESTRICTED ACCESS:

Internal audit, with accountability for confidentiality and safeguarding records and information, is authorized full, free, and unrestricted access to any and all of the Colleges’ records, physical properties, and personnel pertinent to carrying out any engagement. Internal audit will also have free and unrestricted access to the Board of Visitors through the Committee on Audit, Risk and Compliance.

 ORGANIZATIONAL STRUCTURE:

The Internal Audit Director will report directly to the Committee on Audit, Risk and Compliance.

The Committee on Audit, Risk and Compliance will:

The Internal Audit Director will communicate and interact directly with the Committee on Audit, Risk and Compliance, including in executive sessions and between scheduled meetings, as appropriate.

 INDEPENDENCE AND OBJECTIVITY:

The internal audit activity will remain free from interference regarding matters of audit selection, scope, procedures, frequency, timing, or report content in order to foster an independent and objective mental attitude.

The Director of Internal Audit will confirm to the Committee on Audit, Risk and Compliance, at least annually, the organizational independence of the internal audit activity.

 INTERNAL AUDIT RESPONSIBILITY:

The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the College's governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve stated goals and objectives. This includes:

 INTERNAL AUDIT PLAN:

Annually, the Internal Audit Director will submit to the Committee on Audit, Risk and Compliance and senior management an internal audit plan for review and approval. The internal audit plan will represent a work plan for the next calendar year. The Director of Internal Audit will communicate the impact of resource limitations and significant interim changes to the Committee on Audit, Risk and Compliance and senior management, as appropriate. The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input of the Committee on Audit, Risk and Compliance and senior management. The Director of Internal Audit will review and adjust the plan, as necessary, in response to changes in risks, operations, programs, systems, and controls. Any significant deviation from the approved internal audit plan will be communicated to the Committee on Audit, Risk and Compliance through periodic reports.

 REPORTING AND MONITORING:

A written report will be prepared and issued by the internal audit department following the conclusion of each formal internal audit engagement and will be distributed as appropriate. Internal audit results will also be communicated to the Committee on Audit, Risk and Compliance. The internal audit report will include management’s response and corrective action taken or to be taken in regard to the specific findings and recommendations.

 Internal audit will follow-up on audit findings and recommendations.  The status of follow-up activity will be regularly reported to the Committee on Audit, Risk and Compliance.  The Internal Audit Director will periodically report to the Committee on Audit, Risk and Compliance on internal audit activity, as well as performance relative to the annual plan. Reporting will also include significant risk exposures and control issues, including fraud risks, emerging trends, governance issues, and other matters needed or requested the Committee on Audit, Risk and Compliance or senior management.

                                                                                                                                                                  Updated 4/20