Welcome to LCTCS Internal Audit!
We acknowledge that when most people hear the word audit or auditors, welcome is not the first thing they feel. Rather they feel a foreboding, a sense of anxiety. We hope to use this site to alleviate, if not altogether dismiss, those feelings.
What is Internal Audit?
The Institute of Internal Auditors’ official definition of internal auditing is:
“… an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Let’s break this definition down a bit. Let’s start in the middle with “It helps an organization accomplish its objectives…”
First and foremost, everyone should understand that we are all on the same side. You have objectives, goals you are tasked with achieving, whether they be at the executive level or at the clerical level. Our goal in Internal Audit is to help you attain those goals by identifying the obstacles that stand in the way and recommending ways to overcome them.
HOW AUDIT WORKS
We do it “… by bringing a systematic, disciplined approach…” to our work. Our work is conducted according to standards established by The Institute of Internal Auditors. We evaluate the effectiveness of risk management, control, and governance processes and make recommendations for their improvement. By being independent of these processes, internal auditors can provide objective analyses of the risks to determine if controls exist and if they work the way they are supposed to thus providing assurance that controls are adequate or being strengthened if necessary.
In whatever capacity we act, it is always the desire of Internal Audit to add value and improve the operations of our System’s institutions. It is never our desire to just go through the motions. If we make an observation, we make it to identify a risk or a control that is not operating as designed or desired. Our recommendations are made to give management options for establishing or strengthening controls and mitigating risks.
To learn more about internal auditing, click on the following link: About the Profession
Internal Audit Insights
Articles, information, and additional wisdom
Ask a manager at most companies, public or private, if they have a Disaster Recovery plan and you might hear a response such as “Yes, our IT folks back up our servers on a regular basis.” Another common response might be “Our business isn’t big enough to need one of those? Besides we have insurance to cover our losses.” These and many others like them are bad answers. Many disasters that affect your business have nothing to do with Information Technology. It may be a fire or a flood that makes your main classroom building inaccessible. It may not even be your disaster. A crisis effecting one of your main suppliers or customers may have a great impact on you. As for insurance, that only provides money and it often does not arrive in time to guarantee that you will be able to continue in business. read more…
What is Risk?
We all know the answer to this intuitively. Your mother, like mine, probably formed your first understanding of risk, with statements such as “Don’t run with scissors. You’ll put your eye out!” or “Put your coat on before you go outside. You’ll catch your death of cold!” She was concerned about risk to your health and well-being. As we grew, risk became applicable to other areas of life. “You break it, you bought it,” reads the sign in the store. “This was an accident that did not have to happen!” says your Dad after your first fender bender from driving too fast or too carelessly. Now, risky behavior is costing someone money, possibly you. As we get older and life becomes more complex, so does risk and all of its implications. read more…
Internal Audit Staff
Michael Redmond, CPA, CIA, CISA, CGEIT
Director of Internal Audit
Mike returned to the auditing world in 2003 after 25+ years in IT. Beginning as an staff IT auditor, Mike served as senior IT Auditor, Interim Internal Audit Manager, and Interim Internal Audit Director. He was appointed permanent Director in February, 2013.
Mike received his BBA in Accounting from North Texas State University in Denton, TX in 1978. He is currently working towards his MS Analytics degree at Louisiana State University.
Jeff Fleming, CIA
Internal Audit Manager
Jeff has been with the LCTCS Internal Audit Department since April, 2008, serving as a staff internal auditor and now internal audit manager. Prior to joining the audit world, Jeff worked 3 years in the mortgage industry as an Underwriter for a direct lender in Baton Rouge, LA.
Jeff is a graduate of Louisiana State University in Baton Rouge, LA, having received his BS in 2005.
Jeffrey Cruz, CIA, CGAP
Staff Internal Auditor
Jeffrey has been with the LCTCS Internal Audit department since February 2015, serving as a staff internal auditor. Prior to joining LCTCS, Jeffrey worked as a performance auditor with the Louisiana Legislative Auditor’s office and as an office manager with a statewide political campaign.
Jeffrey is a graduate of Louisiana State University in Baton Rouge, LA where he received his BS in Accounting in 2007.
What is Internal Audit's vision, mission and values?
Internal Audit endeavors to be a trusted advisor, a capable business partner, a promoter of best practices and an agent of positive change to the Board, senior system management, college leadership and other internal stakeholders in their efforts to meet and exceed their goals and objectives in the preparation of Louisiana’s workforce.
LCTCS Internal Audit assists the Board, senior system management, college leadership and other internal stakeholders in the effective discharge of their fiduciary and administrative responsibilities using a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. This assistance is provided through a series of independent and objective operational and compliance audits, internal control reviews, investigations, and advisory services designed to add value and improve operations.
The Office of Internal Audit is committed to certain values in carrying out its mission:
- Providing excellent service to the LCTCS Board and to Louisiana’s Community and Technical Colleges is our primary focus.
- Performing our examinations in accordance with applicable standards established by the Institute of Internal Auditors (IIA), the American Institute of Certified Public Accountants (AICPA), ISACA and the Government Accounting Office (GAO).
