Internal Auditing

About Internal Auditing

Mission Statement

Internal Auditing's mission is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

Internal Auditing Information

Internal Auditing Charter

PURPOSE
This Internal Audit Charter defines the function, authority and responsibility of the Internal Audit Department (the Department)

MISSION
Internal Auditing’s mission is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

FUNCTION
Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve the Houston Community College System’s (HCCS)operations. The Department helps HCCS accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

All the Department’s endeavors are to be conducted in compliance with objectives and policies of HCCS; as well as, the Mission of Internal Audit and the mandatory elements of the International Professional Practices Framework (IPPF) promulgated by the Institute of Internal Auditors, Inc. as follows:

  • Core Principles for the Professional Practice of Internal Auditing
  • Code of Ethics
  • Definition of Internal Auditing
  • International Standards for the Professional Practice of Internal Auditing

Periodic internal and external quality assessments and ongoing internal monitoring willbe part of a quality assurance and improvement program designed to help the internal auditing activity add value.

INDEPENDENCE AND OBJECTIVITY
To provide for the independence of the Department, its personnel report to the Chief Audit Executive (“CAE”), who reports to both the Chancellor and the Audit Committee of the Board of Trustees. The reporting relationships of the CAE enhance departmental independence, promote comprehensive audit coverage and encourage adequate consideration of audit reports and recommendations. To maintain objectivity, the CAE and the audit staff shall have no direct authority over the activities they review. In particular, Internal Audit may not develop policies and procedures for a function they might audit or direct the actions of the personnel in the performance of that function.

Internal Audit may be asked to participate in management committees or project teams,to analyze controls built into processes, development systems, or analyze security products. Because Internal Audit is not a management decision-making function, decisions to develop, adopt and implement policies or procedures as a result of an internal audit advisory service must be made by management. The performance of these audits or reviews does not relieve management of any assigned responsibilities.The internal audit activity must be independent, and internal auditors must be objective in performing their work.

AUTHORITY
Personnel of the Department, in the performance of an assigned project, are authorized to have full, free, and unrestricted access to all functions, activities, properties, manual and automated information systems, personnel, and non-privileged records in the scope of that project.

nternal Audit may require written responses to audit observations describing corrective action that will be taken to adequately resolve the deficiencies, the responsible parties, and the expected completion dates. Deficient corrective action plans will be reported to the Board of Trustees for resolution.

RESPONSIBILITIES
In accordance with Board Policy, Internal Audit is responsible for assessing the various functions and control systems within HCCS and for advising management concerning their condition. The fulfillment of this accountability includes:

  • Developing a flexible risk based annual internal audit plan with input from Senior Management and the Board of Trustees as required by IIA Standard 2010. A1and submit the audit plan to the Audit Committee for review and the Board for approval.
  • Reviewing and adjusting the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls with Audit Committee review and Board approval.
  • Meeting regularly with the Board Audit Committee to provide updates by reviewing audits performed, audits in progress, future audits, and sufficiency of the Department resources.
  • Conducting independent and constructive audits to review effectiveness of controls, financial records, operations, or to review departmental records, the proper recording of transactions, and compliance with applicable rules, regulations, policies, and procedures, including evaluation for potential fraud and effectiveness of fraud controls.
  • Analyzing data obtained for evidence of deficiencies in controls, integrity, duplication of effort, or lack of compliance with College policies and procedures.
  • Conducting audits which examine the effectiveness of the governance, riskmanagement, and internal control processes in promoting the achievement of strategic objectives concerning all reporting, operations, safeguarding of assets, and compliance.
  • Investigating allegations of fraud, waste, abuse and other wrongdoing as appropriate and in accordance with Board Policy, and coordinating such investigations as needed with Legal Counsel or the HCCS Police.
  • Evaluating the design, implementation, and effectiveness of HCCS ethics-related objectives, programs, and activities.
  • Assessing whether information technology governance effectively supports HCCS strategies and objectives.
  • Offering Advisory services; Internal Control or Fraud training; Control Self-Assessment (CSA) services, and other audit technique workshops as warranted.
  • Coordinating audit efforts with those of external financial auditors and acting as a liaison for other external auditors.
  • Coordinating efforts with other control monitoring functions within HCCS (risk management, compliance, security, legal, ethics, safety and environment).
  • Maintaining a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter and ensure that personnel in the Department have appropriate continuing education to foster advancement of technical knowledge and skills.

Approved by the Board of Trustees, August 17, 2017

Code of Ethics

The Code of Ethics states the principles and expectations governing the behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct, and behavioral expectations rather than specific activities.

