2002 Regular Session
By: Representative Brown, Mayo, Eads, Whittington
AN ACT TO CREATE THE MISSISSIPPI INTERNAL AUDIT ACT; TO DECLARE THE PURPOSE AND APPLICABILITY OF THIS ACT; TO DEFINE CERTAIN TERMS; TO PROVIDE FOR AGENCY INTERNAL AUDIT DIRECTORS AND APPROPRIATE STAFF; TO PROVIDE QUALIFICATIONS FOR THE AGENCY INTERNAL AUDIT DIRECTOR; TO PRESCRIBE THE DUTIES OF THE AGENCY INTERNAL AUDIT DIRECTOR; TO PROVIDE PROFESSIONAL STANDARDS; TO PROVIDE FOR WORKING PAPERS AND REPORTS; TO REQUIRE FOLLOW-UP ON ISSUED REPORTS; TO PROVIDE FOR ACTIONS ON FINDINGS; TO PROVIDE FOR PROFESSIONAL DEVELOPMENT; TO PROVIDE FOR QUALITY CONTROL; TO ESTABLISH THE AUDIT COMMITTEE AND PRESCRIBE ITS DUTIES; TO PROVIDE A STATE INTERAGENCY INTERNAL AUDIT FORUM; TO REQUIRE ANNUAL REPORTS; AND FOR RELATED PURPOSES.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MISSISSIPPI:
SECTION 1. This act shall be known and may be cited as the "Mississippi Internal Audit Act."
SECTION 2. The purpose of this act is to establish a full-time program of internal auditing to assist in improving agency operations, to verify the existence of assets and to identify opportunities for cost savings and revenue enhancement. The agency internal audit director shall furnish independent analyses, appraisals and recommendations concerning the adequacy of each state agency's systems of internal control, and the efficiency and effectiveness of agency management in carrying out assigned responsibilities in accordance with applicable laws, rules and regulations. The internal auditing program shall evaluate and advise the organization in the establishment of controls necessary to accomplish agency goals and objectives at reasonable costs. The agency internal audit director shall be alert to the possibility of abuse or illegal acts, errors and omissions, and conflict of interest.
SECTION 3. The following words and phrases shall have the meanings ascribed herein, unless the context clearly indicates otherwise:
(a) "State agency" means and includes the Department of Finance and Administration, the State Tax Commission, the Department of Education, the State Department of Health, the Department of Mental Health, the Department of Agriculture and Commerce, the Mississippi Development Authority, the Department of Environmental Quality, the Department of Wildlife Fisheries and Parks, the Department of Corrections, the Division of Medicaid, the Department of Rehabilitation Services, the Department of Public Safety, the Mississippi Employment Security Commission, the Mississippi Department of Information Technology Services, the Public Employees Retirement System, the Mississippi Department of Transportation and the Mississippi Gaming Commission.
(b) "Agency head" means an elected official who heads an agency, an executive director or a governing board or commission responsible for heading an agency.
(c) "Agency internal audit director" means the person appointed by the agency head to direct the internal audit function for the state agency. Where consistent with responsibilities described in this act, the term agency internal audit director may also be referred to as inspector general, audit director, chief auditor or similar internal audit administrator descriptions.
(d) "Audit committee" means a standing committee external to organization management that collectively has the expertise to provide effective guidance regarding the acquisition and provision of internal audit services and to provide guidance in the provision of those services.
SECTION 4. The provisions of this act shall only apply to the following agencies: (a) the Department of Finance and Administration, (b) the State Tax Commission, (c) the Department of Education, (d) the State Department of Health, (e) the Department of Mental Health, (f) the Department of Agriculture and Commerce, (g) the Mississippi Development Authority, (h) the Department of Environmental Quality, (i) the Department of Wildlife, Fisheries and Parks, (j) the Department of Corrections, (k) the Division of Medicaid, (l) the Department of Rehabilitation Services, (m) the Department of Public Safety, (n) the Mississippi Employment Security Commission, (o) the Mississippi Department of Information Technology Services, (p) the Public Employees Retirement System, (q) the Mississippi Department of Transportation and (r) the Mississippi Gaming Commission.
