1D.1 Office of Internal Auditing

Board Policies
Chapter 1 - System Organization and Administration
Section D - Office Of Internal Auditing

Click here for a PDF copy of this policy.

Part 1. Mission. The mission of the Office of Internal Auditing is to provide independent, objective assurance and consulting services designed to add value and improve the operations of the Minnesota State Colleges and Universities. Internal Auditing helps the Board of Trustees, Chancellor, presidents, and all other levels of management accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Part 2. Values and Principles. The Office of Internal Auditing is committed to:

  • Supporting the success of public higher education (student success and learning),
  • Practicing with integrity, honesty, and objectivity.
  • Complying with professional and ethical standards
  • Protecting confidentiality of information
  • Conveying results first to appropriate management (no public surprises) and as necessary to other stakeholders
  • Promoting accessibility to internal auditing services, both geographically and by fostering relationships with campus personnel
  • Understanding the unique needs of individual institutions
  • Maintaining excellence through innovative and proactive methodologies, professional development, and continuous learning.
  • Celebrating success.

Part 3. Vision Statement. The Office of Internal Auditing is a catalyst for improvement.

Part 4. Standards of Practice. Internal Auditing activities will be conducted in compliance with the Minnesota State Colleges and Universities policies and procedures as well as with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics promulgated by the Institute of Internal Auditors.

Part 5. Services. Internal Auditing shall be an advocate to improve and maintain accountability and promote the proper management oversight of the system office, and college and university programs and activities. Internal Auditing is intended to complement, and not replace, other services available either on campuses or in the system office. It has particular expertise in topics such as auditing, accounting, internal controls, financial risk management, and information technology. When dealing with matters outside its expertise, Internal Auditing shall seek the assistance of other experts in the organization or obtain external consultative services, if necessary. It offers the following types of services in order to assist the Board of Trustees, Chancellor and presidents in accomplishing their objectives and in improving operations.

a. Assurance Services consist of examinations designed to inform interested stakeholders about the reliability and accuracy of information and information systems. System-wide topics may be selected by formal action of the Board of Trustees. Internal Auditing may also enter into agreements to conduct special studies requested by the Chancellor or a president. Studies may focus on (1) compliance with board policies, laws, and regulations, (2) reliability of information, (3) economy and efficiency of operations, (4) effectiveness in meeting goals and objectives, (5) design and effectiveness of information technology security controls, or (6) safeguarding of assets. Internal Auditing shall coordinate all audit-related activities conducted by the Legislative Auditor and external auditors within MnSCU. Internal Auditing must follow-up on audit findings generated by either internal or external audits and ensure that findings are satisfactorily resolved.

b. Fraud Inquiry and Investigation Support Services are intended to augment the efforts of colleges and universities to ensure that evidence of fraud or dishonest acts is investigated professionally and promptly. Internal Auditing shall look to legal counsel for leadership on any issues that may involve criminal action or reveal potential legal exposures. It is recognized that these matters must be reported to the Legislative Auditor as required by state law.

c. Professional Advice shall promote an understanding and implementation of state laws and rules, federal laws and regulations, board policies and procedures, professional accounting and auditing standards, and best practices in management and organizational development. Advice may be communicated in response to questions for which Internal Auditing has expertise, through availability of self-assessment tools, by broadly relaying or publicizing information on selected topics, or by offering workshops and inservices on-site or via technology such as webinars.

Part 6. Authority and Responsibilities. Internal Auditing has the authority to audit all parts of MnSCU and is granted full and complete access to all MnSCU records (manual or electronic), physical properties and personnel relevant to any services provided according to this policy. Access is also granted, by contract, to relevant records of all MnSCU related foundations, contractors, and partners. Documents and information given to internal auditors shall be handled in compliance with provisions of the Minnesota Government Data Practices Act.

Internal Auditing shall have no direct authority over or responsibility for any of the activities or operations they review. Unless extenuating circumstances dictate, internal auditors should not develop and implement procedures, prepare records or engage in activities which would normally be reviewed by Internal Auditing. Internal Auditing may review proposed systems and processes prior to implementation to assure adequate controls will exist.

Part 7. Organization. The Executive Director of Internal Auditing reports directly to the Board of Trustees through the Chair of the Board of Trustees Audit Committee. The Chancellor will handle matters related to audit departmental operations in consultation with the Chair of the Audit Committee.

The Executive Director of Internal Auditing shall present to the Audit Committee an annual audit plan based on a system-wide audit risk assessment. The plan shall include all Internal Auditing and external audit activities planned for the ensuing fiscal year. The Executive Director shall report any significant changes to the audit plan throughout the year.

The Executive Director has direct and unrestricted access to the Board of Trustees. The Executive Director has the right and responsibility to report to the Trustees any circumstances that are significant violations of MnSCU controls, policies or procedures and any other matters that the Executive Director believes warrant Trustee notification. Internal Auditing is a function shared with the Chancellor and the presidents. Therefore, the Executive Director has the right and responsibility to report any matters to the Chancellor and presidents that warrant their notification or assist them in improving their operations.

Part 8. Internal Auditing Data. As required by Minnesota State Statutes 13.392, Subdivision 1, data notes, and preliminary drafts of reports created, collected, and maintained by Internal Auditing are confidential data on individuals or protected nonpublic data while work is in progress. The final report is public data, except as provided under the Minnesota Government Data Practices Act. Also, as required by Minnesota State Statutes 13.392, Subdivision 2, data on an individual supplying information for an audit or investigation that could reasonably be used to determine the individual's identity, are private data on individuals if the information supplied was needed for an audit or investigation and would not have been provided to Internal Auditing without an assurance to the individual that the individual's identity would remain private.

Part 9. Reporting. Internal Auditing reports resulting from services requested by the Audit Committee shall be distributed to members of the Board of Trustees. Copies of these reports also shall be distributed to management as appropriate. The Executive Director shall enter into an agreement with the Chancellor, other senior administrators, or a president to direct the distribution of Internal Auditing reports resulting from services not requested by the Audit Committee. Such reports shall be distributed to the Board of Trustees if the circumstances that are cited in Part 7 of this policy are revealed.

The Executive Director shall present periodic follow-up reports to the Audit Committee that shows progress toward implementing internal and external audit findings previously reported to the committee.

The Executive Director shall present an annual report to the Audit Committee that shows the results of audits conducted during the previous fiscal year, including a summary of significant audit results.

Related Documents:

Policy History:

Date of Adoption: 7/19/00,
Date of Implementation: 7/19/00,

Date & Subject of Revisions:

11/16/11 - Amended throughout to clean up language and comply with International Standards for the Professional Practice of Internal Auditing. Removed Part 5c, Consulting Services.

7/19/00 - repealed MnSCU Policy 7.2 Parts 1-2 & 4-7.

There is no additional HISTORY for policy 1D.1.