Internal Audit Policy
Process Owner
Chief Financial Officer
Purpose
This document establishes authority and assigns responsibilities for GovC's Internal Audit Department.
Policy
It is GovC’s policy to maintain an Internal Audit Department to review and appraise the soundness, adequacy, and application of accounting, financial, and other operating controls. Internal Audit shall also monitor compliance with Corporate and local policies and procedures, GovC Standards of Ethics and Business Conduct, and regulatory requirements. Accordingly, the Internal Audit Department shall:
- 1. Provide audit services to management and the Audit Committee by appraising the soundness, adequacy, and application of accounting, financial, and other operating controls to promote effective internal control at a reasonable cost.
- 2. Assist management by providing timely analyses, appraisals, recommendations, and pertinent comments concerning the Company activities, policies and procedures reviewed.
- 3. Review for compliance with and application of established Company policies and procedures and compliance with governmental laws and regulations, where appropriate.
- 4. Assess the reliability and accuracy of management data developed within the Company, where appropriate.
- 5. Assess the adequacy of controls for safeguarding Company assets and, when appropriate, verify the existence of assets.
- 6. Assess the controls surrounding, and the security, reliability, accuracy, and effectiveness of, Company information technology resources.
- 7. Fully comply with relevant professional internal auditing practices and standards.
Responsibilities
All Employees
Fully support and cooperate with the Internal Audit process.
Company Management
1. Fully support and cooperate with the Internal Audit Department at all levels of operations.
2. Notify the Internal Audit Department or Corporate Compliance Department of significant new systems initiatives and process changes.
3. Provide the Internal Audit Department with complete access to all records, property, and personnel related to the performance of its duties and responsibilities.
4. Provide a written response to all Internal Audit reports received from the Internal Audit department, as requested.
5. Promptly inform the Internal Audit Department or Corporate Compliance Department of all known or suspected cases of wrongdoing involving ManTech’s financial assets.
6. Review and recommend to the Audit Committee changes to the Internal Audit Charter as necessary.
Internal Audit Department
Perform the following functions (including but not limited to):
1. Identify significant internal control risks and evaluate the effectiveness of risk management and risk mitigation activities.
2. Develop an audit plan of reviews and projects based on an ongoing assessment of the Company’s business risks and input received from management and the Audit Committee.
3. Consistent with the approved audit plan, assist management and the Audit Committee with the assessment of ManTech’s:
- a. Reliability and integrity of financial and operating controls.
- b. Efficiency and effectiveness of operations.
- c. Processes and controls to safeguard assets.
- d. Compliance with laws, regulations, and contracts.
- e. Compliance with established policies and procedures.
4. Provide management with a preliminary written report of the results and recommendations of each audit, analysis, review, or investigation performed. Ensure that final reports contain management’s responses to recommendations and are distributed to applicable members of management.
5. Assess the adequacy of actions taken to correct deficiencies in a timely manner. Perform follow-up reviews where necessary, document results, and report conclusions to management.
6. Review new and revised procedures and systems to provide input to management regarding the adequacy and cost effectiveness of internal controls.
7. Assist in the investigation of any significant fraudulent activities, as appropriate.
8. Perform special reviews and services requested by Company management or the Audit Committee.
9. Coordinate audit planning with ManTech’s independent auditors to ensure efficient and effective internal and external audit activities.
10. Provide assistance to the Audit Committee in evaluating the independent auditors’ performance.
11. Report quarterly to the Audit Committee (or more often if appropriate) significant results from completed or ongoing audits together with any actions taken.
12. Provide support for management’s required attestation on the adequacy of internal controls.
13. Maintain a professional staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of the Internal Audit Charter.
14. Keep management and the Audit Committee informed of emerging trends and successful practices in internal auditing.
Procedures
Internal Auditors
1. Schedule an entrance conference with the management of the area being audited to explain the purpose, scope, and timing of the review. Discuss with management any comments or concerns regarding the audit.
2. While performing the engagement, inform responsible management personnel of any potential findings and recommendations to solicit feedback and permit timely implementation of corrective action.
3. When the audit is completed, conduct an exit conference with responsible management personnel to:
- a. Determine that the facts are accurately stated.
- b. Decide whether further explanation is needed to provide more precise information to Corporate management.
- c. Ensure that such communication includes all significant findings, recommendations, and management responses.
4. Provide the Defense Contract Audit Agency (DCAA) with a summary of conditions, results, and recommendations for their use in evaluating the adequacy of the audit function.
5. Conduct follow-up reviews at an appropriate interval after corrective action was intended or changes in procedures were planned to have been implemented.
6. Resolve any findings that are not adequately addressed through a meeting that may include senior Internal Audit personnel, the Senior Vice President of Corporate Compliance, Senior Operations Management, and CFO.