EVMS Internal Audit's mission is to provide independent, objective assurance and consulting services designed to add value and improve the organization's operations. It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
The scope of work of the Internal Audit department is to determine whether the organization’s network of risk management, control, governance processes, as designed and represented by management which is adequate and functioning in a manner to ensure:
- Risks are appropriately identified and managed.
- Interaction with the various governance groups occurs as needed.
- Significant financial, managerial, and operating information is accurate, reliable, and timely.
- Employees’ actions are in compliance with policies, standards, procedures, applicable laws and regulations.
- Resources are acquired economically, used efficiently, and adequately protected.
- Programs, plans, and objectives are achieved.
- Quality and continuous improvement are fostered in the organization’s control process.
- Significant legislative or regulatory issues impacting the organization are recognized and addressed appropriately.
Opportunities for improving management control, compliance with applicable laws and regulations, and the organization’s image may be identified during audits. They will be communicated to the appropriate level of management.
The Internal Audit department shall be accountable to management and the Audit and Compliance Committee of the EVMS Board of Visitors to:
- Report significant issues related to the processes for controlling the activities of the organization, including potential improvements to those processes, and provide information concerning such issues through resolution.
- Periodically provide information on the status and results of the annual audit plan and the sufficiency of department resources.
- Coordinate with and provide oversight of other control and monitoring functions (for ex., risk management, compliance, security, legal, ethics, environmental, external audit).
To provide for the independence of the Internal Audit department, its personnel report to the Internal Audit Executive Director, who reports functionally to the Audit and Compliance Committee and administratively to the EVMS Compliance Officer in a manner outlined in the above section on Accountability.
The Internal Audit Executive Director and staff of the Internal Audit department have responsibility to:
- Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan as well as any periodic updates to the Audit and Compliance Committee for review and approval.
- Implement the annual audit plan, as approved, including as appropriate any special tasks or projects requested by management and the Audit and Compliance Committee.
- To the extent possible within budgetary constraints, maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter.
- Issue periodic reports to the Audit and Compliance Committee and management summarizing results of audit activities.
- Keep the Audit and Compliance Committee informed of emerging trends and successful practices in internal auditing.
- Assist in the investigation of significant suspected fraudulent activities within the organization and notify management and the Audit and Compliance Committee of the results.
- Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the organization at a reasonable overall cost.
The Internal Audit Executive Director and staff of the Internal Audit department are authorized to:
- Have unrestricted access to all functions, records, property, and personnel.
- Have full and free access to the Audit and Compliance Committee.
- Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
- Obtain the necessary assistance of personnel in units of the organization where they perform audits, as well as other specialized services from within or outside the organization.
The Internal Audit Executive Director and staff of the Internal Audit department are not authorized to:
- Perform any operational duties for the organization or its affiliates.
- Initiate or approve accounting transactions external to the Internal Auditing department.
- Direct the activities of any organization employee not employed by the Internal Audit department, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.