- Maintaining our independence, objectivity and confidentiality in the performance of our work.
- Adhering to the highest degree of fairness, integrity and ethical conduct.
- Characterizing our relationships with the LCTCS Board and to Louisiana’s Community and Technical Colleges with respect, helpfulness, openness, and loyalty.
- Maintaining our professionalism as internal auditors through continuance of our education and training.
What is Internal Audit's strategic plan?
For internal audit to remain relevant, it should adapt to changing expectations and maintain alignment with the organization’s objectives. The internal audit strategy is fundamental to remaining relevant — playing an important role in achieving the balance between cost and value, while making meaningful contributions to the organization’s overall governance, risk management, and internal controls.
As stated in its Vision Statement, LCTCS Internal Audit is committed to aligning its work with the efforts of its stakeholders in meeting their goals and commitments. Specifically, LCTCS Internal Audit seeks to make its work of value in the achievement of the goals of Our Louisiana 2020. To that end, the following goals have been established for the ongoing work of LCTCS Internal Audit:
Strategic Goal #1
Provide assurance as to the quality of data being accumulated by the colleges and used for reporting in assessing achievement of the goals of Our Louisiana 2020.
Strategic Goal #2
Become a trusted partner to our senior stakeholders in the achieving of their Our Louisiana 2020 goals
Where does Internal Audit's authority come from?
Internal Audit’s authority comes from its Board approved charter, the text of which is reproduced below. The current charter was approved by the Board’s Audit Committee on June 9, 2016, and can be viewed here.
Internal Auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of the Louisiana Community and Technical College System (LCTCS). It assists the LCTCS in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization’s risk management, control, and governance processes.
The internal audit activity is established by the Board of Supervisors, and its responsibilities are defined by the Audit Committee as part of their oversight function.
The internal audit activity shall govern itself by adherence to the Institute of Internal Auditor’s mandatory guidance including the Definition of Internal Auditing, the Code of Ethics and the International Standards for the Professional Practice of Internal Auditing (Standards). These documents shall constitute the operating procedures for the activity and the measure for evaluating the effectiveness of the internal audit activity’s performance. They are, by reference, made a part of this charter.
The Institute of Internal Auditors’ Practice Advisories, Practice Guides and Position Papers will be adhered to as applicable. In addition, the internal audit activity will adhere to LCTCS policies and procedures and internal audit activity’s Policies and Procedures Manual.
Authority is granted for full, free, and unrestricted access to any and all of LCTCS records, physical properties, and personnel relevant to any function under review. All employees are requested to assist the internal audit activity in fulfilling their function. The internal audit activity shall also have free and unrestricted access to the Chairman of the Board of Supervisors and the Audit Committee.
Documents and information given to the internal audit activity during a periodic review will be handled in the same prudent and confidential manner as by those employees normally accountable for them.
The Chief Audit Executive shall report administratively (i.e. day to day activities) to the President and functionally to the Audit Committee of The Board of Supervisors.
All internal audit activities shall remain free of influence by any element in the organization, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of an independent and objective mental attitude necessary in rendering reports.
Internal Auditors shall have no direct operational responsibility or authority over any of the activities they review. Accordingly, they shall not develop nor install systems or procedures, prepare records, or engage in any other activity which would normally be audited.
Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.
The Chief Audit Executive will confirm to the board, at least annually, the organizational independence of the internal audit activity.
The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the organization’s governance, risk management process, system of internal control structure, and the quality of performance in carrying out assigned responsibilities to achieve the organization’s stated goals and objectives. It includes:
- Evaluating risk exposure to achievement of the organization’s strategic objectives.
- Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
- Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports and whether the organization is in compliance.
- Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Reviewing and appraising the economy and efficiency with which resources are employed.
- Reviewing operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
- Monitoring and evaluating the effectiveness of the organization’s risk management system.
- Monitoring and evaluating governance processes.
- Reviewing the quality of performance of other audit functions and the degree of coordination with internal audit.
- Performing consulting and advisory services related to governance, risk management and control as appropriate for the organization
- Reviewing specific operations at the request of the President, Chancellors, Audit Committee, Finance Committee or Board of Supervisors, as appropriate.
Annually, the Chief Audit Executive shall submit to the President and the Audit Committee a summary of the audit work schedule, staffing plan, and budget for the following fiscal year. The audit work schedule is to be developed based on a prioritization of the audit universe using a risk-based methodology. The Chief Audit Executive will also seek input from the President, Audit Committee, and the Chancellors in developing the audit plan. The Chief Audit Executive will review and adjust the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems and controls. Any significant deviation from the formally approved work schedule shall be communicated to the President and the Audit Committee through periodic activity reports.
A written report will be prepared and issued by the Chief Audit Executive or designee following the conclusion of each audit and will be distributed as appropriate. A copy of each audit report and a summarization will be forwarded to the President, the Chairman of the Audit Committee, and the appropriate Chancellor.
