Internal Audit of William Paterson University of New Jersey is governed by the Internal Audit Charter approved by the Audit Committee of the Board of Trustees and the Policies and Procedures set herewith. Internal Audit subscribes to the Institute of Internal Auditors’ Standards for the Professional Practice of Internal Auditing and the Core Principles stipulated by the Institute of Internal Auditors.
The mission of Internal Audit is to provide independent and objective reviews and assessments of the business activities, operations, financial systems and internal accounting controls of William Paterson University of New Jersey. Internal Audit accomplishes its mission through the conduct of operational, financial, regulatory and performance audits, selected as a result of a comprehensive risk analysis and assessment process. The risk assessment plan is reviewed and approved by the Audit Committee of the Board of Trustees and the President of William Paterson University of New Jersey.
Internal Audit conducts independent reviews and appraisals of the University’s procedures and operations. These reviews provide management with an independent appraisal of the various operations and systems of control. The reviews also help to ensure that University resources are used efficiently and effectively while working towards helping the University achieve its mission, as endorsed by the Board of Trustees. It is the intention of Internal Audit to perform this service with professional care and with minimal disruption to University operations.
The internal audit function will conduct its activities in accordance with the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing and Code of Ethics. Generally accepted auditing standards promulgated by the American Institute of Certified Public Accountants and government auditing standards issued by the United States Government Accountability Office will be referenced as appropriate.
Internal Audit at William Paterson University subscribes to the Core Principles stipulated by the Institute of Internal Auditors. Internal Audit will align its effectiveness with the following principles:
Internal Audit at William Paterson University shall subscribe to the Code of Ethics established by the Institute of Internal Auditors, as well as adhere to the policies set forth by the management of the University and the State of New Jersey. In addition, Internal Audit will uphold the following:
Internal Audit at William Paterson University will adhere to the following standards of conduct:
While carrying out its duties, Internal Audit is responsible for utilizing a systematic, disciplined approach to evaluating and improving the effectiveness of internal controls and should include the following:
Internal Audit’s primary activity is to implement a program of regular audits of University business operations. The complete range of services provided by Internal Audit may also include special projects and consultations as directed by the President and the FAID Committee. Reviews performed by Internal Audit include:
The Internal Auditor has a professional obligation to schedule and attend on-going professional education forums to ensure they maintain academic proficiency and to advance professionally.
Responsibility for Detection of Errors or Irregularities
The management of the University is responsible for establishing and maintaining controls to discourage perpetuation of fraud. Internal Audit is responsible for examining and evaluating the adequacy and effectiveness of those controls. Audit procedures alone are not designed to guarantee the detection of fraud.
An error is an unintentional mistake in financial statements which includes mathematical or clerical mistakes in the underlying records and accounting data from which the financial statements or other reports are prepared, mistakes in the application of accounting principles and oversight or misinterpretation of facts that existed at the time the reports were prepared. An irregularity is an intentional distortion of financial statements or other reported data or the misappropriation of assets.
If Internal Audit believes that a material error or an irregularity exists in an area under review or in any other area of the University, the implications of the error or irregularity and its disposition shall be reviewed with the responsible Vice President and/or the President.
As noted throughout this Charter, the Director of Internal Audit is responsible for establishing a risk-based plan to determine the priorities of the internal audit activity, consistent with the University’s goals. The risk assessment takes into consideration the risk profile of the University as set by Management as well as the Auditor’s own judgement of risk and input from Management, the President and the FAID Committee. The plan will be adjusted and reviewed as needed in response to changes in the University’s business, risks, operations, programs, external regulations, systems and controls.
At least annually, the Director of Internal Audit will submit to the President and the FAID Committee an internal audit plan. The Committee will review, discuss, and endorse the plan subject to the FAID Committee members’ concurrence. The internal audit plan will include a summary of engagements and other audit activities, as well as resource requirements for the next fiscal year. The Director of Internal Audit will communicate the impact of resource limitations and significant interim changes to senior management and the FAID Committee. Any proposed changes to the approved Audit Plan will be presented to the President and to the FAID Committee at subsequent meetings.
Internal Audit will evaluate each identified auditable area based on certain risk factors and the weight of risk impact and risk concerns, as follows:
Risk Measures taken in consideration when rating each auditable area that weigh on the risk impact and risk concern are:• Analysis and prioritization of the audit universe.• Input of senior management and the FAID Committee.• First-hand knowledge of the College and its evolving operations.• Results of prior audits.• Understanding of risk in higher education, and biomedical and health care services.• Quality of management.• Emerging needs of campus clients.• Support to external auditors.
