Click the links below to find more information:
The Internal Audit Department shall adhere to the policies, procedures, and regulations of the University of Mississippi Medical Center as presented in the Faculty and Staff Handbook and Personnel Procedures and the Employee Handbook.
The Standards for the Professional Practice of Internal Auditing outline the criteria by which the operations of an internal auditing department are evaluated and measured. They are meant to serve the entire profession in all types of organizations. The purposes of the Standards are to:
The Internal Audit Department at UMMC shall comply with these Standards. Each member of the department shall receive a copy of the Standards and is expected to be familiar with them and adhere to them.
Fraud encompasses an array of irregularities and illegal acts characterized by intentional deception. Persons outside as well as inside the organization can perpetrate fraud for the benefit or detriment of the organization.
Deterrence of fraud is the responsibility of management. The Internal Audit department is responsible for examining and evaluating the adequacy and the effectiveness of actions taken by management to fulfill this obligation. Auditing procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected.
Internal auditors should have sufficient knowledge of fraud to be able to identify indicators that fraud might have occurred but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. Internal auditors should be alert to opportunities that could allow fraud. If significant control weaknesses are detected, additional tests conducted by internal auditors should include tests directed toward the identification of other indicators of fraud.
The Internal Audit department will assist in the investigation of fraud in order to:
Information security is a management responsibility. This responsibility includes all critical information of the organization regardless of the media in which the information is stored. The Internal Audit department should evaluate information security and associated risk exposures. Internal auditors should assess the effectiveness of preventive, detective, and mitigative measures against incidents deemed likely to occur. Internal auditors should periodically assess the organization’s information security practices and recommend, as appropriate, enhancements to or implementation of new controls and safeguards.
Internal auditors should apply the care and skill expected of a reasonably prudent and competent auditor. Due professional care does not imply infallibility. The internal auditor should exercise due professional care by considering the:
Personnel should collectively possess the knowledge, skills, and other competencies essential to the practice of internal auditing within the organization. Educational and work experience criteria have been established for the various positions within the department. In order to maintain their proficiency, all personnel are encouraged to continue their education and will be given adequate opportunities to do so. Continuing education hours necessary to meet certification requirements should be obtained. If no certification requirements are necessary, a minimum of 16 hours should be obtained. Continuing education may be obtained through:
Departmental memberships have been obtained in the Institute of Internal Auditors, the Association of College and University Auditors, the Association of Health Care Internal Auditors, and the Information Systems Audit and Control Association. UMC may cover the cost of obtaining continuing education; however, the employee should obtain approval prior to registering for any course or seminar.
Accreditation is an important indicator of an auditor's technical proficiency. Certification as a public accountant, internal auditor, or information systems auditor is encouraged for all departmental personnel and is a requirement for certain positions. Currently, UMMC will pay the cost of registering a certificate.
Internal auditors should be objective in performing their job. Objectivity requires internal auditors to have an impartial and unbiased attitude, to avoid conflicts of interest, and to perform audits in such a manner that no significant quality compromises are made. Therefore, the department will do its best to make sure the auditors are not placed in situations in which they feel unable to make objective, professional judgments.
Each auditor will be required to complete an annual Conflicts of Interest Statement.
Workpapers that document the engagement should be prepared by the auditor doing the work and reviewed by someone other than the preparer. The workpapers should record the information obtained and the analyses made and should support the basis for the observations and recommendations to be reported.
Engagement workpapers are the property of the organization. Workpaper files will remain under the control of the Internal Audit department and will be accessible only to authorized personnel.
The Mississippi Department of Archives and History has approved a records disposition program. All workpapers (audits and special projects) are to be retained for 3 years and then destroyed.
Engagements should be properly supervised to ensure objectives are achieved, quality is assured and staff is developed. All work performed by the Internal Audit department will be properly supervised. The extent of supervision required will depend on the proficiency of the auditor assigned to a task and the difficulty of the assignment. Supervision includes:
The director should approve all outgoing correspondence.
Activities should be coordinated with external providers of assurance and consulting services to ensure proper coverage and minimize duplication of efforts.
As outlined in the UMMC Faculty and Staff Handbook and Personnel Procedures and the Employee Handbook, employees are to receive a formal performance appraisal at the end of a new employee's 90-day probationary period and on an annual basis, usually during the month of March. The Employee Performance Appraisal Form is used to evaluate individuals who have no supervisory responsibility and is to be completed by the immediate supervisor. Managers and supervisors are to be evaluated by their department heads. The Manager/Supervisor Performance Appraisal Form is used to rate these individuals.
Additionally, each auditor shall receive feedback at the conclusion of each audit. This feedback may be written or oral.
Leave time will be provided in accordance with the policies outlined in the UMC Faculty and Staff Handbook and Personnel Procedures and the Employee Handbook. Leave time must be coordinated within the department so that sufficient staffing is available at all times. In the event all employees request leave at the same time, approved leave will be granted on a first come, first serve basis.
2500 North State Street
Jackson, MS 39216