The role of the internal auditor at the University of Iceland is to promote optimised use of funding and efficient management practices in the interests of the strategy and objectives of the University. The internal auditor shall assist the University Council, rector and other administrators in attaining set management targets, evaluating success, improving risk management and strengthening internal controls.
2. Tasks and responsibility
The primary tasks of the internal auditor are:
- To advise the rector, University Council and other administrators at the University of Iceland regarding matters pertaining to optimised use of funding, efficient management practices, risk management and internal controls over administration and finances.
- To determine whether internal controls, the information system, working processes, organisation and administration are effective and secure and align with the strategy and objectives of the University.
- To determine whether accounts and financial statements comply with the provisions of the law and regulation.
- To determine whether the University Council, rector and other administrators receive the accurate information they require in order to fulfil their responsibilities efficiently, and to promote such information flow.
- In consultation with or at the request of the University Council and rector, to review individual structural units and selected elements of administration and operations at the University. To propose reforms, amendments and innovations to improve management practices and financial administration, as appropriate.
- To stay abreast of the results of professional quality engagements and evaluate, as appropriate, their administrative and financial basis.
- To receive reasoned reports of waste and inefficiency in management practices, risks and possible fraud in the handling of finances and, as appropriate, alert the University Council and rector.
3. Appointment, position in organisational chart and objectivity
- The internal auditor is appointed by the head of the institution (rector) but works under the authority of the board (University Council).
- The internal auditor must be university educated and possess extensive knowledge of public administration and internal auditing. Ideally, he or she shall be an accredited auditor.
- The internal auditor is professionally autonomous and works independently.
- The internal auditor must ensure objectivity and work independently of those operating units being audited or reviewed.
- The internal auditor shall have ready access to all data required to perform his or her job effectively.
- Staff at the University of Iceland shall assist the internal auditor with gathering information and ensure that information and files are accessible. Care must be taken to ensure that information gathered in this way is not accessible to others and is used only in accordance with the objectives of the internal audit. Confidential information must be handled as such. The internal auditor must comply with the provisions of the law and regulation concerning confidentiality and communication with employees in their place of work.
- The internal auditor is not involved with the day-to-day management of the University, but shall work closely with its administrators.
- The internal auditor must report to the University Council and rector any circumstances or incidents that could indicate incompetence, conflicts of interest or partiality. An auditor who has worked on or been responsible for certain projects shall not audit them until a reasonable amount of time has passed.
4. Annual audit plan, annual audit report and budget
Every year the internal auditor shall submit an audit plan and audit report to the University Council, based on a risk evaluation of the institution’s operations. The report shall evaluate the efficiency of internal monitoring in University administration and, as appropriate, propose amendments to management practices and indicate opportunities for optimisation.
Along with the audit plan, the internal auditor shall submit a budget for each year.
5. Audit and engagement reports
Upon completing an audit or engagement, the internal auditor shall submit a written report to the University Council explaining the purpose of the audit/engagement, analysis, conclusions and proposed amendments. Before finalising the report, care must be taken to ensure that the subjects receive a draft copy and the opportunity to comment and correct factual errors.
Where appropriate, the audit report submitted to the University Council shall be accompanied by a statement from the University’s governing bodies and their proposed measures and follow-up. The University Council shall determine which proposals to approve and when they will be implemented. The Council may also determine whether and when the University’s governing bodies shall produce a report on the measures taken.
A copy of the internal auditor’s audit report shall be sent to the National Audit Office.
The internal auditor shall work with reference to the following criteria and regulations:
- Legislation and regulation concerning the operations of the University of Iceland.
- Legislation and regulation on financial statements, accounts and state finances.
- Legislation on data protection and the handling of personal information.
- National Audit Office guidelines on internal auditing, internal supervision and the operational security of the information system.
- Internationally recognised guidelines, regulations and standards on the professional practices of internal auditing, e.g. from the International Organisation of Supreme Audit Institutions (INTOSAI), Institute of Internal Auditors and Information Systems Audit and Control Association.
- The University of Iceland Code of Ethics and the Code of Ethics from the Institute of Internal Auditors.
7. Communication with the National Audit Office
The internal auditor shall consult with the National Audit Office in order to coordinate working methods, avoid redundant work and ensure that auditing at the University of Iceland is, on the whole, in good shape.
The National Audit Office shall have access to the internal auditor’s audit plan, working data and reports.
Approval and review of formal statement of duties
This formal statement of duties for internal auditing was approved by the University Council on 7 February 2013 and enters into effect immediately. It will be reviewed within two years to include more detailed provisions on points considered unclear on the basis of experience. The formal statement of duties shall then be reviewed at regular intervals.