Internal Audit Services is an independent objective VOICE for assurance and continuous improvement in collaborative pursuit of SCDOT objectives.
Visionary Objectivity Integrity Collaboration Excellence
Internal Audit Services is established by SC Code Section 57-1-360 and is further clarified by the State Auditor as part of its oversight function. As provided by SC Code Section 57-1-360(8)(2), Internal Audit Services is granted full, free, and unrestricted access to any and all records, physical properties, and personnel relevant to its scope and responsibilities.
Internal Audit Services adheres to the standards, professional practices, and code of ethics published by the Institute of Internal Auditors (TIA Standards).
Independence and Objectivity
To ensure independence, Internal Audit Services reports administratively and functionally to the State Auditor consistent with its enabling legislation. The State Auditor provides direct oversight, including approval for release of engagement reports. Internal Audit Services will work collaboratively with SCDOT leadership in developing an audit plan that appropriately aligns with SCDOT's mission and business objectives and reflects the business risks and other priorities identified by leadership and Internal Audit Services. To ensure objectivity, Internal Audit Services is not involved in the day-to-day operations or internal control procedures of SCDOT and has no direct responsibility or managerial authority over the programs and activities of SCDOT.
Scope and Responsibilities
The scope of Internal Audit Services' work includes the review of risk management, internal control, information systems, and governance processes through the provision of assurance services (defined as objective examinations of evidence for the purpose of providing an independent assessment) and consulting services (defined as advisory activities, the nature and scope of which are agreed with management). This work also involves periodic testing of transactions, best practice reviews, investigations, appraisals of legal and regulatory requirements, and measures to help prevent and detect fraud. To fulfill its responsibilities, Internal Audit Services shall:
- Facilitate SCDOT's implementation of an enterprise risk management (ERM) strategy. Subsequent to implementation, review the effectiveness of risk management practices.
- Review the effectiveness of internal control and governance processes established to ensure:
- Compliance with policies, plans, procedures, applicable laws and regulations, and business objectives.
- The reliability and security of financial and management information and supporting systems and operations that produce this information.
- The means of safeguarding assets including information technology hardware, software, systems, and data.
- Provide ongoing monitoring and annual audits of SCDOT's procurement card program.
- Review established processes and propose improvements.
- Appraise the use of resources with regard to economy, efficiency, and effectiveness.
- Carry out consulting activities, ad hoc appraisals, investigations, or reviews requested by SCDOT leadership.
- Provide independent appraisal services of program areas and activities as specified in grants, contracts, or agreements with external parties.
- Facilitate effective communication between SCDOT and external auditors by attending entrance and exit conferences; maintain a log to track reports, findings, responses, and corrective action.
- Maintain the audit staff s professional expertise through ongoing training and education.
- Receive complaints of alleged fraud, waste, abuse, mismanagement, or unethical acts; meet with SCDOT General Counsel and Human Resources Director to determine nature of complaint and who the investigator should be; report suspected criminal activities to the appropriate law enforcement authorities and assist, as needed, in investigations performed by authorities; report findings and recommendations to the Secretary of Transportation; and maintain confidential files of complaints, investigations, findings and actions.
Internal Audit Services is responsible for planning, conducting, reporting, and following up on internal audits. The results of each audit will be reported through a detailed audit report that summarizes the objectives and scope of the audit as well as observations and recommendations. In all cases, follow-up work will be undertaken to ensure adequate response to management's proposed risk responses and/or Internal Audit Services recommendations. Internal Audit Services reports will be delivered to the State Auditor for approval prior to distribution to the SCDOT Commission and the Legislative committee chairs identified in SC Code Section 57-1-360(B)(2).