Responsibilities

The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the Department's governance, risk management, and internal control structure and the quality of performance in carrying out assigned responsibilities to achieve the Department's stated goals and objectives. This includes:

• Assessing risk exposure related to the achievement of the Department's strategic objectives.
• Evaluating the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
• Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the organization.
• Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
• Monitoring and evaluating the effectiveness of the Department's risk management processes.
• Reviewing and appraising the economy and efficiency with which resources are utilized.
• Evaluating operations or programs to determine whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
• Reporting significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the Audit Committee.
• Evaluating specific operations at the request of the Secretary, as appropriate.

Audit Planning

Annually, the Chief Audit Executive will submit to the Chief Deputy Secretary and the Audit Committee a report on internal audit activity during the preceding year, and a summary of the audit plan for the corning year. The internal audit plan will be developed based on prioritization of the Department's audit universe using a risk-based methodology, as determined by the Chief Audit Executive with input from the Secretary, Chief Deputy Secretary, Audit Committee and other senior management as appropriate. Any significant deviation from the formally approved audit schedule shall be communicated to the Chief Deputy Secretary and Audit Committee through periodic activity reports.

Reporting

A written report shall be prepared and issued by the Chief Audit Executive, or a designee, following the conclusion of each audit and shall be distributed as appropriate. A copy of each audit report, or a summarization, shall be forwarded to the Secretary and Chief Deputy Secretary and other managers as deemed appropriate. The Chief Audit Executive may include in the audit report the auditee's response and corrective action taken or to be taken regarding the specific findings and recommendations. Internal audit shall be responsible for follow-up on audit findings and recommendations in accordance with the OIA Policies & Procedures Manual.

Quality Assurance and Improvement Program

The internal audit activity will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of the internal audit activity's conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.