The Enterprise Office of Internal Audit reports functionally to the Enterprise Assurance and Risk Committee of the Thomas Jefferson University Board of Trustees, supported by administrative reporting lines to the Chief Legal Officer.

Authorization & Responsibilities

Senior Management is responsible for establishing and maintaining internal controls for Jefferson. The Enterprise Office of Internal Audit is responsible for auditing, monitoring, and identifying appropriate corrective action. It does not in any way relieve Jefferson personnel of the responsibilities assigned to them to establish internal controls and efficient operations in their business units, and to assure that corrective action required by the audit is implemented and maintained.

In order to provide independent assurance to the Board and Senior Management, Internal Audit shall have full and complete access to any of the organization records, technology, physical properties, and personnel relevant to the performance of an audit. Documents and information given to internal auditors will be handled in the same prudent manner as by those employees normally accountable for them.

Since objectivity and independence are essential to the audit function, Internal Audit will not engage in any activity that would otherwise impair its independence. Internal Audit should not develop and install procedures, prepare records, or engage in activities that would normally be reviewed during the performance of their annual work plan. Internal Audit may, however, provide advice related to Management personnel, regarding internal control risks and measures that can be implemented to mitigate such risks.

Reporting Responsibilities

A written report will be prepared and issued following the conclusion of each audit. The manager or department head of the activity or department reviewed will be provided with a draft copy of the report, and is responsible for responding to specific comments or concerns on a timely basis. The response, which will indicate what actions were taken regarding specific report findings and recommendations, will be incorporated in the final report for distribution as appropriate.

The Enterprise Assurance and Risk Committee of the Board of Trustees will be provided with a summary report of any significant internal control risks identified by Internal Audit, the risk mitigation plans of Management to address such risks, and any outstanding corrective action plans from previously reported internal control risks.