SECTION 5. (1) Except as otherwise provided by subsection (2) of this section, each state agency shall, subject to available funding, employ an agency internal audit director who shall be appointed by the governing board or commission or the elected official or executive director or his counterpart of a state agency without a governing board or commission. The agency head shall ensure that the director is allowed to employ, subject to available funding, a sufficient number of professional and support staff to implement an effective program of internal auditing. Compensation, training, job tenure and advancement of internal auditing staff shall be based upon merit. The internal audit organization shall have organizational status outside the agency's staff or line management functions or units subject to audit, and shall be free of operational and management responsibilities that would impair the ability to make independent audits of any aspects of the agency's operations. An agency internal audit director may be terminated by the appointing authority after a seven (7) day notification period to the State Auditor and the Chairman of the Joint Legislative Committee on Performance Evaluation and Expenditure Review (PEER).
(2) The agency head of a state agency may outsource the internal audit function if he determines that it is more cost efficient than establishing the audit personnel and procedures provided in subsection (1) of this section. Internal audit services may not be outsourced to the same firm or individual who performs independent audit or other consulting services to the agency.
SECTION 6. The agency internal audit director shall possess the following qualifications:
(a) A bachelor's degree from an accredited college or university and five (5) years of progressively responsible professional auditing experience as an internal auditor or independent postauditor, electronic data processing auditor or any combination thereof. The auditing experience shall at a minimum consist of audits of units of government or private business enterprises, operating for profit or not for profit; or
(b) A master's degree from an accredited college or university and three (3) years of progressively responsible professional auditing experience as an internal auditor or independent postauditor, electronic data processing auditor or any combination therefor; or
(c) A certificate as a certified internal auditor issued by The Institute of Internal Auditors and three (3) years of progressively responsible professional auditing experience as an internal auditor or independent postauditor, electronic data processing auditor or any combination thereof; or
(d) A certificate as a Certified Public Accountant with at least three (3) years experience.
SECTION 7. The agency internal audit director shall:
(a) Report directly to the agency head or deputy agency head.
(b) Conduct financial, compliance, electronic data processing and operational and efficiency audits of agency programs, activities and functions and prepare audit reports of findings.
(c) Review and evaluate internal controls over agency programs, accounting systems, administrative systems, electronic data processing systems and all other major systems necessary to ensure accountability of the state agency.
(d) Develop long-term and annual audit plans to be based on the findings of periodic documented risk assessments. The plan shall show the individual audits to be conducted during each year and the related resources to be devoted to each of the respective audits. The audit plan shall ensure that internal controls are reviewed on a periodic basis. The plan shall be submitted to the agency head for approval and the audit committee for comment. A copy of the approved plan shall be available upon request to the state an/or legislative auditor or other appropriate external auditor to assist in planning and coordination of any external financial, compliance, electronic data processing or performance audit.
(e) The scope and assignment of the audits shall be determined by the agency internal audit director; however, the head of the agency may at any time request the agency internal audit director to perform an audit of a special program, activity, function or organizational unit.
SECTION 8. Audits shall be conducted in accordance with the Standards for the Professional Practice of Internal Auditing published by The Institute of Internal Auditors, Inc., and, when required by law, regulation, agreement, contract or policy, in accordance with Government Auditing Standards issued by the Comptroller General of the United States. All audit reports issued by internal audit staff shall include a statement that the audit was conducted pursuant to the appropriate standards.
SECTION 9. (1) Audit working papers and reports shall be public records to the extent that they do not include information which has been made confidential pursuant to law.
(2) When the agency internal audit director or a member of his or her staff receives from an individual a complaint or information protected by whistleblower or other legislation, the name or identity of the individual shall not be disclosed without the written consent of the individual, or unless required by law or judicial processes.
(3) The director and the internal audit staff shall have access to all personnel and any records, data and other information of the state agency deemed necessary to carry out assigned duties. The agency internal audit director shall maintain the confidentiality of any public records that are made confidential by law, and shall be subject to the same penalties as the custodian of those public records for violating confidentiality statutes.
