Internal Auditing

Purpose Statement

The purpose of the internal audit function is to strengthen Houston Community College System’s (HCCS) ability to create, protect, and sustain value by providing the board and management with independent, risk-based, and objective assurance, advice, insight, and foresight.

Internal Auditing Information

Ethics and Professionalism

HCC’s Internal Audit Department operates under the Global Internal Audit Standards (Standards) published by The Institute of Internal Auditors. The Standards Domain II. Ethics and Professionalism states the principles and expectations governing the behavior of individuals and organizations in the performance of internal auditing services. The following summarizes the principles and expectations.

Principle 1 Demonstrate Integrity

Internal auditors demonstrate integrity in their work and behavior. 

Integrity is behavior characterized by adherence to moral and ethical principles, including demonstrating honesty and the courage to act based on relevant facts, even when facing pressure to do otherwise, or when doing so might create potential adverse personal or organizational consequences. In simple terms, internal auditors are expected to tell the truth and do the right thing, even when it is uncomfortable or difficult. 

Integrity is the foundation of the other principles of ethics and professionalism, including objectivity, competency, due professional care, and confidentiality. The integrity of internal auditors is essential to establishing trust and earning respect.

Principle 2 Maintain Objectivity

Internal auditors maintain an impartial and unbiased attitude when performing internal audit services and making decisions. 

Objectivity is an unbiased mental attitude that allows internal auditors to make professional judgments, fulfill their responsibilities, and achieve the Purpose of Internal Auditing without compromise. An independently positioned internal audit function supports internal auditors’ ability to maintain objectivity.

Principle 3 Demonstrate Competency

Internal auditors apply the knowledge, skills, and abilities to fulfill their roles and responsibilities successfully. 

Demonstrating competency requires developing and applying the knowledge, skills, and abilities to provide internal audit services. Because internal auditors provide a diverse array of services, the competencies needed by each internal auditor vary. In addition to possessing or obtaining the competencies needed to perform services, internal auditors improve the effectiveness and quality of services by pursuing professional development.

Principle 4 Exercise Due Professional Care

Internal auditors apply due professional care in planning and performing internal audit services. 

The standards that embody exercising due professional care require: 

  •   Conformance with the Global Internal Audit Standards. 
  •  Consideration of the nature, circumstances, and requirements of the work to be performed. 
  •  Application of professional skepticism to critically assess and evaluate information. 

 

Due professional care requires planning and performing internal audit services with the diligence, judgment, and skepticism possessed by prudent and competent internal auditors. When exercising due professional care, internal auditors perform in the best interests of those receiving internal audit services but are not expected to be infallible.

Principle 5 Maintain Confidentiality

Internal auditors use and protect information appropriately.

Because internal auditors have unrestricted access to the data, records, and other information necessary to fulfill the internal audit mandate, they often receive information that is confidential, proprietary, and/or personally identifiable. This includes information in physical and digital form as well as information derived from oral communication, such as formal or informal meeting discussions. Internal auditors must respect the value and ownership of information they receive by using it only for professional purposes and protecting it from unauthorized access or disclosure, internally and externally.

 

Internal Audit Standards

The Global Internal Audit Standards and Topical Requirements, and generally accepted governmental auditing standards shall serve as guidelines for Houston Community College System internal audit activities.

* Global Internal Audit Standards and Topical Requirements are published by the Institute of Internal Auditors.

* Generally Accepted Governmental Auditing Standards are published by the US General Accounting Office, Comptroller General.

 

Responsibilities

In accordance with Board Policy and the Board approved Internal Audit Department Charter, Internal Audit is responsible for assessing the various functions and control systems within HCCS and for advising management concerning their condition. The fulfillment of this accountability includes:

  • Developing a flexible risk based annual internal audit plan with input from Senior Management and the Board of Trustees as required by IIA Standard 2010. A1 and submit the audit plan to the Audit Committee for review and the Board for approval.
  • Reviewing and adjusting the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls with Audit Committee review and Board approval.
  • Meeting regularly with the Board Audit Committee to provide updates by reviewing audits performed, audits in progress, future audits, and sufficiency of the Department resources.
  • Conducting independent and constructive audits to review effectiveness of controls, financial records, operations, or to review departmental records, the proper recording of transactions, and compliance with applicable rules, regulations, policies, and procedures, including evaluation for potential fraud and effectiveness of fraud controls.
  • Analyzing data obtained for evidence of deficiencies in controls, integrity, duplication of effort, or lack of compliance with College policies and procedures.
  • Conducting audits that examine the effectiveness of the governance, risk management, and internal control processes in promoting the achievement of strategic objectives concerning all reporting, operations, safeguarding of assets, and compliance.
  • Follow up on engagement findings and confirm the implementation of recommendations or action plans and communicate the results of internal audit services to the board and senior management quarterly and for each engagement as appropriate.
  • Investigating allegations of fraud, waste, abuse and other wrongdoing as appropriate and in accordance with Board Policy, and coordinating such investigations as needed with Legal Counsel or the HCCS Police.
  • Evaluating the design, implementation, and effectiveness of HCCS ethics-related objectives, programs, and activities.
  • Assessing whether information technology governance effectively supports HCCS strategies and objectives.
  • Offering Advisory services; Internal Control or Fraud training; Control Self-Assessment (CSA) services, and other audit technique workshops as warranted.
  • Coordinating audit efforts with those of external financial auditors and acting as a liaison for other external auditors.
  • Coordinating efforts with other control monitoring functions within HCCS (risk management, compliance, security, legal, ethics, safety and environment, police, human resources, and information technology).
  • Identify and consider trends and emerging issues that could impact HCCS and communicate to the board and senior management.
  • Maintaining a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter and ensure that personnel in the Department have appropriate continuing education to foster advancement of technical knowledge and skills.

 

Contact Us

Internal Auditing

Compliance & Ethics »

Suite 11E13 P.O. BOX 667517, MC 1122 3100 Main Street, Houston, TX 77002