202 KAR 3:040. Internal audit procedures.

 

      RELATES TO: KRS 154A.050(2)(b), 154A.060(2)(a), (c)

      STATUTORY AUTHORITY: KRS 154A.050(1)(d), 154A.060(2)(c)

      NECESSITY, FUNCTION, AND CONFORMITY: KRS 154A.020(1) provides that the Kentucky Lottery Corporation shall be accountable to the Governor, the General Assembly and the people of the Commonwealth through a system of audits, reports and thorough financial disclosure. As a part of that system of accountability, the corporation is required, pursuant to KRS 154A.060(2)(c), to promulgate by administrative regulation a system of continuous internal audits. This administrative regulation establishes the system of continuous internal audits for the Kentucky Lottery Corporation.

 

      Section 1. Definitions. (1) "Board" means the Board of Directors of the corporation established by KRS 154A.030.

      (2) "Internal audit department" means the department head of internal audit, together with other employees of the corporation who are designated by the president of the corporation and approved by the audit committee.

 

      Section 2. Audit Committee. (1) The audit committee shall consist of:

      (a) No less than two (2), nor more than three (3), members of the board; and

      (b) The chairman of the board who shall serve as an ex-officio member.

      (c) Members of the audit committee shall be appointed by the chairman of the board and serve until the earliest of:

      1. Their resignation or removal from the board;

      2. The expiration of their terms as members of the board; or

      3. Their resignation or removal from the audit committee by majority vote of the board.

      (d) In appointing members to the audit committee, the chairman of the board shall give preference to members of the board who:

      1. Are certified public accountants, or certified internal auditors; or

      2. Otherwise possess expert knowledge in auditing, accounting, business, or commerce.

      (e) The members of the audit committee shall select a chairman from its members.

      (2)(a) Except as provided by paragraph (b) of this subsection, the chairman of the audit committee shall determine the date, time, and place of a meeting of the audit committee.

      (b) No more than two (2) regular meetings of the board shall have occurred between meetings of the audit committee.

      (c) At least one (1) member of the Internal Audit Department shall be present at a meeting of the audit committee.

      (d) If requested by the audit committee, a member of the corporation management shall be present at all or a part of the meeting of the audit committee.

 

      Section 3. Duties and Authority of the Audit Committee. (1) The audit committee shall oversee the operations and financial reporting procedures of the corporation and shall report and make recommendations to the board. It shall:

      (a) Review the adequacy of the corporation's system of internal control;

      (b) Review the organizational structure of the Internal Audit Department of the corporation and the activities and qualifications of its staff;

      (c) Review the findings made by the Internal Audit Department;

      (d) Assist the president and members of the Internal Audit Department in the hiring, evaluation, and promotion of Internal Audit Department personnel;

      (e) Conduct a review of the corporation management's monitoring of compliance with:

      1. The corporation's code of conduct;

      2. Applicable statutes, and administrative regulations; and

      3. Opinions governing the ethical behavior of the corporation and its employees;

      (f) Review the policies and procedures in effect for the review of expenses, perquisites, and benefits of corporation officers;

      (g) Review legal matters that could have a significant impact on the corporation's financial statements with the corporation's:

      1. Legal counsel; and

      2. If deemed appropriate, outside counsel;

      (h) Review the findings of an examination of the corporation or its operations by a regulatory agency;

      (i) Review audits conducted by the Auditor of Public Accounts or an independent auditor selected by the Auditor of Public Accounts;

      (j) Make recommendations relating to the hiring, evaluation, and promotion of personnel in the Internal Audit Department; and

      (k) Perform other oversight functions at the request of the board.

      (2)(a) A member of the audit committee may meet with:

      1. Corporation employees;

      2. The Auditor of Public Accounts, and designees; and

      3. Independent auditors.

      (b) An employee of the corporation may request to meet with the chairman of the audit committee.

      (c) The audit committee may hold a closed meeting pursuant to KRS 154A.050(7).

      (3) The audit committee shall:

      (a) Inform the board of its meetings and actions; and

      (b) Forward its reviews, reports, and recommendations to the board.

      (4)(a) The audit committee may institute a special investigation.

