Stonebridge University is committed to maintaining the highest standards of academic integrity, operational excellence, and regulatory compliance. The Internal Audit Policy establishes a structured and independent framework to evaluate the effectiveness of the university’s governance, risk management, and internal control systems.

Internal audit is a key component of institutional accountability and continuous improvement. Through systematic review and objective assessment, the university ensures that its academic, administrative, financial, and operational activities align with its strategic objectives and legal obligations.

2.1 Purpose

The purpose of this Internal Audit Policy is to:

• Safeguard the university’s assets and reputation.
• Ensure compliance with applicable laws, regulations, and accreditation requirements.
• Evaluate the effectiveness of governance, risk management, and internal control systems.
• Promote transparency, accountability, and ethical conduct.
• Identify areas for operational improvement and efficiency.

2.2 Scope

This policy applies to:

• All academic departments and faculties.
• Administrative and support services.
• Financial management and procurement processes.
• Online learning systems and digital infrastructure.
• External partnerships, contractors, and third-party service providers where relevant.

The scope of internal audit activities includes, but is not limited to:

• Academic quality assurance processes.
• Financial reporting and budget management.
• Compliance with accreditation standards and regulatory frameworks.
• Information security and data protection systems.
• Student services and administrative processes.

Internal audit is an independent, objective assurance and consulting activity designed to add value and improve the university’s operations. It helps the university accomplish its objectives by bringing a systematic and disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes.

4.1 Independence and Objectivity

Internal audit activities shall remain independent from operational management. Auditors must perform their duties objectively and without conflict of interest.

4.2 Integrity and Confidentiality

All audit activities will be conducted with professionalism and integrity. Information obtained during audits will be treated as confidential and shared only with authorised individuals.

4.3 Transparency and Accountability

Audit findings and recommendations will be clearly documented and communicated to relevant stakeholders. Senior management is responsible for implementing corrective actions.

4.4 Risk-Based Approach

Audit planning will be based on a structured risk assessment process to ensure that areas of highest risk receive appropriate attention.

5.1 Governing Body / Board of Directors

• Approve the Internal Audit Policy.
• Ensure the independence of the internal audit function.
• Review significant audit findings and monitor corrective actions.

5.2 Senior Management

• Support internal audit activities.
• Ensure timely implementation of audit recommendations.
• Provide access to necessary documentation and systems.

5.3 Internal Audit Function / Internal Auditor

• Develop an annual risk-based audit plan.
• Conduct audits in accordance with professional standards.
• Report findings, risks, and recommendations to senior management and the governing body.
• Follow up on the implementation of corrective actions.

5.4 Department Heads

• Cooperate fully during audit activities.
• Provide requested information in a timely manner.
• Implement agreed corrective measures.

6.1 Annual Audit Planning

An annual audit plan will be prepared based on institutional risk assessments, regulatory requirements, previous audit findings, and strategic priorities. The plan will be reviewed and approved by senior leadership or the governing body.

6.2 Audit Engagement

Each audit will include:

• Definition of audit objectives and scope.
• Review of relevant policies, procedures, and documentation.
• Interviews with relevant personnel.
• Testing of internal controls and processes.

6.3 Audit Reporting

Upon completion of an audit, a formal report will be issued including:

• Summary of findings.
• Identified risks and control weaknesses.
• Recommendations for improvement.
• Management responses and action plans.

Reports will be distributed to relevant management and, where appropriate, to the governing body.

6.4 Follow-Up and Monitoring

The internal audit function will monitor the implementation of agreed corrective actions. Follow-up reviews may be conducted to ensure that deficiencies have been adequately addressed.

The Internal Audit function supports compliance with:

• National higher education regulations.
• Accreditation body requirements.
• Data protection and privacy laws.
• Financial reporting standards.
• Institutional policies and codes of conduct.

Where necessary, the university may engage external auditors to provide additional independent assurance.

All audit documentation, working papers, and reports will be securely stored and handled in accordance with the university’s Data Protection Policy. Sensitive information obtained during audits shall not be disclosed without proper authorisation, except where required by law.

Internal audit outcomes will be analysed to identify recurring risks, systemic issues, and improvement opportunities. Findings will contribute to:

• Policy revisions and updates.
• Staff training initiatives.
• Process optimisation.
• Strategic decision-making.

The effectiveness of the Internal Audit function will be periodically evaluated to ensure alignment with best practices in higher education governance.

This Internal Audit Policy will be reviewed annually or as required due to:

• Changes in legislation or regulatory requirements.
• Institutional restructuring.
• Strategic developments.
• Recommendations arising from audit activities.

Any revisions will be approved by the governing body and communicated to relevant stakeholders.

Stonebridge University recognises the critical importance of internal audit in safeguarding institutional integrity, maintaining regulatory compliance, and enhancing operational effectiveness.

By implementing a structured and independent Internal Audit framework, the university demonstrates its commitment to transparency, accountability, and continuous improvement in delivering high-quality online education.