Ohio Admin. Code 3364-40-20 - Policy for dissemination of an internal audit report

Current through all regulations passed and filed through September 3, 2021

(A) Policy statement

All reports prepared by the university of Toledo (UT) internal audit department will be discussed with appropriate local and senior management, prior to final release. This policy covers all reports issued by the department, under the oversight of the internal audit.

(B) Procedures
(1) The internal audit department policy manual provides specific guidance pertaining to its approach to reporting the results of internal audits.
(2) The university president and the executive vice president, finance and administration will be copied on all internal audit reports. Further, the university president and the executive vice president, finance and administration will be provided an opportunity to review all draft reports for the highest-risk/problematic audit areas before they are issued in final form.
(3) Internal audit will use charts and graphics in its reports where appropriate.
(4) The executive leader in charge of the unit audited will be provided the opportunity to attend closeout meetings with the process owner.
(5) The process owner (vice president or dean) is responsible for providing management responses to all recommendations made in an internal audit report, and will be given ten business days to provide these responses.
(6) Upon receipt of the responses, the executive leader in charge of the area audited will then be provided an opportunity to review the report draft (including management responses) and will be asked to provide feedback in five business days.
(7) Should management responses not be received by the process owner or the executive leader in charge of the area audited within this fifteen-business-day period, internal audit reserves the right to issue the report in final form without management responses.
(8) To ensure the integrity of the report distribution process, all final reports will be signed and issued by the executive director of internal audit and chief compliance officer (executive director), or his designee.
(9) To further ensure the integrity of the audit reporting process, the executive director reserves the right to distribute certain high-impact audit reports to the finance and audit committee of the board of trustees. The executive director will consult with the university president and the executive vice president, finance and administration, prior to doing so.
(10) Executive leadership and the members of the finance and audit committee will receive a quarterly summary report from internal audit and compliance that will include the results of internal audits completed that quarter.
(11) The executive director will work with legal sffairs and adhere to their report dissemination requests for those audit projects to be conducted under attorney-client privilege.
(E) References
(2) UT internal audit department policy manual, https://www.utoledo.edu/offices/internalaudit/pdfs/InternalAuditPo licyManual.pdf

Replaces: 3364-40-20

Notes

Ohio Admin. Code 3364-40-20
Effective: 6/8/2020
Promulgated Under: 111.15
Statutory Authority: 3364
Rule Amplifies: 3364
Prior Effective Dates: 04/09/2020

The following state regulations pages link to this page.



State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.