Statutes, codes, and regulations
Oregon Administrative Code
Chapter 125 - DEPARTMENT OF ADMINISTRATIVE SERVICES
Division 700 - INTERNAL AUDITING
Section 125-700-0140 - Planning and Reporting Responsibilities

Or. Admin. Code § 125-700-0140

Download
PDF
Current through Register Vol. 63, No. 12, December 1, 2024
Section 125-700-0140 - Planning and Reporting Responsibilities
(1) Each agency's Chief Audit Executive shall prepare an agency-wide risk assessment in accordance with audit standards.
(2) Each agency's Chief Audit Executive shall prepare an audit plan of engagements based on the most recent risk assessment. The plan should reflect the priorities of the internal audit function and be consistent with the agency's goals. Plan shall be reviewed and approved by the audit committee, along with any significant modifications to the plan. At least one risk-based audit shall be selected from the audit plan and performed annually.
(3) Each agency's Chief Audit Executive shall identify an audit topic related to governance and risk management at least once every five years. Examples of audit topics include ethics, diversity/equity/inclusion, strategic management, performance management, the alignment of information technology with the agency's strategies and objectives, systems in place to assure compliance with laws and regulations, and processes in place to prevent and detect fraud.
(4) Each agency's Chief Audit Executive shall provide information on the activities performed by the internal audit function covering the time period of July 1 through June 30 of the preceding year; to the Oregon Department of Administrative Services.
(a) The required information shall be submitted to the Oregon Department of Administrative Services no later than September 30th of each year and be included in the Statewide Annual Report on Internal Audit Activities.
(b) The information may include, but not be limited to:
(A) Staff Information such as education, certification, training, etc.
(B) Quality Assurance Reviews
(C) Audit Committee makeup
(D) Audit and/or Consulting Engagements performed
(E) Chief Audit Executive Reporting Structure
(F) Risk Assessments and Audit Plans
(G) Internal Audit Function Performance Measures
(c) Information not included in an agency's report must be available for review upon request of the Oregon Department of Administrative Services.
(d) Agency's shall provide DAS with supporting documentation related to submitted information upon request.
(5) The agency's Chief Audit Executive must periodically assess whether the purpose, authority, and responsibility, as defined in the audit charter, and resources required to accomplish the work continue to be adequate to enable the internal audit staff to accomplish their objectives. The result of this periodic assessment must be communicated to the audit committee and, if applicable, senior management.
(6) Completed risk assessments and internal audits need to be filed with the Audits Division of the Office of the Secretary of State.

Or. Admin. Code § 125-700-0140

DAS 1-2011, f. 6-23-11, cert. ef. 6-30-11; DAS 2-2014, f. 4-30-14, cert. ef. 5-1-14; DAS 3-2022, amend filed 04/27/2022, effective 5/1/2022

Statutory/Other Authority: ORS 184.360

Statutes/Other Implemented: ORS 184.360(3)