(Statement of Purpose, Authority, and Responsibility)

Purpose and Scope

Audit and Compliance at the University of Tennessee includes three functions: Internal Audit, Institutional Compliance, and Title IX coordination. Internal Audit helps the university achieve its mission by providing objective and independent assurance to add value, reduce risk, and improve operations as a service to management and the University of Tennessee Board of Trustees. Internal auditors assist management in effectively carrying out their duties and responsibilities by reviewing and advising management on financial and operational internal controls, information technology controls, and compliance with university policies, procedures, and applicable laws and regulations. Additionally, Audit and Compliance administers the UT Compliance Hotline and Internal Audit, in conjunction with Institutional Compliance, perform independent investigations of fraud, waste, and abuse allegations. Internal Audit and investigation work is discussed and coordinated with the State of Tennessee Comptroller’s Office.

Institutional Compliance provides independent oversight of the University of Tennessee’s compliance programs to assure that the University is compliant with federal, state, and local laws and regulations as well as University policies. The office was established in 2008 to continue the University’s commitment to meeting the highest standards of ethics, integrity, and responsibility.

The University of Tennessee systemwide Title IX Office, established in 2017, collaborates with UT campus Title IX officials in developing and evaluating policy, measuring program effectiveness, and identifying optimal training, prevention, and awareness-building efforts and resources for their implementation. The office is also responsible for tracking best practices and legal developments and for annual reporting on the frequency and nature of incidents and complaints.

Internal Audit Standards

In accordance with Tennessee Code Annotated section 4-3-304 (9), internal audit adheres to mandatory guidance prescribed by The Institute of Internal Auditors (IIA), including the Definition of Internal Auditing, the Code of Ethics, the Core Principles for the Professional Practice of Internal Auditing, and the International Standards for the Professional Practice of Internal Auditing (Standards). This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the internal audit activity’s performance.

The IIA defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. This function helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Authority and Responsibility

Internal auditors are authorized full and complete access to all university records (either manual or electronic), physical properties, and personnel relevant to a review. Correspondingly, internal auditors must handle documents and information obtained during an engagement in the same prudent manner as by those employees normally responsible for them.

Internal auditing provides assurance, consulting, and management advisory services. Assurance services include reviewing the adequacy or effectiveness of governance, risk management, and controls. Consulting services include reviewing for efficiency or effectiveness to assist management with improvements to operations or advising management on a variety of topics, such as implementation of procedures to comply with policies or best business practices. The internal audit activity also provides management advisory services, e.g., providing training, participating in committees, and coordinating projects.

In fulfilling their responsibilities, internal auditors:

  • Develop and implement risk-based internal audit plans and programs;
  • Make recommendations regarding policies and procedures where appropriate;
  • Provide internal audit reports that identify observations for improvements in internal controls, policies, and/or procedures and also make recommendations to mitigate identified risks;
  • Follow up with management to facilitate the resolution of audit observations with administrators who have direct involvement and accountability;
  • Maintain a quality and assurance improvement program, consistent with the Standards promulgated by The Institute of Internal Auditors to ensure the effectiveness and quality of the internal audit effort; and
  • Investigate allegations involving fraud, waste, or abuse of University assets or resources.

In their staff functions, internal auditors have no direct responsibility or authority over any of the operating activities examined, and their review shall not relieve others of their responsibilities. Furthermore, the independence of the internal auditors should not be compromised by their implementing procedures, preparing records, or engaging in activities that internal auditors would normally review.

When requested, internal auditors may attend senior-level staff meetings and serve on various university committees. Their role at such meetings should be limited to rendering advice and staying abreast of strategic, governance, and risk issues.

Reporting Structure

The Chief Audit and Compliance Officer oversees the internal audit function and reports directly to the Chair of the Audit and Compliance Committee of the University of Tennessee Board of Trustees with administrative responsibilities to the UT System chief financial officer. All internal auditors, including auditors located at campuses or institutes, are members of the UT System Audit and Compliance.

Reporting

At the conclusion of each audit, Audit and Compliance issues timely reports to audited parties, senior management, the State of Tennessee Division of Internal Audit, and the Audit and Compliance Committee of the University of Tennessee Board of Trustees.

Approval

Initially approved by the Audit Committee on March 3, 2004.
Current revision approved by the Audit and Compliance Committee on February 25, 2021.