Internal Audit

1. POLICY

   Internal Audit is an independent and objective assurance and advisory function that supports Salt Lake Community College in achieving its mission and objectives. Internal Audit applies a systematic and disciplined approach to evaluate and enhance the effectiveness of internal controls, governance processes, and the management of institutional risks. The college places no limitations on the scope of Internal Audit’s work.

2. REFERENCES
   1. Utah Internal Audit Act, Utah Code Ann. §§ 63I-5-101–401.
   2. Internal Audit Program, Utah Board of Higher Education r. 567.
3. DEFINITIONS
   1. Advisory Service: Service through which Internal Audit provides advice to the administration without providing assurance or assuming management responsibility. The nature and scope of advisory services are subject to agreement between the administration and Internal Audit before the commencement of the engagement.
   2. Audit: A systematic and objective process of evaluating actual conditions against intended results to identify gaps and assess effectiveness, resulting in the communication of results to interested parties in a report format.
   3. Client: An area within the college that is subject to audit.
   4. Client Action Plan: A plan created by the client in response to findings. These plans identify the responsible parties, outline the steps required to remediate the findings, and specify the expected timelines for resolution.
   5. Exception: A deviation from the expected standards or results noted during audit or review.
   6. Finding: The determination that a gap exists between the evaluation criteria and the condition of the activity under review.
   7. Follow-up Procedures: Procedures performed within a reasonable period after the issuance of an audit report that are designed to determine if the client has remediated the findings.
   8. Internal Control: An action taken by the administration to manage risk and increase the likelihood that established objectives and goals will be achieved.
4. PROCEDURES
   1. Authority
      1. Internal Audit derives its authority directly from the Utah Code, the Utah Board of Higher Education rules, the Salt Lake Community College Board of Trustees Audit Committee, and the college administration. This authority is further described in the Internal Audit department’s charter statement.
      2. Internal Audit’s authority extends to:
         1. any department, system, function, program, or administrative unit which operates as part of the college or that is consolidated in the college’s annual financial statements; and
         2. the college’s business partners if the contract or agreement has a right to audit clause.
      3. Internal Audit has free and unrestricted access to all college records, personnel, and physical property relevant to its current work projects.
      4. Due to the requirement to maintain independence from the administration, Internal Audit shall assume neither authority nor responsibility for any activities audited, investigated, or reviewed.
   2. Responsibilities
      1. Internal Audit maintains a risk-based program which includes:
         1. audits and associated follow-up;
         2. advisory services requested by the administration.
      2. The chief audit executive will communicate with and provide reports to the Board of Trustees Audit Committee, the president, and the appropriate vice president.
      3. Internal Audit will protect all information gathered and provide documents in accordance with federal and state law.
      4. Internal Audit may assist the administration through appropriate requests for services to identify fraud. The administration is responsible for overseeing daily operations and detecting any signs of fraud.
      5. Internal Audit may participate in investigations if audit staff possess the specific experience and expertise required to do so.
      6. If any criminal activity is suspected, Internal Audit will notify the college’s Public Safety office.
   3. Audit Procedures
      1. Audit Notification

         Internal Audit will ordinarily provide notice of an audit to the appropriate vice president, department administrator, or other responsible administrators.

      2. Opening Conference

         Internal Audit will meet with the client before substantial commencement of the audit to communicate the audit scope, objectives, and criteria.

      3. Audit Planning and Fieldwork

         Internal Audit will plan and perform fieldwork consistent with the application of Global Internal Audit Standards.

      4. Draft Audit Report
         1. Internal Audit will develop a draft audit report that summarizes the audit scope, objectives, criteria, findings, and recommendations.
         2. Internal Audit will provide a copy of the draft report to allow the client to review, comment, and prepare the client action plan.
      5. Client Action Plan
         1. The client action plan is due 10 working days after Internal Audit provides the client with a draft copy of the audit report.
         2. The client should respond to each recommendation separately and must include:
            1. a statement of agreement or disagreement with the finding and recommendation;
            2. a detailed description of the corrective action to be taken and how it will remediate the noted issue;
            3. a description of physical evidence, if any, to provide the support that the action plan has been implemented as agreed;
            4. the date by which the implementation will be complete; and
            5. the party responsible for the completion of implementation.
      6. Final Audit Report and Closing Communications
         1. Internal Audit will issue a final audit report that includes the client action plan.
         2. Internal Audit will communicate the results of the audit to the appropriate parties by an agreed-upon method, which may include in-person meetings, electronic, or other forms of communication.
      7. Follow-up Procedures
         1. Internal Audit will maintain a record of recommendations arising from audits performed by Internal Audit and other auditors. It will follow up with the client at times specified in the client action plan or other appropriate times.
         2. The follow-up procedures may be limited to those necessary to verify that the client has implemented adequate procedures to remediate the deficiencies noted in a previous audit.
         3. If necessary, Internal Audit may expand procedures to a full audit.
      8. Internal Audit will provide periodic reports to the president, the cabinet, and the Board of Trustees Audit Committee regarding outstanding audit recommendations and completion of client action plans.
   4. Record Retention

      Internal Audit shall comply with the college’s Records Management Policy, GRAMA, and other relevant laws.

Last Updated: April 8, 2026

The originator of this policy & procedure is Internal Audit. Questions regarding this policy may be directed to the originator by calling 801-957-4009.