System Supplement logo

Article Posted March 26, 2013

Picture for When Is the Auditor Audited? article

When Is the Auditor Audited?

Measuring and assessing performance is just as important for the Office of Internal Audit and Compliance as it is for any department. The International Standards for the Practice of Internal Auditing (Standards) requires that an external assessment be conducted of internal audit departments at least once every five years by a qualified, independent reviewer or review team from outside the organization. The purpose of the review is to provide reasonable assurance to management and stakeholders that the Office of Internal Audit and Compliance is in compliance with applicable auditing standards.

The Chief Audit Officer leads the process of selecting an external assessor or independent validator with the full involvement and support of senior management and audit committees. The external assessment looks at the organizations’ internal controls, ethics, governance, and risk management processes. An external assessment also builds stakeholder confidence by documenting management’s commitment to quality and successful financial practices.

Following are the Standards that serve as the criteria for evaluating performance.

Purpose, Authority, and Responsibility – the purpose, authority, and responsibility of the internal audit activity as formally defined in a charter, are consistent with the Standards, and properly approved.

•Independence and Objectivity – the internal audit activity is independent and objective in performing work.

•Due Professional Care – internal audit staff possesses the knowledge, skills, and other competencies needed to perform their responsibilities. Internal auditors enhance their knowledge, skills, and competencies through continuing professional development.

•Quality Assurance and Improvement Program – internal audit has developed and maintains a quality assurance and improvement program that covers all aspects of internal audit activity and one that is continuously monitored for effectiveness.

•Managing the Internal Audit Activity – the internal audit activity is effectively managed to ensure it adds value to the organization. Internal Audit has developed risk-based audit plans.

•Nature of Work – the internal audit activity evaluates and contributes to the improvement of risk management, controls, and governance processes using a systematic and disciplined approach.

•Performing the Engagement – internal auditors identify, analyze, evaluate, and document sufficient information to achieve the engagement’s objectives.

•Communicating Results – communications must include the engagement’s objectives and scope as well as applicable conclusions, recommendations, and action plans.

•Monitoring Progress – there is a system in place to monitor the disposition of results communicated to management.

•Resolution of Management’s Acceptance of Risk – if Internal Audit believes that management has accepted a level of residual risk that may be unacceptable to the organization, the matter must be discussed with senior management. If the matter is still not resolved, then it must be reported to the board for resolution.

The Office of Internal Audit and Compliance completed an External Quality Assessment in May 2010 and was Generally Conformed with the Standards. The next peer review will take place in 2015. We recognize that there are always opportunities to improve performance and look forward to increasing the efficiency and effectiveness of our department.

Michael J. Foxman

Executive Director of Internal Audit

Office of Internal Audit & Compliance

Telephone: 404-962-3021​

Posted by Michael J. Foxman
Published in: Policy Briefs

Most Recent in: Policy Briefs

Extra Compensation Related to Federal Grants

Extra Compensation Related to Federal Grants

Posted by OIAC
March 26, 2013

Internal Control Issues Concerning Grant Awards

Internal Control Issues Concerning Grant Awards

Posted by OIAC
October 25, 2012

Employment Background checks as an Auditable Issue

Employment Background checks as an Auditable Issue

Posted by Marion Fedrick
October 25, 2012



Internal Audit & Compliance
Board of Regents of the University System of Georgia
270 Washington Street, SW
Atlanta, GA  30334

Tel.: 404-962-3020
Fax: 404-962-3033
Email: .(JavaScript must be enabled to view this email address)