      (b) In the conduct of a special investigation, the audit committee may:

      1. Hire special outside counsel or experts; or

      2. Utilize the services of corporation employees, officers or directors.

      (c) The audit committee shall submit a report of its findings and recommendations to the board for its action.

 

      Section 4. Internal Audit Department. (1) In order to assist the president, the audit committee and the management of the corporation, the internal audit department shall furnish objective analyses, appraisals, recommendations and information concerning the operations of the corporation as follows:

      (a) Review the operations of the corporation to assure compliance with the systems, and policies and procedures established to ensure conformity with the applicable statutes and administrative regulations of the Commonwealth and other applicable governmental entities;

      (b) Review the operations of the corporation to assure compliance with the systems, and policies and procedures established by the corporation;

      (c) Review the reliability and integrity of financial and operating information;

      (d) Review and evaluate the means of safeguarding the assets of the corporation and, as appropriate, verify the existence and ownership of the assets by the corporation;

      (e) Appraise the economy and efficiency of the corporation in the use of resources;

      (f) Advise the management of the corporation and the board on the accounting, financial and operational policies, procedures and systems;

      (g) Coordinate, supplement and evaluate examinations of the corporation's activities by outside auditors, accountants and other review teams; and

      (h) Perform other oversight functions as requested by the audit committee or by the board.

      (2) The internal audit department shall report to the president for administrative purposes but shall report the results of its work directly to the audit committee and to the board.

 

      Section 5. The internal audit department shall perform audits in the following manner:

      (1) Prior to the end of each fiscal year, the department head of internal audit shall submit a proposed detailed internal audit plan for:

      (a) The next fiscal year for approval by the president;

      (b) Review by the audit committee; and

      (c) Approval by the board.

      (2) The audit committee shall forward its recommendations to the board.

      (3) The department head shall initiate audits pursuant to the approved plan, as may be revised with the approval of the president or the board, after its review of the recommendations of the audit committee.

      (4) Internal audit work shall be performed in accordance with standards established by the Institute of internal auditors and shall include:

      (a) Planning the audit;

      (b) Examining and evaluating the information;

      (c) Communicating results; and

      (d) Follow-up.

 

      Section 6. Procedure on Loss of Assets. (1) The internal audit department shall be notified if assets of the corporation have been, or are thought to have been, lost through defalcation or other security breaches in the financial or operating systems.

      (2) Immediately upon receipt of a notification, the department head of internal audit shall:

      (a) Request that the department head of security notify the proper authorities of the potential loss; and

      (b) Proceed with an investigation.

      (3) If the investigation reveals a loss, the internal audit department shall:

      (a) Identify the weakness in financial or operating procedures which enabled the loss to occur; and

      (b) Recommend to the president, the audit committee, and the board improvements to the procedures to correct the weakness.

 

      Section 7. Internal Audit Department Authority and Limitations. (1) The internal audit department shall have unrestricted access to all activities, records, properties, and personnel applicable to any area of the corporation under review.

      (2) The department head of internal audit shall develop a policy to assure the confidentiality of all matters reviewed, unless disclosure is required by law or internal audit procedures established by this administrative regulation.

      (3)(a) The internal audit department and its members shall not have direct authority over, or responsibility for, any of the activities reviewed by it.

      (b) The internal audit department and its members shall not develop or install procedures, prepare records, or engage in any other activity which could be reasonably construed to compromise its independence.

      (c) If the internal audit department participates in an activity that might be construed as compromising its independence, the activity shall be reviewed by an independent external auditor, if deemed necessary by the board, or recommended by the audit committee and approved by the board.

      (4) The internal audit department shall coordinate its efforts with those of the Auditor of Public Accounts and other external auditors who may be employed to achieve comprehensive, cost-effective audit coverage.

 

      Section 8. Continuing Education. (1) An auditor in the internal audit department shall annually obtain the same continuing education credits required by the Institute Of Internal Auditors for certified internal auditors.

      (2) The head of the Internal Audit Department shall monitor compliance with the continuing education requirements established by this section. (22 Ky.R. 1395; Am. 1825; eff. 4-5-96.)