MIT Audit Division
preload services preload about preload controls preload policies preload division preload committee preload home preload division restricted preload committee restricted
Services About Internal Controls at the Institute Policies, Procedures and Guidance Audit Division Activties: Restricted Access Audit Committee Activities: Restricted Access MIT Audit Division home

Internal Controls at the Institute

Internal Auditing

According to the International Standards for the Professional Practice of Internal Auditing, internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Audit review objectives encompass gaining an understanding of a business process and evaluating the adequacy and effectiveness of related controls.  When performing assurance reviews, Audit meets with relevant business process owners (auditees) to define the business objectives (operational, financial, compliance) of the process/area under review. A risk assessment is performed that incorporates identification and analysis of relevant risks which may prevent the achievement of objectives. Business processes are frequently flowcharted to assist in risk definition.  Audit analyzes management internal controls implemented by management to mitigate risk. Controls represent activities, including established policies and procedures, to ensure that management’s directives are implemented and applicable risks are managed. Controls are defined as key or secondary, preventive or detective, manual or automated, or a hybrid, and their frequency is established.  An audit program, which prescribes subsequent fieldwork to test key controls, is developed and executed.