STATE OF NORTH CAROLINA COUNCIL OF INTERNAL AUDITING OFFICE OF INTERNAL AUDIT PEER REVIEW PROGRAM T7: SAMPLE SURVEY - INTERNAL AUDIT DIRECTOR Please respond in brief narrative form and with relevant attachments to the questions deemed applicable to your State agency and internal audit function. General Information Internal Audit Office: Internal Audit Director: Due Date: Peer Review Team Lead: Board Management and Oversight 1. Is there a written control policy for your State agency? If not, what policies are in place to ensure appropriate management control processes (e.g. ethics/conflict of interest policy, annual performance appraisals of staff, department status reports, organizational performance measures, policy manual, etc.?) Do you consider it adequate (e.g., covering enterprise risk, authorities and responsibilities, management controls, and accountabilities)? 2. Are you content with the audit committee's/board’s/commission's oversight of the IA function, expectations, support, and satisfaction? 3. Does the board (audit committee) get involved in the annual planning/budgeting for the IA function and do you consider their input adequate? 4. Are you satisfied with the method and the frequency of reporting to the board and meeting with it? 5. Are you content with executive management’s expectations, support, and satisfaction? 6. Are you satisfied with management’s involvement in the annual planning/budgeting for the department? Do you get adequate input on business strategy, enterprise risk, operating effectiveness, partnering opportunities, and potential consulting projects? 7. How often do you meet with the senior executive? Do you have copies of the agenda? Are the nature, frequency, and content of meetings with your most senior executive satisfactory? 8. Is your position in the State agency demonstrated through participation in strategic planning meetings, other executive gatherings, and receipt of timely communications? Charter and Audit Practice Environment 9. Does the IA charter set the tone for the mission of the IA function and your interaction with the board (audit committee) and senior management, and have their formal approval? 10. Is the charter current and relevant in view of any significant changes in the organization and in The IIA's International Standards for the Professional Practice of Internal Auditing (Standards)? 11. Does the charter establish an adequate role, authority, and scope of work of the IA function, and provide unrestricted access to records, information, locations, and employees? 12. Do the environment, culture, and empowerment within the IA function promote a customer orientation by providing appropriate frequent contact, quality work, and partnering relationships? T7-1 Sample Survey-Internal Audit Director STATE OF NORTH CAROLINA COUNCIL OF INTERNAL AUDITING OFFICE OF INTERNAL AUDIT PEER REVIEW PROGRAM 13. Does the IA function foster an identifiable culture of professionalism and continuous improvement? 14. Do staff exhibit an awareness and understanding of enterprise risk, corporate governance, business goals, and objectives, as well as of opportunities for service beyond traditional audit activities? Planning 15. Is there an audit universe of enterprise risks, management controls, and accountabilities that is assessed in a systematic manner to arrive at the annual and longer term IA function plan? 16. Were the State agency’s risk framework, strategic business plan, and technology plan all used in the planning process? 17. Was sufficient attention given to the IA function’s approach to auditing information technology? 18. Was the need for extensive and productive use of technology by the IA function taken into account? 19. Are funding, staff mix and skills, technology, and other resources sufficient to fulfill the plan? 20. Do planned engagements include appropriate statements of risks, control objectives, compliance with policies, plans, laws, and regulations; reliability/integrity of information, safeguarding assets, effective use of resources, and accomplishment of objectives/goals for operations/programs? Organizing 21. Does your State agency’s structure promote achievement of the IA function’s mission/goals? (Standards 1100 / 1110) 22. Do your policies, procedures, and practices contribute to achieving the mission/goals? 23. Are the competency models (position descriptions), performance standards, or other means used to enunciate the expectations and accountabilities of the staff? Staffing 24. Are you satisfied with the staff’s understanding of your vision, goals, and objectives? 25. Do the IA function’s recruiting and development policies and practices provide the necessary numbers and skills mix, giving particular attention to information technology skills? 26. Are staff views sought and considered for management and audit policy/planning deliberations? 27. Do supervisory practices support staff in improving their empowerment and accountability in areas such as the scope of audit coverage during the audit, rather than relying on a post-audit review? 28. Is the IA function involved in an executive development, rotation, or similar program using IA as a management resource for the State agency? Explain. 29. Do your auditors comply with The IIA’s Standards and Code of Ethics? Directing and Coordinating 30. Are audit planning procedures and control assessments used to understand the State agency’s risks and control processes to assure significant coverage/focus on the important business processes? 31. Does the scope of work in the individual audits satisfy the broader objectives set out in the annual planning process? 32. Are the audits of business processes designed and conducted to assess all the significant risks and controls for a value-added result for management? 33. Are issues disclosed in audit and consulting engagements reported in a timely manner? 34. Do your reports consider management’s comments, and are the issues presented in a manner to best serve management, with the focus on managing risk and improving business processes? (Standard 2410) T7-2 Sample Survey-Internal Audit Director STATE OF NORTH CAROLINA COUNCIL OF INTERNAL AUDITING OFFICE OF INTERNAL AUDIT PEER REVIEW PROGRAM 35. Do follow-up actions taken by the IA function determine, in a timely manner, whether or not management’s corrective actions actually achieve the desired results? (Standard 2500) 36. Is the work of the IA function adequately coordinated with the external auditors? Does this include sharing plans, training, audit reports, and working papers, as well as coordinated follow-up (Standard 2500)? 37. Are you satisfied with the extent to which the external auditors rely on your work? Quality/Process Improvement (Standard 1310) 38. What are the significant quality/process improvement actions currently underway or planned for the near term in the following areas: • Customer relations (e.g., partnering, self-assessment, and consulting on management processes)? • Reducing audit cycle time (e.g., early and frequent customer involvement in audit planning and audit results, reduction of reporting and follow-up intervals (Standard 2500), and streamlining audit procedures)? • Empowerment of staff and customers (e.g., self-review and accountability, organizational flattening and reduction of supervisory time, and team auditing)? • New technology and other enhancements to audit techniques? • Other areas — describe other quality processes and “best practices”? 39. Describe the IA function’s internal review and quality assessment program. Has it had an external assessment? How recently? (Standards 1311 / 1312) T7-3 Sample Survey-Internal Audit Director