Internal Audit Process

UCLASS Primary: GV310 – Internal Audit

Retention Rule Number: Specific Retention Rule 2015.04

Function/Activity: To document Internal Audit’s examination and evaluation of the adequacy and effectiveness of the organization’s governance, risk management and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the organization’s stated goals and objectives.

Description/Type of Records: Reports, minutes, memos, audit plan, records collected as evidence during audits and investigations, risk and control matrix, correspondence, metrics tracker, workbooks, working papers, process diagrams, risk assessments, audit program

Retention Rules

Office of Primary Responsibility (OPR) Retention Disposition
Internal Audit (IA)
     Audit Plan: Retain for 5 years to track completion of engagements Confidential shred or delete
     Facilitations: Retain for 5 years following completion of final report Transfer final “management” reports to University Archives for permanent preservation. Destroy records created and accumulated during the facilitation by confidentially shredding or deletion.
     Investigations: Retain for 5 years following completion of final report. Transfer final “management” reports to University Archives for permanent preservation. Destroy records created and accumulated during the investigation by confidentially shredding or deletion.
     Audit Engagements: Retain for current and one previous engagement cycle of unit under review Transfer final “management” reports to the University Archives for permanent preservation. Destroy records created and accumulated during the engagement by confidentially shredding or deletion.
     Metrics: Retain for 5 years to ensure all remediation actions included in the metrics have taken place. Confidential shred or delete.
     Audit Manual and Process Descriptions: Retain until superseded. Confidential shred or delete.

Restrictions:
Access to this series shall be limited to those with the authority for the following purposes:

  1. File and/or case management
  2. Legal review
  3. Research (at the discretion of the Director, Internal Audit)

Citations:
For Offices of Primary Responsibility (OPR):
Limitations Act, Chapter L-12, s.3(1).

Approval Information:

  • Allen Amyotte, Director, Internal Audit
  • Jo-Ann Munn Gafuik, Senior Specialist, Policy and FOIP
  • Bonnie Woelk, University Records Committee (Chair)

29 March 2016

Give feedback