Article
Reporting to the board: leading practices and trends in higher education
March 29, 2024 · Authored by Katlyn Andrews
Loading...
Article
March 29, 2024 · Authored by Katlyn Andrews
No two governing boards are same. Neither are their preferences for internal audit’s report outs of audit findings to the board audit committee(s). Let’s explore different approaches for providing information to the board, including the inclusion or complexity of completed reports, audit follow-up and other areas that are under internal audit’s responsibility (e.g., ethics hotline, conflicts of interest, etc.).
How your audit committee is structured will depend on your institution. Your organization may have only one audit committee, or it may have several. For example, it is not uncommon for academic medical centers to have more than one audit committee. They may have separate committees for the academic institution, medical center and foundation. The number, size and make-up of your committee will likely influence the frequency of formal meetings, meeting agendas and content provided.
Internal audit’s role is established in a charter or policy and typically includes a presentation of its audit activities and findings related to those activities to the audit committee. Some committees want more detailed report outs than others. Where some audit committees prefer internal audit present a summary of the audits and reviews conducted since the prior meeting inclusive of all findings and observations, others prefer only high-level risks be brought to their attention. So long as internal audit is providing the board with objective assurance and advice, the form the presentation takes can vary based on the board and its unique preferences. In our experience, committees typically like having, within the meeting materials, copies of the comprehensive reports that highlight each audit or review’s objectives, approach, findings and recommendations and, at its meeting, a high-level presentation of the findings and observations with the opportunity to ask questions.
Internal audit’s responsibilities do not stop once an audit report is issued. Depending on your organization’s structure and how roles and responsibilities are assigned, internal audit’s scope may vary. For example, internal audit may also oversee activities to ensure past internal control gaps have been addressed (i.e., audit follow-up), monitor the ethics and compliance hotline, manage the disclosure of
Baker Tilly provides internal audit services to numerous institutions through its co-sourced and outsourced solutions. Below is an effective approach to board reporting for many colleges and universities:
We begin our presentation by displaying a table that summarizes the status of our internal audit plan and other internal audit activities (e.g., audit follow up). This typically includes the title of each audit or advisory review, the stage of completion (e.g., not started, planning, fieldwork, reporting or completed), and the date on which the results were presented or will be presented. We also note or verbally discuss any changes to the plan since the last meeting when applicable.
Audit follow up activities are summarized in a table for presentation purposes with more detail provided as an attachment to the meeting materials. The summary table is organized by audit year and project and notes the number of action plans developed for each review and the number of plans that have been completed as well as the implementation deadline (and revised deadline where appropriate). Once all action plans have been implemented for a particular review, this line item falls off this list so that only projects with outstanding action plans are presented. The detailed report included as an attachment provides additional context for each open item, including a summary of the recommendation to which the plan was developed, the risk level and a brief status update.
For presentation purposes, we include a summary of projects completed since the last meeting. The summary includes a recap of the project objective(s) as well as high-level recommendations made to address any issues or opportunities for improvement identified during our review. Within the meeting materials, but not the presentation itself, we typically include our detailed reports so that committee members have access to additional information if needed. The detailed reports:
For institutions whose internal audit function also manages activities such as the ethics hotline and conflict of interest (COI) disclosures, we typically include a slide to present our role in each activity and verbally update the committee of any pertinent information.
For more information, or to learn more about how Baker Tilly’s higher education internal audit specialists can help your institution, contact our team.
Provide comprehensive and objective assurance and advice tailored to your institution’s unique needs
An internal audit function that focuses on your strategic objectives and leverages our team of experienced and dedicated professionals
Supplement your internal audit function through co-sourced solutions, staff augmentation or individual project support
A value-added extension of your internal audit capabilities, helping identify and mitigate risks and report important risks to the audit committee of the board