Introduction

Internal Audit is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of Ramapo College of New Jersey.  Internal Audit assists College management and the Audit Committee of the Board of Trustees, in accomplishing their objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the College’s risk management, control, and governance processes.

Role

The Internal Audit activity is established by the Audit Committee of the Board of Trustees.  The internal audit activity’s responsibilities are authorized by the Committee as part of its oversight role.

 Professionalism

The Internal Audit activity guides its practices in accordance with The Institute of Internal Auditors’ Framework that includes the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (Standards).  This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the internal audit activity’s performance.

The Institute of Internal Auditors’ Practice Advisories, Practice Guides, and Position Papers will also be considered as applicable to guide internal audit’s activities.  In addition, the internal audit activity will adhere to Ramapo College’s relevant policies and procedures and the internal audit activity’s standard operating procedures manual.

Authority

The Internal Audit Department, with strict accountability for confidentiality and safeguarding records and information, is authorized full, free, and unrestricted access to any and all of Ramapo College’s records, physical properties, systems, and personnel necessary to carry out its engagements. All employees are requested to assist Internal Audit in fulfilling its role and responsibilities. The Internal Auditor will also have free and unrestricted access to the Audit Committee of the Board of Trustees.

Organizational

The Director of Internal Auditor will report functionally to the Audit Committee of the Board of Trustees and the President of Ramapo College.

With respect to the Internal Audit function, the Audit Committee will:

• determine that the College has the appropriate structure to carry out its internal audit responsibilities effectively;
• evaluate the effectiveness, independence and qualifications of internal audit personnel;
• review and approve the annual internal audit plan as recommended by management or internal audit personnel based upon a comprehensive audit assessment;
• receive and act upon the reports presented by internal audit personnel; and
• concur in the appointment, replacement or dismissal of internal audit personnel.

The Director of Internal Audit will communicate and interact directly with the Audit Committee, including in executive sessions and between Committee meetings as appropriate.

Independence and Objectivity

The Internal Audit activity will remain free from interference by any element in the College, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.

Internal Audit will have no direct operational responsibility or authority over any of the activities audited.  Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair internal auditor’s judgment.

Internal Audit must exhibit the highest level of professional objectivity in gathering, valuating, and communicating information about the activity or process being examined.  Internal auditors must make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.

The Director of Internal Audit will confirm to the Committee, at least annually, the organizational independence of the internal audit activity.

Responsibility

The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the College’s governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the College’s stated goals and objectives. The Director of Internal Audit will communicate to management, the President and the Committee, Internal Audit’s observations and recommendations regarding the processes reviewed. In carrying out this responsibility, the internal audit scope of activities may include:

• Evaluating risk exposure relating to achievement of the College’s strategic objectives.
• Evaluating the reliability and integrity of information and the means used to identify, ensure, classify, and report such information.
• Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the College.
• Evaluating the means of safeguarding assets and, as appropriate, verifying their existence.
• Evaluating operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
• Monitoring and evaluating governance processes.
• Monitoring and evaluating the effectiveness of the College’s risk management processes.
• Evaluate the effectiveness and efficiency of operations and resources.
• Reporting periodically on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan.
• Reporting significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the Committee.
• Evaluating specific operations at the request of the Committee or management, as appropriate.

Internal Audit Plan

At least annually, the Director of Internal Audit will submit to the President and the Committee an internal audit plan. The Committee will review, discuss and approve the plan. The internal audit plan will consist of a work schedule as well as budget and resource requirements for the next fiscal/calendar year. The Internal Auditor will communicate the impact of resource limitations and significant interim changes to senior management and the Committee.

The Internal Audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input of senior management, the President and the Committee. The Director of Internal Audit will review and adjust the plan, as necessary, in response to changes in the College’s business, risks, operations, programs, systems, and controls. Any significant deviation from the approved internal audit plan will be communicated to the President and the Committee through periodic activity reports.

Reporting and Monitoring

A written report will be prepared and issued timely by the Director of Internal following the conclusion of each internal audit engagement and will be distributed to the Audit Committee, the President and Vice Presidents.

The Internal Audit report will include management’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management’s response will include a timetable for anticipated completion of action to be taken and responsible party to implement control recommendation.

The internal audit activity will be responsible for appropriate follow-up on engagement findings and recommendations. All significant findings will remain in an open issues file until cleared. The status of open audit issues will be reported quarterly to the Audit Committee.

Internal Audit will periodically report to the President and the Committee on the internal audit activity’s purpose, authority, and responsibility, as well as performance relative to its plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the President and the Audit Committee.

For additional Information:

• Internal Audit Policies and Procedures
• Audit Committee Charter