- Home//
- Internal Audit//
- Policies and Regulations
Policies and Regulations
Policy
The Board of Trustees of the Conroe Independent School District (CISD) recognizes the need to establish and support an internal audit position as an independent appraisal function to examine and evaluate district activities as a service to administration and the Board. The Internal Auditor shall report administratively to the Superintendent and functionally to the Board of Trustees.
The Board authorizes the administration to prepare regulations and, upon approval by the Board, directs that these regulations be implemented. The Board, through the Audit Committee, shall review, at least annually, the results of internal audits and the planned deployment of resources for future internal audits.
Internal audit is an independent, objective assurance and consulting activity established within the district to examine and evaluate its activities, add value and improve an organization’s operations. It helps an organization accomplish its goals and objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. All internal audit endeavors are to be conducted in compliance with district objectives and policies as well as the Code of Ethics and the Standards for the Professional Practice of Internal Auditing, which are promulgated by The Institute of Internal Auditing.
Internal audit is dedicated to assisting district management in the effective discharge of their responsibilities. To this end, it furnishes them with analyses, appraisals, recommendations, counsel and information concerning the activities reviewed. The audit objective includes promoting effective control at a reasonable cost.
Internal audit functions under policies established by the Board of Trustees. The Internal Auditor reports administratively to the Superintendent and functionally to the Board of Trustees and meets periodically with the Audit Committee of the Board. These reporting relationships ensure departmental independence, promote comprehensive audit coverage and assure adequate consideration of audit recommendations.
Internal audit is a staff function with no authority over the people and the activities being audited. Independence from operating responsibility promotes objectivity. To conduct audits, internal auditing is authorized free access to district records, personnel and physical properties relevant to the subject being reviewed, without relieving other administrators of their management control responsibilities.
The mission of internal auditing is as follows:
- Review departments and programs within the district at appropriate intervals to determine whether they are efficiently and effectively carrying out their functions of planning, organizing, directing and controlling in accordance with management instructions, policies and procedures, and in a manner that is consistent with both district objectives and high standards of administrative practice.
- Determine the adequacy and effectiveness of the district’s systems of internal accounting and operating controls.
- Review the reliability and integrity of financial information and the means used to identify measure, classify and report such information.
- Review the established systems to ensure compliance with those policies, plans, procedures, laws and regulations which could have a significant impact on operations and reports, and determine whether the district is in compliance, and suggest changes where required.
- Review the means of safeguarding assets and, as appropriate, verify the existence of such assets.
- Appraise the economy and efficiency with which resources are employed, identify opportunities to improve operating performance, and recommend solutions to problems where appropriate.
- Review operations and programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
- Coordinate audit efforts with other independent outside auditors as appropriate.
- Participate in the planning, design, development, implementation and operation of major computer-based systems to determine whether
- adequate controls are incorporated in the systems,
- thorough system testing is performed at appropriate stages,
- system documentation is complete and accurate, and
- the needs of the user organization are met.
- Conduct periodic audits of computer service centers and make post-installation evaluations of major data processing systems to determine whether these systems meet their intended purposes and objectives.
- Review compliance with the district’s guidelines for ethical business conduct and see that the highest standards of performance are met.
- Submit annual audit plans to the Superintendent and the Audit Committee for their review, input and approval.
- Report regularly to the Superintendent and the Audit Committee of the Board on whether:
- Appropriate action has been taken on significant audit findings;
- Audit activities have been directed toward the highest exposures to risk and toward increasing efficiency, economy and effectiveness of operations;
- Internal and external audits are coordinated to avoid duplication;
- Internal audit plans are adequate; and
- There is any unwarranted restriction on the staffing and authority of internal auditing or on access by the internal auditors to district activities, records, property or personnel.
- Report to the Superintendent, Audit Committee of the Board and to those members of management who should be informed or who should take corrective action, the results of audit examinations, the audit opinions formed, and the recommendations made.