The majority of audits are planned. However, said planning does not preclude Internal Audit from conducting unplanned audits. Prior to any audit, the Director of Internal Audit will discuss the engagement with management. The discussion will include the scope, purpose and estimated timeframe of the audit. As unplanned projects emerge, they will be included in the overall plan for the year.
Although every audit project is unique, the audit process is similar for most engagements and normally consists of five stages:1. Audit Announcement and Initial Meeting2. Preliminary Review3. Fieldwork4. Audit Report5. Follow-upClient involvement is critical at each stage of the audit process. As in any special project, an audit results in a certain amount of time being diverted from a unit’s usual routine. A key objective of an internal audit is to minimize this time and avoid disrupting the on-going activities.
The Director of Internal Audit, will schedule a meeting with (as appropriate) the Unit Manager and the Senior Managers of the process to be audited. An initial meeting will take place, during this meeting, the client describes the unit and/or system, the organization, available resources (personnel, facilities, equipment, funds), and other relevant information. The internal auditor meets with the senior officer directly responsible for the unit under review and any staff members he/she wishes to include. It is important that the client identify issues or areas of special concern that should be addressed.
The development of the Audit Program is based on the preliminary survey and internal control reviews. The auditor talks to key personnel and reviews reports, files and other information as needed to obtain a general overview of the operations. The auditor will review the unit’s internal control structure, which helps the auditor determine the areas of highest risk and design tests to be performed in the fieldwork section. The audit program outlines the fieldwork necessary to achieve the audit objectives.
The field work concentrates on transaction testing and informal communications. It is during this phase that the auditor determines whether the controls identified during the preliminary review are operating properly and in the manner described by the client. The fieldwork stage concludes with a list of issues or/and best practices from which the auditor will prepare a draft of the audit report.
Internal Audit’s principal product is the final report in which we express our opinions, present the audit issues, and action to be taken for improvements. To facilitate communication and ensure that the final report is practical, Internal Audit will discuss the rough draft with the auditee prior to issuing the final report.
Internal Audit reports are considered advisory, consultative, deliberative and highly confidential. Approval is required from the Director of Internal Audit and General Counsel prior to release to anyone not noted on the report distribution list.
The Institute of Internal Auditors (IIA) Professional Standard 2500, requires the Auditor to establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action.
Evidential matter obtained during the course of fieldwork provides the documented basis for the auditor’s opinions, observations and recommendations as expressed in the auditor’s opinions, observations and recommendations as noted in the audit report. The Office of Internal Audit is obligated by professional standards to act objectively, exercise due professional care and collect sufficient and relevant information to provide a sound basis for audit observations and recommendations.
Auditors must obtain all evidence necessary for the effective completion of the audit. The decision on how much evidence is enough and what type to seek requires the exercise of the auditor’s judgment based on experience, education and intuition. A thorough knowledge of the concepts underlying audit evidence will help the auditor to improve the audit quality and efficiency of the process.
Standards for the Professional Practice of Internal Auditing require that work papers possess certain attributes to provide a sound basis for audit observations and opinions and to be considered as evidential matter. These attributes are:
If the evidence supports the basic test of sufficiency, competence and relevance, it may be used to support the auditor’s findings. The following outlines the different types of evidence obtained during the course of an audit:
Standards for the Professional Practice of Internal Auditing require that audit workpapers reflect the details of the evidence upon which the auditor has relied. The Internal Auditor must maintain adequate documentation of the audit, including the basis and extent of planning, the work performed and the results and findings of the audit. This will allow the workpapers to serve both as tools to aid the auditor in performing their work and as written evidence of the work done to support the auditor’s report. Information included in work papers should be sufficient and relevant to provide a sound basis for audit findings and recommendations. Evidence gathered should be organized and easily correlated with audit program steps and subsequent conclusions and issues reported.
In the process of collecting evidential matter, the auditor is required to perform audit testing to support all observations and opinions. During the performance of such testing, the auditor is not required to test the population in its entirety. Audit sampling may be employed. Audit sampling is performing an audit test on less than 100% of a population. In “sampling”, the auditor accepts the risk that some or all errors will not be found and the conclusions drawn (i.e. all transactions were proper and accurate) may be wrong. The type of sampling used and the number of items selected should be based on the auditors understanding of the relative risks and exposures of the areas audited.
June 2024
William Paterson University
300 Pompton Road
Wayne, New Jersey 07470
973-720-2000
Stay Connected