(Statement of Purpose, Authority, and Responsibility)

Purpose and Scope

Internal auditing at the University of Tennessee is an independent appraisal activity established to examine and evaluate the activities of the university as a service to management and the Board of Trustees. The Office of Audit and Compliance helps the university achieve its mission by providing objective and independent evaluations to reduce risk and improve operations. Internal audit is one of two functions in the office, the other being compliance. Internal auditors assist management in effectively carrying out their duties and responsibilities by examining financial and operational internal control systems, including administrative information systems, to evaluate the extent that:

  • Financial, property, and information assets are safeguarded;
  • Information is accurate and reliable;
  • University policies and external laws and regulations are followed;
  • Resources are employed efficiently and economically; and
  • Operations and programs are being carried out as planned and their results are consistent with university objectives.

Internal Audit Standards

In accordance with Tennessee Code Annotated section 4-3-304 (9), internal audit adheres to mandatory guidance prescribed by The Institute of Internal Auditors, Inc. (IIA), including the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing. This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the internal audit activity’s performance.

The IIA defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. This function helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Authority and Responsibility

Internal auditors shall be authorized full and complete access to all university records (either manual or electronic), physical properties, and personnel relevant to a review. The corresponding responsibility of internal auditors is to handle documents and information obtained during a review in the same prudent manner as by those employees normally responsible for them.

Internal auditing provides assurance, consulting, and management advisory services. Assurance services include reviewing the adequacy or effectiveness of governance, risk management, and controls. Consulting services include reviewing for efficiency or effectiveness to assist management with improvements to operations or advising management on a variety of topics, such as implementation of procedures to comply with policies or sound business practices. The auditing activity also provides management advisory services, e.g., providing training, participating in committees, and coordinating projects.

In fulfilling their responsibilities, internal auditors will:

  • Develop and implement audit plans and programs that respond to both risk and cost-effectiveness criteria;
  • Suggest policies and procedures where appropriate;
  • Provide audit reports that identify internal control issues (among others) and make cost-effective recommendations to strengthen controls;
  • Facilitate the resolution of audit issues with administrators who have the most direct involvement and accountability;
  • Maintain a quality and assurance improvement program, consistent with the Standards promulgated by The Institute of Internal Auditors, Inc., to ensure the effectiveness and quality of the internal audit effort; and
  • Investigate allegations involving theft or misuse of University assets.

In their staff functions, internal auditors have no direct responsibility or authority over any of the operating activities examined, and their review shall not relieve others of their responsibilities. Furthermore, the independence of the internal auditors should not be compromised by their implementing procedures, preparing records, or engaging in activities that internal auditors would normally review.

When requested, internal auditors may attend senior-level staff meetings and serve on various university committees. Their role at such meetings should be limited to rendering advice and staying abreast of strategic, governance, and risk issues.

Reporting Structure

The internal audit function reports to the Audit and Compliance Committee of the Board of Trustees with supporting responsibilities to the chief financial officer. All internal auditors, including auditors located at campuses or institutes, are members of the UT System Office of Audit and Compliance.


At the conclusion of each audit, the Office of Audit and Compliance will issue timely reports to audited parties, senior management, the State of Tennessee Division of Internal Audit, and the Audit and Compliance Committee.

Initially approved by the Audit Committee on March 3, 2004.
Current revision approved by the Audit and Compliance Committee on December 15, 2016.