Internal Audit
The Internal Audit is an objective, independent and reliable evaluation function that aims to create added value in improving organisational management and control.
Internal audit at Ghent University
The university is required to have a system of risk management, control, and corporate governance. As part of this, internal audit provides reasonable assurance to the Board of Directors and management that
→ risks are identified and managed
→ financial, managerial and operational information is accurate, reliable and timely
→ activities are in accordance with policies and procedures and applicable laws and regulations.
The overall goal of internal audit is to add value and improve the university's operations.
Legal basis
According to the decree of the Flemish Government of 9 October 2015 (in Dutch) the governing bodies are responsible for the risk analysis and risk management of the university. To this end, it can use a system of internal control and internal audit.
As early as 2011, the Board of Directors decided to set up an internal audit service.
Scope
The university with all its activities, its legal entities and partnerships fall within the scope of internal audit.
Internal audit never evaluates individuals; it does evaluate activities, processes and the organisation of the university.
Ghent University Hospital (UZ Gent) has its own internal audit function with its own exclusive audit universe or scope of work.
(Multi)annual plan
The university's risks are mapped out and regularly updated in a multiannual plan. Based on this, an annual audit plan is drawn up with a sufficient spread of assignments across the activities and entities to be audited. These plans are approved by the Board of Directors.
The internal audit office also carries out follow-up audits, ad hoc and consultancy assignments.
Audit Process
A full audit cycle consists of the following steps:
→ planning and preparation
→ execution of the audit (start-up meeting, analysis of documents and processes, interviews with stakeholders, etc.)
→ reporting of the audit (with findings, recommendations) to the stakeholders, the Audit Committee, the Executive Board and ultimately the Board of Directors
→ follow-up of the action plans
Quality assurance
Each audit is followed by a satisfaction measurement among the auditees. A self-evaluation is carried out every three years among the members of the Audit Committee. Every five years, the internal audit office is audited externally. The next external evaluation is scheduled for 2026.
The Internal Audit Office works according to the standards of The Institute of Internal Auditors (IIA).
Managing risk through the Three Lines Model
Risk management is based on a model with three lines of defence:
- First-line roles are situated in the operational unit itself through risk awareness and relevant controls;
- Second-line roles are taken care of by specialists who support management, such as
- risk manager
- financial controller
- data privacy officer
- environment coordinator
- prevention advisor
- IT security officer;
- The third-line role is performed by internal audit.
Collaboration and single audit
Internal audit works in conjunction with the second-line roles.
→ Because the scope of internal audit is so wide, the internal audit office sometimes calls on external auditors for support.
→ There is also cooperation with external audit actors such as the Court of Audit, the statutory auditor, the government commissioner and Flanders department of finance and budget. They coordinate their work, exchange experiences and information and build on them, with respect for each other's tasks and competences. This is called a single audit.
Organisational structure
The internal audit (the Audit Committee and the Internal Audit Office) is a staff function of the Board of Directors, which its independence.
Audit Committee
The Audit Committee has 5 members, three of whom are members of the Board of Governors and two external members with no connection to the university. The members are appointed by the Board of Governors for a period of 4 years.
Internal Audit Office
There are 3 internal auditors working for the Internal Audit Office, all of whom are employees of the Ghent University.
Confidentiality
The basic principle is that all information obtained is treated as confidential. Audit reports are always confidential.
The internal auditors and the members of the Audit Committee have a duty of discretion and are subject to the Code of Ethics of The Institute of Internal Auditors.
Contact
Internal Audit Office
Campus Aula
Universiteitsstraat 8
9000 Ghent
T 09 264 83 33
E interneaudit@UGent.be