SECTION 10. (1) At the conclusion of each audit, the agency internal audit director shall submit preliminary findings and recommendations to the person responsible for supervision of the program, activity, function or organizational unit being audited who shall respond in writing to any findings of the agency internal audit director within forty-five (45) working days after receipt of the findings. Such response and, if necessary, the agency internal audit director's response may be included in the final audit report.
(2) The agency internal audit director shall submit the final report to the head of the agency and the State Auditor.
SECTION 11. (1) No later than six (6) months after a financial, compliance, electronic data processing or performance audit is issued, the agency internal audit director shall inform the agency head and audit committee of the status of corrective actions taken by the agency manager responsible for supervision of the program activity, function or organizational unit audited.
(2) If a follow-up report is issued, the agency internal audit director shall submit the report to the head of the agency and the audit committee. The follow-up report shall be provided upon request to any legislative, executive or judicial branch oversight body, appropriate state and/or legislative auditor or other external auditor.
SECTION 12. (1) The state and/or the Joint Legislative Committee on Performance Evaluation and Expenditure Review (PEER) or other external auditor, in connection with planning independent postaudits of the same agency, shall give appropriate consideration to internal audit reports and the resolution of findings therein.
(2) Appropriate legislative committees may inquire into the reasons or justifications for failure of the agency to correct the deficiencies reported in internal audits.
SECTION 13. (1) The agency head shall make available to the internal audit director adequate resources to ensure the professional development and continuing professional education of the internal audit staff.
(2) The internal audit director shall cooperate with the state and/or legislative auditor or other external auditor in the exchange of technical assistance and access to current information concerning audit techniques, policies and procedures.
SECTION 14. Each agency internal audit organization should have an external quality control review at least once every three (3) years to determine compliance of issued reports with current Standards for the Professional Practice of Internal Auditing and/or, if appropriate, Government Auditing Standards. The review shall be performed by qualified persons who are independent of the organization and who do not have a real or apparent conflict of interest. The report issued on the external quality control review shall be a public record to the extent authorized by law.
SECTION 15. (1) There is created the audit committee which shall be comprised of one (1) member of the governing board or commission appointed by the chairman of the governing board or commission; however, in those cases where the agency has no board or commission, a person with expertise in the mission of the agency who is not an employee of the agency or contractor with the agency and who shall be appointed by the head of the agency, one (1) staff member of the Joint Legislative Committee on Performance Evaluation and Expenditure Review (PEER), appointed by the Director of PEER and one (1) staff member of the Department of Finance and Administration (DFA), appointed by the Executive Director of DFA. The audit committee shall monitor the activities of the agency internal and external audit activities.
(2) The audit committee shall:
(a) Review and approve the annual internal audit plan and budget, internal and external audit reports, follow-up reports and quality assurance reviews;
(b) Periodically meet with the agency internal audit director to discuss pertinent matters, including whether there are any restrictions on the scope of audits; and
(c) Not be compensated for services provided. However, they shall be reimbursed for travel expenses in accordance with authorizing law.
SECTION 16. A State Interagency Internal Audit Forum shall be established and composed of agency internal audit directors. The annual report shall include a comparison of the audit annual audit plan for the year with the actual audit report issued and an explanation for any differences. The purpose of the forum will be to promote the exchange of communication, to identify professional development needs and/or conduct or coordinate training programs, to share audit techniques and approaches, and to address ways to improve agency operations and systems of internal control. The forum will elect officers from its membership and shall meet periodically throughout the year.
SECTION 17. Within one hundred twenty (120) days after the end of each fiscal year, the agency internal audit director shall issue an annual report which separately lists audit reports issued, and other activities completed or in progress as of the end of the fiscal year. The annual report shall describe accomplishments of the internal audit activities. Copies of the report shall be provided to the Governor, the agency head and the audit committee. The annual report shall be provided upon request to any legislative, executive or judicial branch oversight body, and to the appropriate state and/or legislative auditor or other external auditor.
SECTION 18. If, during the course of an audit, an auditor determines that criminal activity may be involved, then investigative records shall be confidential until the audit is complete and shall be provided to the Attorney General to determine if a criminal prosecution shall proceed.
SECTION 19. This act shall take effect and be in force from and after July 1, 2002, and the agencies identified in this act shall comply with the provisions of this act not later than July 1, 2004.