The MIT Audit Division delivers audit services through a risk-based program of audit coverage featuring business process reviews, targeted reviews, and advisory services. These efforts, in coordination with the Institute’s external auditors, PricewaterhouseCoopers, provide assurance to management and the Audit Committee that good business practices are adhered to, adequate internal controls are maintained, and assets are properly safeguarded.
The Audit Division’s scope of services is equal to the full extent of MIT’s auditable activities, as continually defined by the audit universe. Allocation of audit resources across this broad spectrum is accomplished via a model for evaluating risks associated with defined entities at the Institute, and prioritizing the utilization of resources accordingly over time. Annual reassessment of risk primarily drives the audit plan, which also anticipates changing circumstances, administrative and developmental initiatives which support the audit function, and follow up on previously reported audit findings. Over 15,000 person hours are directly devoted to audit activities annually.
While reporting administratively to the Executive Vice President and Treasurer, the Audit Division is fully attentive to the support and service of its primary customer, the Audit Committee of the Corporation. The MIT Audit Committee meets three times per year, in accordance with its charter that lends momentum to the Audit Division’s goals for monitoring internal controls and supporting the Institute’s risk management processes.
The Audit Division continues to strive toward the following inward and outward-looking goals:
- Prioritization of Services: Provide effective audit coverage of the Institute’s activities (including affiliate and auxiliary areas), in order to assure management that controls designed to achieve important business objectives are adequate; Prioritize activities and areas representing material expenditures or investments and/or significant exposure, as well as those that have not received prior or recent audit coverage; Provide coverage throughout the risk-rated universe.
- Management Requests: Respond to and prioritize requests from management for audit services as resources permit; Strive for a broad span of audit services to help build a greater understanding of the Institute’s extraordinary diversity of activities; Seek a rich blend of advisory and audit assurance services.
- Coordination of Services: Coordinate the RACP and Operations initiatives in the Audit Plan—RACP efforts are classified as advisory services, reflecting planned audit coverage by the integration of site visits, quarterly monitoring, data mining, and continuous compliance testing of industrial and international awards and agreements.
- Partnership with Management: Work in a collaborative fashion on control-enhancing activities; Seek alignment of work with management’s goals; Become a consultant to new, emerging initiatives; Provide support through advisory audit services as opportunities allow.
- Focus on Achievement of Business Objectives: Strengthen our ability to pinpoint business objectives and evaluate related controls helping to mitigate risks and enhance achievement of business objectives
- Build and Maintain Relationships: Seek and build on opportunities to develop and strengthen relationships throughout the Institute’s business areas, including academic administration; Use these opportunities to become more knowledgeable of business processes and emerging initiatives, thus informing our risk assessment practices and facilitating the audit planning process and prioritization of resources
- Educate through Relationships: Leverage relationships to educate business process owners and stakeholders about risk and control responsibilities and benefits.
Benchmarking and Development
- Performance Management: Continue to work toward adherence to the Division’s operational standards, as these standards are designed to promote a world-class audit function. Design a “balanced scorecard” to benchmark comprehensively, to manage audit services, and to measure improvement in key performance areas
- Staff Development: Maintain current levels of employee development activities, including encouraging the pursuit of relevant certifications, cost-effective training opportunities, and engaged participation in industry conferences and seminars.