- Evaluate any plans or actions taken to correct reported conditions for satisfactory disposition of audit findings. If the corrective action is considered unsatisfactory, hold further discussions to achieve acceptable disposition.
Provide adequate follow-up to make sure that adequate corrective action is taken and that it is effective.
Administrators over audited areas are responsible for seeing that corrective action on reported weaknesses is planned and reported to the Internal Auditor in a written report within two weeks of the date of the draft report. The corrective action report describing actions planned or completed should be sent to the Internal Auditor for inclusion in the final audit report to the Superintendent and the Board. Corrective action should be started within 60 days of the report disclosing those weaknesses. When corrective action will take a longer period of time to complete, quarterly status reports should be sent to the Superintendent and the Internal Auditor.
Internal auditing follows the Standards for the Professional Practice of Internal Auditing as established by the Institute of Internal Auditors.
The Standards include:
Attribute Standards
Purpose, authority and responsibility; Independence and objectivity; Impairment to independence and objectivity; Proficiency and due professional care; and Quality assurance and improvement program; and
Performance Standards
Managing the internal audit activity; Nature of work; and Engagement planning; Performing the engagement; Communicating results; Monitoring progress; and Communicating the Acceptance of Risks.
Quality Assurance
As required by the Standards, the internal audit function should develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. the quality assurance and improvement program must include both internal and external assessments. Internal assessments include ongoing monitoring of the performance of the internal audit activity and periodic self-assessments. External assessment should be conducted at least once every five years by a qualified, independent assessor from outside the district. External assessments can be in the form of a full external assessment or a self-assessment with independent external validation.
In keeping with the requirements of the policy and generally accepted professional standards, the internal auditor has established audits of programs and departments in the following areas:
- Financial – to determine whether financial operations are conducted properly and whether financial reports are presented fairly.
- Compliance – to determine whether operations have been carried out in compliance with applicable laws, regulations and established policies.
- Economy, effectiveness and efficiency – to determine whether allocated resources are managed and used in an economical, effective and efficient manner.
Audits can be performed by internal auditors covering any one of the above areas, or a comprehensive audit encompassing all of them can be undertaken.
In general, a financial audit will be limited to the financial and compliance areas. It will however, often address problems of economy, efficiency and effectiveness insofar as these apply to the system of internal controls used in financial operations.
An annual risk assessment will be performed by the Internal Auditor to determine the areas and processes posing the highest risk to the district. The annual audit plan will be prepared based on the results of this risk assessment. The plan is submitted to the Superintendent and the Audit Committee of the Board for their review and approval. In addition to regularly scheduled internal audits, time will be reserved for special requests for audits from the Superintendent, Board or administration and for investigations of alleged misconduct that may arise throughout the year. A request for audit services not included in the annual audit plan will be evaluated on the risk to the district and time required.
Some of the criteria used in making audit selections might be helpful to a requester in developing ideas or request for audits. They are:
Relative Risk and Exposure
Departments and programs that expend relatively large sums of money and are responsible for the management of significant amounts of human and capital resources, or are responsible for the receipt of large amounts of revenue, are considered high priority candidates for audit. There normally is great potential for identifying improvements in management, organizational structure and operating procedures to enhance economy, efficiency and effectiveness of such organizations. Conversely, there is greater risk of harmful effects if any existing weaknesses remain unidentified.
Assessment of Recent Audits or Management Studies
Programs with a history of problems and findings identified through prior audits and studies should be prime candidates for follow-up audits to determine whether identified weaknesses have been corrected.
Availability of Program Information
A department that provides little program information and has not been recently audited should be considered a prime candidate. This is particularly true of new or experimental programs. Audits will provide management and the Board with an attestation to the propriety, validity and reliability of data upon which future program decisions can be based.
Suspected Problems or Adverse Publicity
Programs with a history of controversy concerning their compliance, economy and efficiency should be audited to provide objective attestation to management’s response to such controversy. In addition, large budget increases, a large reduction or increase in the size or demands of the client population or a rapid turnover rate are valid indicators that an audit may be needed.