Board Policies
Chapter 1 - System Organization and Administration
Section D - Office Of Internal Auditing

Click here for a PDF copy of this policy.

Part 1. Mission. The mission of the office of internal auditing is to provide independent, objective assurance and consulting activity designed to add value and improve the operations of the Minnesota State Colleges and Universities. Internal auditing helps the board, chancellor, presidents, and other levels of management accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Part 2. Vision Statement. The office of internal auditing is a catalyst for improvement.

Part 3. Standards of Practice. Internal auditing activities must be conducted in compliance with board policies and system procedures. In addition, internal auditing shall comply with relevant professional standards and the Institute of Internal Auditors’ mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (Standards).

Part 4. Services. Internal auditing shall be an advocate to improve and maintain accountability and promote the proper management oversight of the system office, and college and university programs and activities. Internal auditing is intended to complement, and not replace, other services available either on campuses or in the system office. It has particular expertise in topics such as auditing, accounting, internal controls, financial risk management, and information technology. When dealing with matters outside its expertise, internal auditing shall seek the assistance of experts in the organization or obtain external consultative services, as necessary. It offers the following types of services in order to assist the board, chancellor and presidents in accomplishing their objectives and in improving operations.

Subpart A. Assurance Services consist of examinations designed to inform interested stakeholders about the reliability and accuracy of information and information systems. Systemwide topics may be selected by formal action of the board. Internal auditing may also enter into agreements to conduct special studies requested by the chancellor or a president. Studies may focus on (1) compliance with board policies, laws, and regulations, (2) reliability of information, (3) economy and efficiency of operations, (4) effectiveness in meeting goals and objectives, (5) design and effectiveness of information technology security controls, or (6) safeguarding of assets. Internal auditing shall coordinate all audit-related activities conducted by the Office of the Legislative Auditor and external auditors within MnSCU. Internal auditing must follow-up on audit findings generated by either internal or external audits to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action.

Subpart B. Fraud Inquiry and Investigation Support Services are intended to augment the efforts of colleges and universities to ensure that evidence of fraud or dishonest acts is investigated professionally and promptly. Internal auditing shall consult with legal counsel on any issues that may involve criminal action or reveal potential legal exposure. Internal auditing shall notify the legislative auditor as required by state law.

Subpart C. Professional Advice shall promote an understanding and implementation of state laws and rules, federal laws and regulations, board policies and system procedures, professional accounting and auditing standards, and best practices in management.

Part 5. Authority and Responsibilities. Internal auditing has the authority to audit all parts of the system and shall be granted full and complete access to all system records, physical properties and personnel relevant to any services provided according to this policy. Access also shall be granted without limitation to relevant records of all system related foundation agreements, contracts, and other written agreements. The audit activity shall be free from interference in determining the scope of work and communicating results. Documents and information given to internal auditors shall be handled in compliance with the Minnesota Government Data Practices Act and other applicable laws.

Internal auditing shall have no direct authority over or responsibility for any of the activities or operations it reviews. Unless extenuating circumstances dictate, internal auditors should not develop and implement procedures, prepare records or engage in activities which would normally be reviewed by internal auditing. Internal auditing may review proposed systems and processes prior to implementation to assure adequate controls will exist.

Part 6. Organization.

Subpart A. Reporting Structure. The executive director reports directly to the board through the chair of the Audit Committee. The executive director has direct and unrestricted access to the board. The chancellor shall handle matters related to audit departmental operations in consultation with the chair of the Audit Committee.

Subpart B. Annual Audit Plan. The executive director shall present and seek approval from the Audit Committee on an annual audit plan based on a systemwide audit risk assessment. The plan shall include all internal auditing and external audit activities planned for the ensuing fiscal year. In addition, the plan shall include the internal auditing budget and resource allocation. The executive director shall report to the Audit Committee any significant changes to the audit plan throughout the year.

Subpart C. Reporting Significant Violations. The executive director has the right and responsibility to report to the board any circumstances that are significant violations of internal controls, board policy or system procedures and any other matters that the executive director believes warrant notification. Internal auditing is a function shared with the chancellor and the presidents. The executive director has the right and responsibility to report any matters to the chancellor and presidents that warrant their notification or assist them in improving their operations.

The appointment, removal, and compensation of the executive director shall be consistent with Policy 1A.4, Part 5.

Part 7. Internal Auditing Data. In accordance with Minn. Stat. § 13.392, subd. 1, data notes, and preliminary drafts of reports created, collected, and maintained by internal auditing are confidential data on individuals or protected nonpublic data while work is in progress. The final report is public data, except as provided under Minn. Stat. ch. 13 or other applicable law.

In accordance with Minn. Stat. § 13.392 subd. 2, data on an individual supplying information for an audit or investigation that could reasonably be used to determine the individual’s identity, shall be classified as private data on individuals if the information supplied was needed for an audit or investigation and would not have been provided to internal auditing without an assurance to the individual that the individual’s identity would remain private.

Part 8. Reporting.

Subpart A. Distribution of Reports. Internal auditing reports resulting from services requested by the Audit Committee shall be distributed to all trustees. The executive director shall enter into an agreement with the chancellor, other senior administrators, or a president to direct the distribution of internal auditing reports resulting from services not requested by the Audit Committee. Such reports shall be distributed to the board if warranted under Part 6.

Subpart B. Follow-up Reporting. The executive director shall provide periodic follow-up reports to the Audit Committee on progress toward implementing internal and external audit findings.

Subpart C. Annual Report. The executive director shall provide an annual report to the Audit Committee including:

  1. Audits conducted during the previous fiscal year, including a summary of significant audit results.
  2. Whether internal auditing was organizationally independent and free of any scope and resource limitations in performing its audits.
  3. Review of the Definition of Internal Auditing, the Code of Ethics, and the Standards with senior management and the board.

Related Documents:

Policy History:

Date of Adoption: 7/19/00,
Date of Implementation: 7/19/00,

Date & Subject of Revisions:

6/17/15 - Amended throughout to clean up language and comply with changes to the International Standards for the Professional Practice of Internal Auditing.

Click here for additional 1D.1 HISTORY.