University of Virginia Library

Search this document 

expand section
expand section
expand section
expand section
expand section
expand section
expand section
expand section
collapse section
expand section
collapse section



OCTOBER 1, 2004


University of Virginia

It is the policy of the University to establish and support the Audit Department for the purpose of assisting management in the effective discharge of its responsibilities for the control of University resources.

The mission and objectives of the Audit Department are as follows:

To perform financial audits for the purpose of ensuring that:

  • (a) Cash, accounts receivable, and other assets of the University are promptly and completely recorded, accounted for, authorized and adequately safeguarded against losses and misappropriation.

  • (b) Liabilities of the University have been properly incurred and are properly recorded and discharged. Audits directed to financial accountability will include a review of records, source data, fiscal procedures and internal controls.

To perform operational audits for the purpose of ensuring that University operations are conducted efficiently, effectively, and in accordance with appropriate and adequately documented policies, plans, and procedures. Operational audits will encompass a review of the policies, plans, procedures, organizational structure, staffing, and output of the audited unit. These audits will also include evaluating the accomplishment of established objectives and goals for operations and programs.

To provide the Board of Visitors and senior management with an independent, fair and objective appraisal of the effectiveness of the University’s financial accountability systems and operational performance in accordance with the priorities established by the Director of Audits in coordination with the Board of Visitors, the President and the Executive Vice President and Chief Operating Officer and approved by the President and the Board of Visitors.

To provide management with constructive criticism and positive recommendations designed to strengthen and improve performance results and cost effectiveness of their operations.


University of Virginia


To inform the Board of Visitors and Senior University management of any financial irregularities, investigations, or other risks to the institution that the auditors discover during the course of their work.

The work of the Audit Department will be conducted in accordance with the Standards for the Professional Practice of Internal Auditing as promulgated by the Institute of Internal Auditors. Other professional standards, such as the Government Accounting Office “Yellow Book,” shall be utilized when appropriate.

The following policies identify the responsibilities of the Audit Department and provide guidelines for its interaction with all University departments and activities.

Organizational Responsibilities

The Director of Audits shall be responsible to the Board of Visitors but shall maintain a dual reporting relationship to both the Board and the President. The Director will seek input on the department’s activities from the Board of Visitors, the President, and the Executive Vice President and Chief Operating Officer. The Director will have unrestricted access to the President and the Board of Visitors. The Director is responsible for the direction of the audit function and for seeing that the results of examinations and actions taken are communicated to appropriate levels of University management and, as appropriate, the President and the Board of Visitors.

The Director of Audits will draft an annual audit plan and will solicit input on this plan from the Board of Visitors, the President, the Executive Vice President and Chief Operating Officer and other senior management of the institution. The plan will be submitted to the Board of Visitors for approval.

Nothing herein shall be construed as preventing the Director of Audits from consulting with the President and the Executive Vice President and Chief Operating Officer on activities of the department, its findings, or significant issues. Nor shall the President and the Executive Vice President and Chief Operating Officer be prevented from consulting with the Director of Audits as may be necessary to the execution of their duties.


University of Virginia


The Audit Department will give full consideration to scheduling special audit requests made by any department or activity. All requests should be in writing to the Director of Audits and state the purpose and scope of the audit.


The Audit Department will be organizationally and functionally independent from all University operations and will have no responsibility for the departments and activities being audited while being responsive to their needs and requirements. Because the Audit Department must be independent in carrying out its responsibility to monitor and evaluate control procedures instituted by management, the extent of audit work to be performed with respect to those procedures is limited to the assessment of such procedures.

The Audit Department normally performs tests of underlying records and documentary support for transactions. Accordingly, objectivity would be lost if the Audit Department participated in accumulating data or reconstructing records.

Authorities and Limitations

The Audit Department personnel will have complete, free and unrestricted access to all University departments, activities, records, properties and personnel, and is not to be restricted in their activities. Where appropriate, special arrangements will be made for the examination of confidential information.

Systems Planning and Development

The Audit Department will participate in the planning, development, implementation, and modification of major computer-based and manual systems to ensure that:

  • (a) adequate controls are incorporated in the system;

  • (b) thorough system testing is performed at appropriate stages;

  • (c) system documentation is complete and accurate; and


University of Virginia


  • (d) the resultant system is a complete and accurate implementation of the system specifications.

The Audit Department will conduct post-installation evaluations of major information technology systems to ensure that these systems meet their intended purpose and objectives. The department also will review computer operations supporting such systems to ensure that generally accepted standards for systems integrity and security, as well as system-specific controls, are being observed.

Security Investigations

The Audit, Risk Management and University Police Departments are to be notified if assets have been lost through defalcation or other security breaches. The Audit Department will perform sufficient tests and investigations to identify the weaknesses in procedures, which permitted the defalcation to occur. However, the investigation of the specific event with the objective of recovery and/or prosecution is the responsibility of the University Police Department, with the decision to prosecute being the responsibility of the appropriate Commonwealth’s Attorney.

Coordination With External Auditing Agencies

The Director of Audits will coordinate the department’s audit efforts with those of the University’s independent public accountants or other external auditing agencies by participating in the planning and definition of the scope of proposed audits so the work of all auditing groups is complementary, and their combined efforts provide comprehensive, cost-effective audit coverage for the University. Duplication of work will be avoided as much as possible.


