1. Mission

The mission of IAD is to provide an independent and objective evaluation of the control environment at Touro. This is accomplished by engaging in consulting and investigative services designed to add value by improving Touro’s operations.

The Department is responsible for communicating to management those areas requiring control enhancements and provides improvement recommendations, as well as helping Touro improve the effectiveness of its risk management and governance processes.  Specifically, IAD performs the following tasks:

  1. Evaluate operations and internal controls to help ensure that:
    • Assets are safeguarded;
    • Policies, standards, and procedures are followed; and
    • Resources are obtained economically, used efficiently, and protected adequately.
  2. Partner with Touro’s stakeholders to help ensure controls are:
    • Properly implemented in connection with any new projects or initiatives;
    • Established, adopted, and followed by existing businesses, and currently operating effectively.
  3. Assess and make appropriate recommendations for improving governance processes.
  4. Identify and evaluate significant risks.
  5. Interact with various governance groups, committees, and regulators as needed.
  6. Evaluate the operating effectiveness of controls by determining whether controls are operating as intended and designed.

2. Independence

The Department must maintain its independence in order to be effective.  Independence permits the Department to carry out its work freely and objectively, and to render impartial and unbiased judgment, which is essential to achieving its goals. IAD has unrestricted access to the Audit Committee of the Board of Trustees of Touro and to the President of Touro. 

The Department reports to the Audit Committee and the President of Touro. IAD staff has no direct responsibility or authority over any operating activities of its clients/stakeholders, nor are IAD personnel permitted to relieve others of their duties and business functions. Specifically, the University’s Management and the Board of Directors are responsible for Touro’s operations.

The Chief Internal Auditor and all audit staff must attest to an annual conflict of interest statement disclosing of any known situation that may have the appearance of impairing his or her objectivity.  Copies of all annual attestations are maintained by the Department.

3. Authority

In coordination with the President or his designee, the Chief Internal Auditor and other designated IAD staff are authorized to:

  • Ensure execution of the four-quarter audit plan according to the Department’s methodology.
  • Have unrestricted access to all functions, records, property, and personnel, with the exception of those materials that may be confidential or privileged as determined by the Office of the General Counsel.
  • Have full and free access to the President and the Audit Committee.
  • Allocate resources, set audit budgets and review frequencies, determine audit scope and coverage, devise test plans, and apply techniques required to accomplish IAD objectives.
  • Request the necessary assistance of personnel in the various departments in which the audit is being performed, as well as other specialized services from within or outside Touro (such as outside legal services, for example).

IAD is not authorized to:

  • Perform any operational, day-to-day business functions or duties of Touro auditees/stakeholders, or its affiliates.
  • Initiate or approve accounting transactions.
  • Direct the activities of auditees/stakeholders, with the limited exception of the execution of closure verification testing to validate remediation of identified audit issues.
  • Violate any privilege or confidence by divulging or disclosing any proprietary Touro information.

4. Responsibility

Internal Audit is an independent function of Touro that assists management by providing findings and recommendations on the operations and the controls established within Touro.  The Internal Auditor works for and in conjunction with management to accomplish the objectives of the organization.

The Department is responsible for reviewing activities within the organization and reporting its findings, conclusions, and recommendations to the audited parties, Senior Management, and the Audit Committee.  The Department also assists Touro in reaching its goals by determining whether internal and operational controls exist and are functioning properly.  The Department ensures, within reason, the orderly and efficient operation of the various entities.  Further, the Department helps ensure the safeguarding of assets, the reliability of accounting records, and the timely preparation of reliable financial information.

The Department is responsible for:

  • Developing a risk-based annual audit plan including any risks or control concerns identified by Touro management. The plan is submitted to the Audit Committee for review, approval, and periodic updates.
  • Conduct risk assessments for the Touro audit entity universe to help drive the development of a risk-based audit plan.
  • Implementing the annual audit plan as approved by the Audit Committee, including any special tasks or projects as deemed appropriate and requested by the President and/or the Audit Committee.
  • Executing audits from initiation to completion including executing and documenting detailed walkthroughs of key processes to identify internal controls, developing, executing and overseeing substantive testing of control and related procedures, and ultimately reporting identified issues. Involvement in scope determination, development of audit planning memorandums, developing testing plans, review of staff fieldwork, issue identification and discussions with clients and report writing.
  • Reporting significant risk-related issues pertaining to the processes for controlling the activities of Touro and its affiliates, suggesting potential improvements to those processes, and providing information concerning such issues throughout the resolution effort.
  • Maintaining on-going communication with management to follow-up on previously identified audit issues, as well as execution of closure verification testing to validate remediation of previously identified audit issues.
  • Reporting at least quarterly to the President and the Audit Committee to provide information on the status and results of audit activities.
  • Assisting in the investigation of significant suspected fraudulent activities[1] within Touro and notifying the President and the Audit Committee of the results.
  • Considering the scope of work of the external auditor and regulators, as
    appropriate, for the purpose of providing optimal audit coverage to Touro at a reasonable cost.
  • Seeking approval of the Touro’s internal audit charter from the Audit Committee on an annual basis.
  • Maintaining a professional audit staff with sufficient knowledge, skills, experience, and professional development to meet the requirements of the charter.

5. Standards of Audit Practice

The Internal Audit Department adheres to the Institute of Internal Auditors’ Standards for the Professional Practice of Internal Auditing. In addition, the Department obtains guidance from the generally accepted authoritative auditing standards of other professional auditing organizations, such as:

  • The Association of Certified Fraud Examiners; and
  • The Information Systems Audit and Control Association


[1] Touro’s management is responsible for establishing and maintaining internal controls, including controls to discourage perpetuation of fraud. The Department is responsible for examining and evaluating the adequacy and effectiveness of those controls. Audit procedures alone are not designed to guarantee the detection of fraud.