The Chief Audit Executive may include in the audit report the auditee’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management’s response should include a timetable for anticipated completion of action to be taken and an explanation for any recommendations not addressed.
In cases where a response is not included within the audit report, management of the audited area should respond, in writing, within thirty days of publication to Internal Auditing and those on the distribution list.
The internal audit activity shall be responsible for appropriate follow-up on audit findings and recommendations. All significant findings will remain in an open issues file until cleared by the Chief Audit Executive or the Audit Committee.
The internal audit activity will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of the internal audit activity’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.
The Chief Audit Executive should also periodically assess whether the purpose, authority, and responsibility, as defined in this charter, continue to be adequate to enable the internal auditing activity to accomplish its objectives. The result of these periodic assessments should be communicated to senior management and the Board of Supervisors.
Who does Internal Audit report to?
In order to maintain its independence and objectivity, Internal Audit has a two-pronged reporting structure.
Internal Audit obtains its authority from the Audit Committee of the LCTCS Board of Supervisors and the Internal Audit Director reports functionally (directly) to the Audit Committee.
For the day-to-day operations of the department, the Internal Audit Director reports administratively (indirectly) to the President of the LCTCS.
This reporting structure allows Internal Audit to be independent of the management of the LCTCS and its colleges and thus independent of the areas it audits.
A visual depiction of the Internal Audit reporting structure can be seen here.
Who decides what Internal Audit will review?
The Audit Plan (Plan) is the roadmap by which Internal Audit conducts its work during the year. Using the Risk Assessment document produced annually by the department, the Director of Internal Audit prepares a proposed Plan for presentation to the LCTCS Audit Committee.
The Plan provides a discussion of each significant area of proposed internal audit focus including the goals which would be impacted by the occurrence of a risk event on the area of focus, the controls in place to prevent, detect and mitigate risk events and the tests, if any, that have been conducted leading to internal audit’s conclusion of significant residual risk. Throughout the coming year, the Director of Internal Audit will develop projects, to address the risks identified in the selected areas, which (s)he believes would benefit from internal audit efforts and to which (s)he believes internal audit activities would add value.
Also included in the Plan are any projects for which Internal Audit has entered into Memorandums of Understanding with other LCTCS departments.
The Plan also emphasizes that a certain amount of Internal Audit time will be available for special requests that inevitably arise throughout the year.
Who audits the auditor?
The LCTCS Internal Audit activity seeks to conduct its affairs in conformance with the International Standards for the Professional Practice of Internal Auditing (1321). These standards require that “(t)he chief audit executive … develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity.” (1300)
LCTCS Internal Audit’s Quality Assurance and Improvement Program (QAIP) is designed to provide reasonable assurance to the various stakeholders of the Internal Audit activity that Internal Audit:
- Performs its work in accordance with its Charter, which is consistent with The Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing (Standards), Definition of Internal Auditing and Code of Ethics;
- Operates in an effective and efficient manner; and
- Is perceived by stakeholders as adding value and improving LCTCS’s operations.
To that end, Internal Audit’s Quality Improvement efforts will cover all aspects of the Internal Audit activity (1300) as follows:
- Governance of the Internal Audit activity
- Professional practices
- Appropriate communications
Quality Assurance will be provided by
- Both periodic and ongoing internal assessments (1310, 1311).
- An external assessment at least once every five years (1310, 1312), the results of which are communicated to the Board of Directors (BOD) through the Audit Committee of the Board of Directors (Audit Committee) (1320).
Any non-conformance identified by either internal or external quality assessments reviews that impact the scope or operations of the internal audit activity will be appropriately disclosed to LCTCS senior management and the board (1322).
The Director of Internal Audit (DIA) is ultimately responsible for the QAIP.
 References to specific standards are indicated by parentheses.
What should I expect from a visit by Internal Audit?
In almost all cases, if your area of responsibility is selected for an Internal Audit review, we will contact your chancellor to announce the project and request the contact information for the appropriate person for the project. Once that information is received, the Internal Audit Manager will typically reach out to the designated contact person to schedule a mutually convenient time for Internal Audit staff to visit your campus.
At the same time, Internal Audit will, if appropriate, give you a list of the documents that we will want to review when we arrive on campus and a list of persons that we may need to speak to during the course of the project.
When Internal Audit arrives on campus, we begin with an Entrance Meeting during which we will reiterate the purpose of the review, the process we will follow during our visit, the type of support we will need from the college and what the college can expect from us during our visit.
At the end of our field work, we will conduct a Field Work Exit Meeting during which we will summarize the work we conducted and review any possible findings that have arisen. At this point, none of this should be a surprise, as we will have discussed these matters with you in order to arrive at a mutual understanding of the issues (not necessarily a mutual agreement).
Once field work is completed, Internal Audit management will review all of the workpapers and proposed findings. A draft report will be prepared and made available to college management for their review and response. Once the college’s official response is received, it will be included in its entirety with the final report when issued.
Above all, you should expect respect from Internal Audit for the work that you do, professionalism on the part of Internal Audit in the work that they perform and value to the college in the final product, the Internal Audit report.