Prior to the completion of a formal report, an exit conference will be conducted with the department or activity head. The conference will be a review of all findings, conclusions, and recommendations. A formal report will be issued at the conclusion of every audit, which will present a concise, clear and factual review of the conditions found, together with recommendations for improvement. A formal written response shall be issued to


the Director of Audits within 30 days addressing each finding, recommendation, and exception included in the audit report. This response will include the department’s or activity’s plan for implementing the recommendations or a presentation of significant disagreement with the findings and/or recommendations.

A follow-up review of significant audit recommendations will be made by the Audit Department to establish that agreed-to recommendations have been adopted. A memorandum will be issued on the follow-up review to the President and the Executive Vice President and Chief Operating Officer.

Distribution of Reports

Audit reports will be issued to the Vice President responsible for the department or activity involved. In addition, copies of all such reports will be distributed to the President, the Executive Vice President and Chief Operating Officer, and the senior fiscal administrator having a functional interest in the subject matter.

All audit reports will be available for review by the Board of Visitors.

A summary of significant audit findings will be prepared for each Board meeting and submitted to the Board of Visitors, the President, and the Executive Vice President and Chief Operating Officer.


University of Virginia
Code of Ethics & Statement of Values


Whereas, the success and reputation of the University as a premier center of learning and provider of public services is dependent upon public confidence in its operations and the integrity of its transactions; and

Whereas, the character of any organization is reflected not only by its aspirations and its standards but also by the ethics and behaviors of its leadership and staff; and

Whereas, the General Assembly of Virginia has enacted a comprehensive code of ethics which both defines and prohibits inappropriate and illegal conflicts of interests applicable state- wide to all governmental officers and employees; and

Whereas, the departments and schools of the University have likewise administratively enacted comprehensive personnel and procurement policies and procedures to promote objective fairness in their operations; and

Whereas, in recognition of the fundamental importance of integrity in all that the University does and undertakes, the Board of Visitors hereby adopts the following ethical principles to govern, guide and inspire the University community to the highest standard of ethical behaviors. These principles do not replace existing standards of conduct or personnel policies, nor obviate appropriate attention to professional ethics as may be applicable in specific circumstances.

Now therefore, with continued commitment to excellence and integrity, and to better serve the people of Virginia, the following principles are adopted applicable to all who act for or on behalf of the University of Virginia.

  • 1. We perform our public responsibilities, services and activities ethically, competently, efficiently and honestly, in keeping with University policy and applicable law.

  • 7

  • 2. We expect that all necessary and proper controls safeguarding public resources are in place and observed, with periodic auditing of functions and departments by the State Auditor of Public Accounts and/or the University Auditor who shall report directly to the Board of Visitors’ Audit and Compliance Committee.

  • 3. While in the service of the University, we conduct ourselves free of personal conflicts or appearances of impropriety, mindful that our exercise of authority on behalf of the University has been delegated fundamentally for the public good. Conflicting interests or influences are promptly disclosed to our superiors and appropriate steps are undertaken to promote the integrity of University business and other transactions.

  • 4. We do not accept anything of value offered in consideration of performing our public duties, other than the compensation, benefits and reimbursement of expenses duly authorized by the University or otherwise permitted by law. We do not accept any favor, loan, service, business or professional opportunity from anyone knowing (or when it should be known) that it is offered in order to improperly influence the performance of our public duties, or when acceptance thereof may reasonably be perceived as an impropriety in violation of University policy or state law. University procurements of goods or services are undertaken only by authorized personnel and, when competitive principles apply, decisions are made impartially and objectively in accordance with established policy and state law.

  • 5. We preserve and respect the confidentiality of University records, including patient and student records. We do not externally disclose confidential records or other non-public information without appropriate authorization, and any confidential record or information we access as a result of our position or duty is neither exploited for personal benefit nor misused for any unauthorized purpose.

  • 6. We are committed to the principles of federal and state law guaranteeing equal opportunity and non-discrimination with respect to University services, programs, activities and employment, and we support an environment that respects the rights and opinions of all people which, in the words of our Founder, promote “the illimitable freedom of the human mind.” Complaints of discrimination, harassment and


    retaliation are investigated and when warranted appropriate corrective action is taken and disciplined in accordance with University policy and applicable law.

  • 7. Our communications on behalf of the University with all persons, including co-employees, clients, customers, patients, students, guests and vendors, are conducted professionally and with civility.

  • 8. We do not condone dishonesty in any form by anyone, including misuse of University funds or property, fraud, theft, cheating, plagiarism or lying. We encourage and expect reporting of any form of dishonesty, and our managers and supervisors to appropriately investigate such reports. We also expect that the police and/or State Auditor of Public Accounts will be notified when circumstances reasonably indicate fraud or theft of University funds.

  • 9. We strive for continuous improvement in our performance of public duties for the University, mindful of the public cost to our activities which must be reasonable and appropriately authorized.

  • 10. We bring to the attention of supervisors and managers, the University Auditor or other responsible University office, any violation of these principles or circumstances reasonably indicating that a violation has occurred or may occur. Such reporting in good faith in order to promote the ethical integrity of operations is expected and encouraged by the University, and retaliation by any University employee as a result against the person making such good faith report shall be subject to disciplinary action. We appropriately investigate all such reports and, when warranted by the facts, require corrective action and discipline in accordance with University policy and state law.