Introduction to the Code of Ethics

The purpose of The Institute's Code of Ethics is to promote an ethical culture in the profession of internal auditing.

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about governance, risk management, and control.

The Institute's Code of Ethics extends beyond the Definition of Internal Auditing to include two essential components:

  1. Principles that are relevant to the profession and practice of internal auditing.
  2. Rules of Conduct that describe behavior norms expected of internal auditors. These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors.

"Internal auditors" refers to Institute members, recipients of or candidates for IIA professional certifications, and those who perform internal audit services within the Definition of Internal Auditing.

Applicability and Enforcement of the Code of Ethics

This Code of Ethics applies to both entities and individuals that perform internal audit services.

For IIA members and recipients of or candidates for IIA professional certifications, breaches of the Code of Ethics will be evaluated and administered according to The Institute's Bylaws and Administrative Directives. The fact that a particular conduct is not mentioned in the Rules of Conduct does not prevent it from being unacceptable or discreditable, and therefore, the member, certification holder, or candidate can be liable for disciplinary action.

Code of Ethics — Principles

Internal auditors are expected to apply and uphold the following principles:

  1. Integrity
    The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.
  2. Objectivity
    Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.
  3. Confidentiality
    Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
  4. Competency
    Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.

Rules of Conduct

1. Integrity

Internal auditors:

1.1.Shall perform their work with honesty, diligence, and responsibility.

1.2.Shall observe the law and make disclosures expected by the law and the profession.

1.3.Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.

1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.

2. Objectivity

Internal auditors: 

2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization. 

2.2. Shall not accept anything that may impair or be presumed to impair their professional judgment.

2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

3. Confidentiality

Internal auditors:

3.1. Shall be prudent in the use and protection of information acquired in the course of their duties.

3.2. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

4. Competency

Internal auditors:

4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience.

4.2. Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing (Standards).

4.3. Shall continually improve their proficiency and the effectiveness and quality of their services.

https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Code-of-Ethics.aspx

Internal Audit Standards

The Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors, Inc., generally accepted governmental auditing standards and the certified Internal Auditor Code of Professional Ethics shall serve as guidelines for Houston Community College System internal audit activities as required by the Texas Internal Auditing Act.

* Standards for the Professional Practice of Internal Auditing - issued by the Institute of Internal Auditors.

* Generally Accepted Governmental Auditing Standards - issued by the US General Accounting Office, Comptroller General.

* The Certified Internal Auditor Code of Professional Ethics - issued by the Institute of Internal Auditors.

Responsibilities

In accordance with Board Policy, Internal Audit is responsible for assessing the various functions and control systems within HCCS and for advising management concerning their condition. The fulfillment of this accountability includes:

  • Developing a flexible risk based annual internal audit plan with input from Senior Management and the Board of Trustees as required by IIA Standard 2012. A1 and submit the audit plan to the Audit Committee for review and the Board for approval.
  • Reviewing and adjusting the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls with Audit Committee review and the Board for approval. 
  • Meeting regularly with the Board Audit Committee to provide updates by reviewing audits performed, audits in progress, future audits, and sufficiency of the Department resources.
  • Conducting independent and constructive audits to review effectiveness of controls, financial records, operations, or to review departmental records, the proper recording of transactions, and compliance with applicable rules, regulations, policies, and procedures.
  • Analyzing data obtained for evidence of deficiencies in controls, integrity, duplication of effort, or lack of compliance with College policies and procedures.
  • Conducting audits which examine the effectiveness of the governance, risk management, and internal control processes in promoting the achievement of strategic objectives concerning all reporting, operations, safeguarding of assets, and compliance.
  • Investigating allegations of fraud, waste, abuse and other wrongdoing as appropriate and in accordance with Board Policy, and coordinating such investigations as needed with Legal Counsel or the HCCS Police.
  • Offering Advisory services; Internal Control or Fraud training; Control Self-Assessment (CSA) services, and other audit technique workshops as warranted.
  • Coordinating audit efforts with those of external financial auditors and acting as a liaison for other external auditors.
  • Coordinate efforts with other control monitoring functions within HCCS (risk management, compliance, security, legal, ethics, safety and environment).
  • Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter and ensure that personnel in the Department have appropriate continuing education to foster advancement of technical knowledge and skills.

Approved by the Board of Trustees, October 20, 2016. 

Contact Us

Internal Auditing

Suite 11E13 P.O. BOX 667517, MC 1122 3100 Main Street, Houston, TX 77002

Resources