The Institute has established the Internal Audit Department (the Department) to provide the Trustees and senior management with independent assessments as to the adequacy and effectiveness of the Institute's system of internal financial and administrative controls, and to identify means of improving the efficiency and economy of Institute operations, both at headquarters and in the field.
The primary professional responsibility of the internal auditors is to the Trustees through the Audit & Compensation Committee. To fulfill its obligations to the Trustees, the Department will conduct a comprehensive program of audits, concentrating on those activities that are judged to present the greatest potential for financial, reputational, or operational risk.
Authorization and Organization
The Director of Internal Audit is authorized by the Trustees to conduct a comprehensive program of internal auditing. To accomplish its objectives, the Department shall have direct, unrestricted access to all Institute books, records, property and personnel relevant to the subject of its reviews.
The Director of Internal Audit is responsible to the Trustees through the Audit & Compensation Committee, to the President, and to the Vice President and Chief Financial Officer.
The Internal Audit Department has no direct responsibility for, or authority over, any of the activities, functions, or tasks it reviews.
Reporting to Trustees
The Director shall meet in person with the Audit & Compensation Committee as requested by the Committee Chairman, but no less than twice per year. The Director shall present semi-annual written reports on the results of the Department's activities to the Audit & Compensation Committee. Additional reports may be requested by the Audit & Compensation Committee.
Relationship with External Auditor
The internal and external auditors are expected to maintain a close, cooperative working relationship. Their objectives, however, are different. The Director of Internal Audit will work with the external auditors to ensure that their activities are not unnecessarily duplicative and are structured to provide maximum value to the Institute. The Director will meet regularly with the external auditor to discuss the Department's overall risk assessment model and any specific areas of concern with respect to financial and administrative controls.
Audit Standards and Ethics
Audit work conducted by the Internal Audit Department shall be guided by the professional standards established by the Institute of Internal Auditors, the American Institute of CPAs, and the Information Systems Audit and Control Association. All documents and information provided to internal auditors during their work will be handled in the same prudent manner and in accordance with the same level of confidentiality that the Institute expects of the employees normally accountable for such documents and information.