Policies & Procedures

This charter identifies the purpose, authority, and response of the Office of Internal Audit.

I. Purpose and Mission

The purpose of Longwood University’s Office of Internal Audit is to provide independent, objective assurance and consulting services designed to add value and improve the University’s operations. Internal Audit assists the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The missing of Internal Audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight.

II. Authority and Reporting Structure

The Office of Internal Audit Office reports functionally to the Board of Visitors and administratively to the President. The Director of Internal Audit will have free and fuss access to the Board of Visitors Audit Committee. These reporting relationships ensure departmental independence, promote comprehensive audit coverage, and assure adequate consideration of audit recommendations. With strict accountability for confidentiality and safeguarding records and information, Internal Audit has complete and direct access to all University records, physical properties, and personnel relevant to the subject of review.

III. Independence and Objectivity

All internal audit activities shall remain free of influence from any element in the organization, including audit selection, scope, procedures, frequency, timing and report content. The Director of Internal Audit and the audit staff shall have no direct operational responsibility or authority over any of the activities reviewed. Accordingly, Internal Audit shall not develop or install systems or procedures, prepare records, or engage in any other activity which would be audited. The Director of Internal Audit shall not direct the activities of any University employee not employed by the internal audit function except to the extent that such employee has been appropriately assigned to audit teams or to otherwise assist the internal auditors.

The Director of Internal Audit and the audit staff will sign an annual conflict of interest and confidentiality statement to disclose any situation that may impair their objectivity. Any impairment of independence or objectivity, in fact or appearance, shall be disclosed to appropriate parties. The Director of Internal Audit and the audit staff will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Auditors will make balanced assessments or all available and relevant facts and circumstances and not be unduly influenced by their own interests or by others in forming judgements. The Director of Internal Audit will confirm to the Board of Visitors Audit Committee, at least annually, the organizational independence of the internal audit activity.

IV. Scope of Internal Audit Activities

The scope of internal audit activities encompasses objective examinations of evidence for the purpose of providing independent assessments to the Board of Visitors Audit Committee, management, and outside parties on the adequacy and effectiveness of governance, risk management, and control processes. The Office of Internal Audit’s assessments include evaluating whether:

• Risks relating to the achievement of the University’s strategic objectives are appropriately identified and managed.
• Operations or programs tied to goals and objectives are being carried out effectively and efficiently.
• Established processes and systems enable compliance with the policies, procedures, laws, and regulations that could significantly impact the University.
• Information and the means used to identify, measure, analyze, classify, and report such information are reliable and have integrity.
• Resources and assets are acquired economically, used efficiently, and protected adequately.
• Employees’ actions are in compliance with policies, standards, procedures, and applicable laws and regulations.

V. Responsibilities

• The Director of Internal Audit and the audit staff have the responsibility to: Ensure the principles of integrity, objectivity, confidentiality, and competency are applied and upheld.
• Develop, submit for the Board of Visitors Audit Committee approve, and implement a flexible risk-based audit plan. Candidate projects come from a risk assessment process, recommendations by senior administration, regular coverage of large functional operations, special requests, and based upon auditor’s judgement.
• Provide periodic reports to the Board of Visitors Audit Committee and senior management on the status of the audit plan, including significant changes to the plan.
• Undertake internal audits and reviews in a thorough and adequate manner, including the establishment of objectives and scope, the assignment of appropriate and adequately supervised resources, the documentation of work programs and testing results, and the communication of engagement results with applicable conclusions and recommendations to appropriate parties.
• Examine existing systems and activities to evaluate efficient and effective use of resources, accomplishment of goals and objectives, reliability of information, accuracy of records, compliance with policies and procedures and integrity of controls.
• Asses the adequacy of management’s corrective actions to audit issues through follow-up reviews.
• As appropriate, coordinate audit activities with external auditors and other constituencies to maximize audit coverage and minimize duplication of efforts.
• Undertake special projects as requested by the Board of Visitors Audit Committee or management.
• Provide consulting services which are advisory in nature and are generally performed at the specific request of an engagement client. These services may involve formal or informal advice, analysis or assessment which will be provided at the discretion of the Director of Internal Audit.
• Maintain a professional audit staff that collectively possesses or obtains the knowledge, skills, expertise, and other competencies needed to meet the requirements of the Internal Audit Charter.
• Report and assist external agencies in the investigation of suspected fraudulent activities within the University and notify management and the Board of Visitors Audit Committee of the results.
• Follow applicable directors of the Office of the State Inspector General.

VI. Audit Standards, Ethics and Core Principles

All audit work meets the International Standards for the Professional Practice of Internal Auditing and Code of Ethics promulgated by the Institute of Internal Auditors, Inc. Generally accepted auditing standards promulgated by the American Institute of Certified Public Accountants and government auditing standards issued by the United States General Accounting Office will be referenced as appropriate.

Internal Audit staff is expected to consistently demonstrate and maintain high standards of conduct, professionalism, independence, and character in order to administer proper and meaningful internal auditing within the University. In addition, Internal Audit’s activities and conduct shall be consistent with the policies of the University.

Internal Audit staff is expected to comply with the Core Principles for the Professional Practice of Internal Auditing as follows:

• Demonstrating integrity;
• Demonstrating competence and due professional care;
• Being objective and free from undue influence (independent);
• Aligning with the strategies, objectives, and risks of the organization;
• Being appropriately positioned and adequately resourced;
• Demonstrating quality and continuous improvement;
• Communicating effectively;
• Providing risk-based assurance;
• Being insightful, proactive, and future-focused; and
• Promoting organizational improvement.

VII: Quality Assurance and Improvement Program

The Office of Internal Audit will require an external quality assurance review by an independent party at least once every five years. Quality assurance is essential to maintaining an internal auditing department’s capability to perform its functions in an efficient and effective manner. In addition, this review is important in achieving and maintaining a high level of credibility with the Board of Visitors, the President, management, and others that rely on the work of the Office of Internal Audit.  

Revised and approved by the Board of Visitors, September 2010.
Revised and approved by the Board of Visitors, December 2013.
Revised and approved by the Board of Visitors, June 2015.
Revised and approved by the Board of Visitors, June 2016.
Revised and approved by the Board of Visitors, December 4, 2020.