Internal Audit

Internal Audit

View of classroom through window from outside

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve Portland State University’s operations.

We are here to help PSU accomplish its mission and objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The authority and responsibilities of PSU's Internal Audit Office (IAO) are defined and approved by the PSU Board of Trustees. The Chief Executive of Equity, Audit & Compliance reports administratively to the President of PSU and functionally to the Executive and Audit Committee of the PSU Board of Trustees.

Our office performs four types of engagements:

  • Assurance services;
  • Consulting services;
  • Investigative engagements; and
  • Follow-up audits

We uphold the principles of integrity, objectivity, confidentiality, and competency as defined in the Institute of Internal Auditors Code of Ethics and adheres to the International Standards for the Professional Practice of Internal Auditing (Standards).

IAO employees are PSU employees and IAO works specifically to help PSU achieve its mission and objectives. Internal auditors at PSU are dedicated to helping colleagues by providing independent assessments specific to PSU's needs, and also offers consulting services and trainings to improve internal controls and risk mitigation processes at PSU.

Periodically, PSU has external auditors that conduct a variety of audits at the university. External auditors are not PSU employees, but are granted access to review records and interact with personnel within the scope and objectives of their audit engagement.

Three mandatory audit projects that are conducted each year by external auditors are the:

  1. Financial Statement Audit
  2. Single Audit
  3. NCAA Agreed Upon Procedures Engagement

In addition to these three mandatory audits at PSU, PSU may be audited periodically by organizations such as the Secretary of State – Oregon Audits Division, the Office of Inspector General, grantors, and/or organizations tasked with laws and regulations relating to health, safety, environmental requirements, and animal welfare.

Audit topics are identified as part of an annual risk assessment the Internal Audit Office (IAO) conducts. The primary goal of the annual risk assessment is to identify audit topics that will provided value to PSU’s governance processes and will provide reasonable assurance on the operating effectiveness of key operations at PSU. See the annual PSU Internal Audit Plan for more details on how audit topics are selected.

A risk assessment serves as a tool for management to share concerns about factors that may prevent the university from meeting its objectives. Auditors gather information that helps to assess risks in generally understood classifications such as high-risk, moderate risk, or low-risk events to the university as a whole. IAO considers multiple factors when assessing risk such as internal and external factors, the likelihood of a negative event occurring and the severity that event would have to PSU if it were to occur, trends within finances over a multi-year time period, and time elapsed since the last time an audit has occurred. IAO then works with the governance structure at PSU to collaborate on next steps to address the results of the risk assessment. The results are used to develop an annual internal audit plan which is vetted through leadership and approved by the President of PSU and the Board of Trustees.

PSU’s Internal Audit Office must go through an external peer review every 5 years to comply with the International Standards for the Professional Practice of Internal Auditing Standards. The results of the peer review are shared with the President of PSU and members of the Executive and Audit Committee. Moreover, IAO may be selected for an audit by external organizations such as:

The Internal Audit Charter, which was approved by the PSU Board of Trustees, defines the purpose, authority, and responsibility of the PSU Internal Audit Office (IAO). The charter grants the IAO full and complete access to any of the University’s records, physical properties, and personnel. 

No, the PSU Foundation is a separate entity from PSU. The PSU Internal Audit Office must obtain authorization from the PSU Foundation before conducting any assurance and/or consulting services for operations and/or transactions processed through the PSU Foundation.

Yes, you can make a formal request to the Director of Internal Audit, after you have obtained approval to submit the request from your supervisor (i.e. Dean, Director, etc…). The request will be reviewed by the Director of Internal Audit and President of PSU and a decision on the request will be communicated back to appropriate personnel. Due to finite resources, IAO may not be able to accommodate the request in the timeframe requested.

Yes, internal audit observation updates are provided to applicable management on a monthly basis. Throughout the audit project, management has the ability to provide further records and/or updated information to IAO to help address initial audit observations denoted. In addition, management must provide a management response to all formal recommendations made at the audit Exit Conference. This response is included in the final audit results provided to applicable management, the President of PSU, and the members of the Executive and Audit Committee of the Board of Trustees.