Statutes, codes, and regulations
Oregon Administrative Code
Chapter 125 - DEPARTMENT OF ADMINISTRATIVE SERVICES
Division 700 - INTERNAL AUDITING
Section 125-700-0135 - Agency Internal Audit Function Governance

Or. Admin. Code § 125-700-0135

Download
PDF
Current through Register Vol. 63, No. 12, December 1, 2024
Section 125-700-0135 - Agency Internal Audit Function Governance
(1) Agency internal audit functions shall be governed by appropriate professional auditing standards such as The Institute of Internal Auditors (IIA) International Professional Practices Framework (IPPF) or the Generally Accepted Government Auditing Standards (GAGAS) of the United States Government Accountability Office (GAO).
(2) To help ensure the integrity of the internal audit process, agency management shall take reasonable steps necessary to support the internal audit function in complying with the selected professional auditing standards. This may include obtaining audit related certifications, continuing professional education training and membership to professional auditing associations.
(3) The agency's internal audit charter shall formally define the internal audit function's purpose, authority, responsibility, and the professional auditing standards the function will follow. The internal audit charter must be approved and periodically reviewed by the audit committee and agency senior management.
(4) Internal audit staff shall have unrestricted access to all systems, processes, operations, functions, data, personnel, and activities within an agency as needed to perform job responsibilities.
(5) Each agency having an internal audit function shall establish and maintain an audit committee. The primary purpose of the audit committee is to enhance the quality and independence of the internal audit function, thereby helping ensure the integrity of the internal audit process. This is achieved at minimum by:
(a) Having a formal, written charter that establishes the audit committee's mandate, authority, and functional reporting relationship including the roles and responsibilities of the audit committee and its members. The charter must be approved and periodically reviewed by the audit committee and agency head.
(b) Include at least one qualified external member that is independent of agency management on the audit committee to enhance public accountability and transparency and increase independence of the internal audit activity.
(c) If the agency has a governing board or commission, the audit committee must include at least one board or commission member. This member can be used to meet the requirement listed in "(b)" above.
(d) The audit committee shall approve the risk-based internal audit plan. The audit committee shall also review internal audit reports on the progress of internal and external audit report findings and recommendations to determine whether proper corrective action has been completed or that senior management has assumed the risk of not taking the recommended corrective action.

Or. Admin. Code § 125-700-0135

DAS 1-2011, f. 6-23-11, cert. ef. 6-30-11; DAS 2-2014, f. 4-30-14, cert. ef. 5-1-14; DAS 3-2022, amend filed 04/27/2022, effective 5/1/2022

Statutory/Other Authority: ORS 184.360

Statutes/Other Implemented: ORS 184.360(3)