According to the International Standards for the Professional Practice of Internal Auditing, the internal audit activity should evaluate and contribute to the improvement of risk management, control, and governance processes using a systematic and disciplined approach. Internal audit should assist the organization in identifying and evaluating significant exposures to risk and contributing to the improvement of risk management and control systems. Internal audit should further assist in maintaining effective controls by evaluating their effectiveness and efficiency and promoting continuous improvement.
The Audit Division’s compliance monitoring initiative is well established, and has become an accepted and valued part of MIT’s control structure. Based upon recent work and perspective of the Audit Division, the Institute has made significant progress through this initiative and the Research Administration Improvement Initiative (RAII), the other major management initiative to improve research administration. A valued partnership has developed between the audit and management activities.
A primary measure of the Institute’s control structure is the type and severity of reported audit findings. The largest portion of Audit Division findings are moderate-rated, which indicates that Audit will perform follow-up work in the normal course of the audit process, even though the risk associated with the finding does not warrant Audit Committee-level notification.
Based on accumulated Audit Division efforts and corresponding audit results, the Institute’s mission (link to Institute mission statement) is effectively supported by its business processes; however the processes can benefit from greater integration, better documentation, and more efficiency. The Audit Division regards the Institute as positioned to enhance the internal control structure through increasingly formalized administrative and systems practices and processes, in research administration, financial accounting and reporting, general IT controls, and certain areas of governance and policy. Each of these areas represents an industry-wide topic of interest, as the business and regulatory environment surrounding higher education generally is demanding more of preeminent research institutions. There is great opportunity to capitalize on new perspectives being brought to an increasingly demanding environment.
Areas which, in the judgment of the Audit Division, represent current focus are:
- continued evolution of research administration initiatives, and development of front-end processes to non-standard industrial research models
- greater degree of documentation of practices and processes
- significant progress in information security, notably over private and sensitive data
- formalization of practice and policy in areas which include: institutional conflict of interest, code of conduct, and enterprise risk mitigation and management