Skip to main content
Close

Internal Audit

 PDF
  1. POLICY

    Internal Audit is an independent and objective department that assists Salt Lake Community College in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of internal controls, governance processes, and the management of institutional risks. The college places no limitations on the scope of Internal Audit’s work.

  2. REFERENCES
    1. Utah Internal Audit Act, Utah Code Ann. §§ 63I-5-101–401.
    2. Internal Audit Program, Utah State Bd. of Regents r. 567.
  3. DEFINITIONS
    1. Audit: A systematic process of measuring intended results against actual conditions resulting in the communicating of issues to interested parties in a report format.
    2. Audit Issue: Auditors use audit issues to document a control breakdown within a process or function, performance gaps or deficiencies, or potential adverse consequences that may prevent the achievement of a goal or objective.
    3. Client: An area within the college that is subject to audit.
    4. Client Action Plan: A plan created by the client in response to Audit Issues. These plans identify responsible parties, steps required to remediate audit issues, and expected timelines for resolution.
    5. Exception: A deviation from the expected standards or results noted during audit or review.
    6. Follow-up Procedures: Procedures performed within a reasonable period after the issuance of an audit report that are designed to determine if the client has remediated the audit issues.
    7. Internal Controls: Processes created by the college’s management and other personnel that are designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
    8. Limited Review: A systematic process of inquiries and analytical procedures that are designed to detect material weaknesses or nonconformance with applicable standards. A limited review is narrow in scope and answers specific questions raised but may not necessarily identify all weaknesses that a full audit might identify.
  4. PROCEDURES
    1. Authority
      1. Internal Audit derives its authority directly from Utah Code, The Utah Board of Regents rules, the Salt Lake Community College Board of Trustees Audit Committee, the college administration, and the Internal Audit department’s charter statement.
      2. Internal Audit’s authority extends to:
        1. any department, system, function, program, or administrative unit which operates as part of the college or that is consolidated in the college’s annual financial statements; and
        2. the college’s business partners if the contract or agreement has a right to audit clause.
      3. Internal Audit has free and unrestricted access to all college records, personnel, and physical property relevant to its current work projects.
      4. Due to the requirement to maintain independence from management, Internal Audit shall assume neither authority nor responsibility for any activities audited, investigated, or reviewed.
    2. Responsibilities
      1. Internal Audit maintains a risk-based program which includes:
        1. audits and associated follow-up;
        2. investigations;
        3. limited reviews; or
        4. other special projects requested by management.
      2. The Internal Audit director will communicate with and provide reports to the Board of Trustees Audit Committee, president, and appropriate vice president.
      3. Internal Audit will protect all information gathered and provide documents in accordance with federal and state law.
      4. Internal Audit may assist management through appropriate requests for services to identify fraud. However, management retains the responsibility for daily oversight of operations and to be aware for any signs of fraud.
      5. If any criminal activity is suspected, Internal Audit will notify the college’s Public Safety office.
    3. Audit Procedures
      1. Audit Notification

        Internal Audit will ordinarily provide notice of an audit to the appropriate vice president, department administrator, or other responsible administrators.

      2. Opening Conference

        Internal Audit will meet with the client prior to substantial commencement of the audit to communicate audit scope, objectives, and criteria.

      3. Audit Planning and Fieldwork

        Internal Audit will plan and perform fieldwork consistent with the application of International Standards for the Professional Practice of Internal Auditing.

      4. Draft Audit Report
        1. Internal Audit will develop a draft audit report which summarizes the audit scope, objectives, criteria, findings and recommendations.
        2. Internal Audit will provide a copy of the draft report to allow the client to review, comment, and prepare the client action plan.
      5. Client Action Plan
        1. The client action plan is due 10 working days after Internal Audit provides the client with a draft copy of the audit report.
        2. The client should respond to each recommendation separately and must include:
          1. a statement of agreement or disagreement with the finding and recommendation;
          2. a detailed description of the corrective action to be taken and how it will remediate the noted issue;
          3. a description of physical evidence, if any, to provide the support that the action plan has been implemented as agreed;
          4. the date by which the implementation will be complete; and
          5. the party responsible for the completion of implementation.
      6. Final Audit Report and Closing Communications
        1. Internal Audit will issue a final audit report that includes the client action plan.
        2. Internal Audit will communicate the results of the audit to the appropriate parties by an agreed-upon method, which may include in-person meetings, electronic, or other forms of communication.
      7. Follow-up Procedures
        1. Internal Audit will maintain a record of recommendations arising from audits performed by Internal Audit and other auditors. It will follow up with the client at times specified in the client action plan or other appropriate times.
        2. The follow-up procedures may be limited to those necessary to verify that adequate procedures have been implemented by the client to remediate the deficiencies noted in a previous audit.
        3. If necessary, Internal Audit may expand procedures to a full audit.
        4. Internal Audit will provide periodic reports to the president, executive cabinet, and Board of Trustees Audit Committee regarding outstanding audit recommendations and completion of client action plans.
    4. Record Retention

      Internal Audit shall comply with the Utah State Records Committee’s retention schedules, GRAMA, and other relevant laws.


Date of last cabinet review: February 11, 2020

The originator of this policy & procedure is Internal Audit. Questions regarding this policy may be
directed to the originator by calling 801-957-4009.