In June 1999, the Institute of Internal Auditors’, (IIA)’s Board of Directors approved a new definition of auditing as ‘An independent objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes .Kisii University supports Internal Audit as an independent appraisal function to examine and evaluate activities at the University as a service to management and the council. The mission of internal audit is to support the departments in the effective discharge of their responsibilities. To this end, internal audit will furnish them with analyses, recommendations, and information concerning the activities examined.
Scope and Mode of Operations
Internal Audit Department’s work will encompass all systems, processes, operational and management controls and shall not be restricted to the audit of systems and controls necessary to form an opinion on financial statements. All systems will be included in the audit risk assessments and hence considered for review subsequently .In assessing the adequacy and effectiveness of the University’s internal control structure, the Internal Audit Department will:
a. ensure that risk management processes are effective and significant risks are appropriately identified and managed.
b. review financial and operating information and the means used to identify, measure, classify and report such information to validate the reliability and integrity of the process.
c. review policies, plans, procedures, rules and regulations that could have a significant impact on operations to determine whether the University is in overall compliance.
d. review the means to safeguard assets as well as the adequacy and effectiveness of applicable policies and practices.
e. appraise the economy and efficiency with which resources are acquired and employed respectively.
f. review operations and programs to ascertain whether the results are consistent with established objectives.
g. evaluate the potential occurrence of fraud and ensure that fraud risk is managed.
h. ensure that ethics and values are promoted within the organization.
i. ensure that employee’s actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
j. ensure that information technology governance supports Kisii University strategies, objectives, and the organization’s privacy framework.
k. ensure that information technology security practices adequately protect information assets and are in compliance with applicable policies, rules, and regulations.Opportunities for improving management control, quality and effectiveness of services, and the organization’s image identified during audits are communicated to the appropriate levels of management.
AUTHORITY, INDEPENDENCE AND REPORTING LINES
The Internal Audit Department functions under the policies established by the Audit, Governance and Risk Management Committee of Kisii University and the University Council under delegated authority.
Internal Audit is authorized to have full, free and unrestricted access to information including records, computer files, property, and personnel of the University in accordance with the authority granted by approval of the Internal Audit Charter and applicable Government Statutes, except where limited by law.
In performing the Audit function, Internal Audit has no direct responsibility for, nor authority over any of the activities reviewed. The Internal Audit review and approval process does not in any way relieve other persons in the organization of the responsibilities assigned to them.
To permit the rendering of impartial and unbiased judgment essential to the proper conduct of audits, Internal Audit will be independent of the activities it audits. Internal Audit will not have direct responsibility for, or authority over, any of the activities reviewed, and will not engage in activities, which would normally be reviewed by Internal Auditors. This will not preclude Internal Auditor’s proactive involvement with management in planning processes, committees or special assignments that have been approved by the Audit, Governance and Risk Management Committee .The Internal Audit’s review and appraisal does not in any way relieve other persons in the organization of the responsibilities assigned to them. The Responsibility for complying with policies as well as correcting deficiencies rests with the respective administrators and management.
c) Reporting lines
The Chief Internal Auditor reports to the Vice Chancellor administratively and to the Audit, Governance and Risk Management Committee (AGRM) functionally. The functional reporting line should go directly to the Audit, Governance and Risk Management Committee to ensure the appropriate level of independence and communication. Consequently, the Chief Internal Auditor will report to the Vice Chancellor on issues concerning budgeting and management accounting, human resource administration, and administration of the organization’s internal policies and procedures. The AGRM committee will approve the Internal Audit Charter and Annual Audit Work Plan. This organizational structure is designed to allow the Internal Audit Department to be independent and to effectively accomplish its purpose. The Chief Internal Auditor (CIA) has direct line reporting to both to the Audit, Governance and Risk Management Committee and the University Council. For administrative logistics, the Chief Internal Auditor has a dotted reporting line to the Vice Chancellor.
To be recognized for its exemplary professionalism in the discharge of its duties.
To provide independent, objective assurance and consulting services designed to add value and improve the University’s system of operations, control and governance processes to assist management in ethically, effectively and efficiently fulfilling its responsibilities
The Internal Audit Charter sets out the purpose, authority and responsibility of the Internal Audit Department so that it can provide an efficient and effective service .The main objective of the Internal Audit Department is to ensure that proper books of accounts are maintained and the financial statements reflect the true and fair view of the financial position of Kisii University .The specific objective of the Internal Audit department is to:
The Internal Audit Department will:
a) conduct its work in accordance with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics promulgated by the Institute of Internal Auditors, the International Standards on Auditing as well as other professional auditing standards that may be applicable.
b) annually develop and execute a work plan that is reviewed and approved by the Audit, Governance and Risk Management Committee.
c) provide the Audit, Governance and Risk Management Committee with a preliminary written report of the results and recommendations of each audit, analysis, review or investigation carried out. The reports will contain the department’s and management’s response to recommendations and will be distributed to the members of the Audit, Governance and Risk Management Committee two weeks before its meeting. The report must include any significant issues up to the date of preparation of the report.
d) follow up on management’s response to Internal Audit’s recommendations to determine if agreed upon internal control improvements have been implemented.
e) coordinate and follow up on all audit reports with independent or external auditors as well as any examinations performed by regulatory agencies
f) investigate known or suspected acts of fraud involving University funds, property and employees in coordination with the appropriate University officers.
g) conduct special audits or studies as directed by the Vice Chancellor.
h) observe the Code of Ethics as presented in Part 4 of the audit manua