Internal Audit is an independent, objective assurance, appraisal activity within the Medical University of South Carolina (the University), the Medical University Hospital Authority (the Authority), and their affiliated organizations and related parties for the review of operations for the Board of Trustees and as a service to management.
Internal Audit helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate, and improve the effectiveness of risk management, control and governance processes. Internal Audit reviews the reliability and integrity of information, compliance with policies and regulations, the safeguarding of assets, the economical and efficient use of resources, and established operational goals and objectives. It encompass financial activities and operations.
Our goal is to assist the Board of Trustees, the institution and management in assessing and improving MUSC programs, services, and operations by conducting routine, special request, compliance, and investigative reviews and projects.
Planning for most audits begins many months before an audit is assigned. During the spring or summer of every year, Internal Audit goes through an extensive process to determine which topics are high risk and may warrant review in the coming fiscal year. Audits are focused on the areas that we believe pose the greatest risk of financial or other loss to the organization. We ask constituents from across campus and all related entities to identify and rank major risks to the organization. That data, along with other financial, human resource, industry, and risk data, is used to determine how to utilize audit resources most effectively. The result is an annual Audit Plan. Some operations of the organization are considered high risk and thus, so important that they get reviewed routinely. Audits may also come about from requests or tips by the Board of Trustees, the President, management, and employees.
We usually present audit reports to responsible operating management first and subsequently to the Board of Trustees and executive management. Follow-up reviews are performed to verify the implementation of management’s action plans resulting from the audit. The Board of Trustees and executive management also receive follow-up reports.
Most of our audits are compliance or operational - we examine internal controls, test for compliance with state and federal laws and other regulations and guidance, and look for ways to improve operational efficiencies.
Other audits include investigations (to determine the validity of allegations received) and consulting (review or gather information or provide advice on some specific problem management has asked for our assistance in solving).
We provide internal audit services for the University, the Authority, UMA, and the affiliated Foundations.
Internal Audit assists the Board of Trustees (Audit Committee) and management in assessing the effectiveness and efficiency of operations, the ethical climate, and compliance with policies, procedures, regulations, and overall best business practices. An independent internal auditing activity provides a systemic approach to assessing high risk operational areas throughout the organization. Internal audit provides an objective assessment of internal controls, and risk management processes. Internal auditors also have expertise in understanding organizational risks and internal controls available to mitigate those risks. Organizations that do not have an internal audit function may not be in the best position to provide skilled, independent, and objective opinions on internal controls. Our goal is to benefit the organization. Therefore, we pledge the following to our audit clients:
Good internal controls prevent an employee from performing more than one phase of any business transaction. The four phases of a transaction include approval, execution, custody, and recording. Often, especially in small entities, it is not possible to adequately segregate duties. In these cases, it is important to employ mitigating controls to ensure that the effect of segregation occurs. When duties are properly segregated the potential for loss or inappropriate use of assets is minimized. A lack of segregation of duties is often a contributing factor in occurrences of fraud. Supervisory review of work is essential, but it does not replace the need for the proper segregation of duties.
Yes. Internal Audit’s key responsibility is to assist the organization in improving its internal controls and operations. As such, we will attempt to comply with all audit requests, but keep in mind that Internal Audit resources are limited and requests must be prioritized.
Consider how many of our business processes are dependent on or use information technology resources. An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of evidence obtained from an IT audit helps determine if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement. With so much reliance on information technology in business today, the need for IT audit is ever increasing.
IT controls provide for assurance related to the reliability of information and information services. IT controls help mitigate the risks associated with an organization’s use of technology.
Internal Audit follows Government Auditing Standards which require a peer review every three years. Additionally, we conduct an annual quality self-assessment.
