Internal Audit

From University of Nebraska Medical Center
Jump to: navigation, search
Human Resources   Safety/Security   Research Compliance   Compliance   Privacy/Information Security   Business Operations   Intellectual Property

General Accounting | SBIR/STTR Program Participation | Supplemental Compensation Plan | Facilities Management/Planning | Purchasing | Public Affairs | Facility Identification | Serving Alcoholic Beverages | Travel and Reimbursement | State Vehicles | Reproducing Copyrighted Materials | Bank Card Processing | Student Training Agreement | Volunteer | Cash Handling | Fraud | Assigning Research Lab Space | Space Scheduling and Fundraising | Academic Personnel Records | Cellular Phone | Off-campus Graphic Design and Related Printing | Off-campus Photography | Tax Exempt Financing and Tracking of Both Qualified Use and Non-Qualified Use of Research Space | Secondary Logos | Social Media | Sensitive Equipment Tracking | International Visitors | Accounts Receivable Management | Internal Audit

Policy No.: 8016
Effective Date: 09/08/15
Revised Date: 0/24/18
Reviewed Date: 04/24/18

Internal Audit Policy

Basis for Policy

The University of Nebraska Medical Center (UNMC) shall comply with all applicable federal, state and local laws, regulations and University of Nebraska and UNMC Policies and Procedures. The University of Nebraska Internal Audit Charter is approved by the Board of Regents and gives authority to the Chief Audit Executive and personnel of the internal audit activity to assess, evaluate and improve the University’s effectiveness of risk management, control, and governance processes by providing independent, objective assurance and consulting services.

Mission/Scope of Work

The mission of the internal audit activity is to provide independent, objective assurance and consulting services designed to add value and improve the University’s operations. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The scope of work of the internal audit activity is to determine whether the University’s network of risk management, control and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:

  • Risks are appropriately identified and managed.
  • Interaction with the various governance groups occurs as needed.
  • Significant financial, managerial and operating information is accurate, reliable, and timely.
  • Employees’ actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
  • Resources are acquired economically, used efficiently and adequately protected.
  • Programs, plans, and objectives are achieved.
  • Quality and continuous improvement are fostered in the University’s control process.
  • Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.

Opportunities for improving management control, profitability, and the University’s image may be identified during audits. They will be communicated to the appropriate level of management.


The Assistant Vice President and Director of Internal Audit and Advisory Services (Director), in the discharge of his/her duties, shall be accountable to management, the President and the audit committee to:

  • Provide annually an assessment on the adequacy and effectiveness of the University’s processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.
  • Report significant issues related to the processes for controlling the activities of the University and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.
  • Periodically provide information on the status and results of the annual audit plan and the sufficiency of activity resources.
  • Coordinate with other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, external audit) to conduct risk assessments and develop or recommend monitoring activities to evaluate the adequacy and effectiveness of internal controls.


To provide for the independence of the internal auditing activity, all internal audit personnel report to the Director, who reports functionally to the audit committee and administratively to the President in a manner outlined in the above section on Accountability. The Director will include as part of the annual report to the audit committee a section on internal audit personnel.

The campus directors will be the primary point of contact for their campus chancellor.


The director has the responsibility to:

  • Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the audit committee for review and approval as well as periodic updates.
  • Implement the annual audit plan, as approved, including as appropriate, any special tasks or projects requested by management and the audit committee.
  • Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
  • Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
  • Issue reports to the audit committee and management summarizing results of audit activities.
  • Keep the audit committee informed of emerging trends and successful practices in internal auditing.
  • Provide a list of significant measurement goals and results to the audit committee.
  • Assist in the investigation of significant suspected fraudulent activities within the University and notify management and the audit committee of the results.
  • Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.

Each campus director has a responsibility to:

  • Meet with their chancellor on a quarterly basis.
  • Keep the chief audit executive informed of emerging trends and significant issues, as it relates to their campus.
  • Be the point of contact for their campus chancellor, including incidents of fraud, assisting the chancellor in performing the campus risk assessment, if requested to, and management requests for audits or consulting work, as authorized by the director.


The chief audit executive and personnel of the internal audit activity are authorized to:

  • Have unrestricted access to all functions, records, property and personnel (the University Technology Development Corporation and its entities and NSRI Classified Task Orders and related activity are not in the scope/audit universe).
  • Have full and free access to the audit committee.
  • Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
  • Obtain the necessary assistance of personnel in units of the University where they perform audits, as well as other specialized services from within or outside the University.

Members of the internal audit activity are not authorized to:

  • Perform any operational duties for the University or its affiliates.
  • Initiate or approve accounting transactions external to the internal auditing activity.
  • Direct the activities of any University employee not employed by the internal auditing activity, except to the extent such employees have been appropriately assigned to auditing teams or otherwise assist the internal auditors.

Standards of Audit Practice

The internal audit activity will meet or exceed the International Standards for the Professional Practice of Internal Auditing, mandatory guidance including the Definition of Internal Auditing and Code of Ethics of The Institute of Internal Auditors.

Management's Responsibilities

Management is responsible for ensuring that systems of internal control are in place, good business practices are implemented and followed in all areas, compliance is maintained, fraud risks are identified and mitigated, and effective governance is established. This provides assurance that financial information and other management information are reliable, that University resources are used efficiently and effectively and that the potential for fraud is minimized.

Management shall provide a written response to report recommendations issued within time frames requested by internal audit. Management is responsible to address issues identified by implementing recommendations or agreed-upon corrective action plans.

Access to the Audit Committee

All internal audit personnel will have access to the Audit Committee by requesting they be added to the next Audit Committee agenda.

Additional Information

Prior to July 1, 2017, reporting and accountability of UNMC's Internal Audit Department was to the Chancellor of the University of Nebraska Medical Center.

This page maintained by dkp.