Mission - The mission of Internal Audit is to assist the Board of Regents and University management in the discharge of their oversight, management and operating responsibilities.  This is achieved by providing independent assurance, consulting and education services to the University community.  Our services add value by improving the control, risk management and governance processes to help the University achieve its business objectives.

Authority – Internal Audit functions under the authority of the Finance and Asset Management Committee of the Board of Regents of the University of Washington.

Internal Audit is authorized to have full, free, and unrestricted access to information including records, computer files, property, and personnel of the University.  Internal Audit is free to review and evaluate all policies, procedures and practices of any University activity, program or function.

In performing the audit function, Internal Audit has no direct responsibility for, or authority over any of the activities reviewed.  Therefore, the internal audit review and appraisal process does not in any way relieve other persons in the organization of the responsibilities assigned to them.

Scope - The scope of the internal audit activity encompasses:.

  1. Assurance Services.  Assurance services are objective examinations of evidence for the purpose of providing an independent assessment.  This includes assessing and reporting on the adequacy and effectiveness of the internal controls and the quality of performance in carrying out assigned responsibilities.  The scope includes reviewing and evaluating:
  • Internal controls established to ensure compliance with applicable policies, plans, procedures, laws, regulations, and contracts;
  • The means with which assets are safeguarded;
  • The reliability and integrity of financial and operating information;
  • The economy, efficiency, and effectiveness with which resources are deployed; and
  • IT systems to determine if they are appropriately managed, controlled, and protected.
  1. Management Advisory Services.  Advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility.  Examples include counsel, advice, facilitation, and training. 
  1. Investigative Engagements.  Investigations evaluate allegations of unethical business practices and/or financial and operational misconduct to determine if allegations are substantiated and to prevent future occurrences.

Independence - To permit the rendering of impartial and unbiased judgment essential to the proper conduct of audits, internal auditors will be independent of the activities they audit.  This independence is achieved through organizational status and objectivity.

Organizational Status: The Executive Director of Internal Audit reports to the Finance and Asset Management Committee of the Board of Regents via the Audit Advisory Committee and reports administratively to the President, whose scope of responsibility and authority assures that audit findings and recommendations will be afforded adequate consideration and the effectiveness of action will be reviewed at an appropriate level.  The Executive Director of Internal Audit has direct access to both the President and the Board of Regents, and may take matters to them that are believed to be of sufficient magnitude and importance to require their immediate attention.

Objectivity:  Because objectivity is essential to the audit function, an internal auditor does not develop and install procedures, prepare records, or engage in any other activity which the auditor would normally review and appraise and which could reasonably be construed to compromise the auditor’s independence.  The auditor’s objectivity is not adversely affected, however, by determining or recommending standards of control to be adopted in the development of systems and procedures under review.

Responsibility - The internal audit staff has a responsibility to report to University management on the areas examined and to evaluate management’s plans or actions to correct reported findings.  In addition, the Executive Director of Internal Audit has a responsibility to report at least annually to the Board of Regents Finance and Asset Management Committee and quarterly to the Audit Advisory Committee to inform them of any significant findings and those that have not been reasonably addressed by University management.

The Executive Director of Internal Audit will coordinate internal and independent outside audit activities to ensure adequate coverage and minimize duplication of effort.

Standards – The responsibility of Internal Audit is to serve the University in a manner that is consistent with the standards established by the Institute of Internal Auditors (IIA) and required by the Regulatory Code of Washington 43.88.160(4)(a) and the Office of Financial Management State Administrative & Accounting Manual Chapter 22.  Internal Audit shall comply with the IIA mandatory elements of the International Professional Practices Framework, including the Core principles for the Professional Practice of Internal Auditing, the Definition of Internal Auditing, the Code of Ethics and the International Standards for the Professional Practice of Internal Auditing

Approved by Board of Regents - December 12, 2019