Top of Page

Office of Internal Audit and Advisory Services

Section 3-9

Print/Download [ English | Spanish ]

  1. Chief Internal Auditor. The Chief Internal Auditor will lead the Office of Internal Audit and Advisory Services (IAAS). The Chief Internal Auditor is responsible for conducting internal audits and improving the internal audit process.
    1. Internal Audit must be independent of the activities it evaluates so that it may conduct its work freely and objectively. The personnel of IAAS report exclusively to the Chief Internal Auditor. The Chief Internal Auditor reports functionally to the Board for direction, accountability, ensuring a broad scope of audit coverage and sufficient authority of IAAS. The Chief Internal Auditor reports administratively (i.e., day-to-day operations) to the Chief Executive Officer.
    2. The Chief Internal Auditor, in execution of its duties, must:
      1. Provide the Board with an annual assessment on the adequacy and effectiveness of the district processes for controlling its activities and managing its risks in the areas under subsections (d) below and the Quality Assurance and Improvement Program subsection (h) below.
      2. Quarterly provide reporting to the Board on the status of the internal audit process.
  2. IAAS Purpose. The purpose and mission of the IAAS is to provide assurance and advisory services through independent and objective reviews to improve and enhance district processes and operations to contribute toward Chicago Public Schools’ mission, providing high-quality public education opportunities for every child.
  3. IAAS Authority.
    1. The IAAS has the authority to:
      1. Have full, free, and unrestricted access to all the district’s functions, records, information, property, and personnel in order to fulfill its objective as set by the Board.
      2. Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
      3. Obtain the necessary assistance and cooperation of personnel in departments of the district where audit activities are conducted, as well as other specialized services from within or outside the district, as appropriate.
    2. In order to maintain its independence and objectivity, IAAS is not authorized to:
      1. Perform any management or operational duties for the district.
      2. Initiate or approve accounting transactions external to IAAS.
  4. IAAS Scope of Work. The scope of work of the IAAS is to examine and evaluate the adequacy and effectiveness of risk management, internal controls and governance processes. IAAS manages and oversees district- and school-level audits and risk management activities that are designed to meet the following objectives:
    1. Evaluate the effectiveness of the department, school, or program’s internal controls and business practices to ensure operational and financial goals are met.
    2. Evaluate compliance with applicable laws, regulations, ordinances, Board rules, ethics policies, contracts, grants, and administrative policies and procedures.
    3. Assist department, school, or program management in integrating innovative business practices and strategies to improve organizational efficiency and effectiveness and minimize risks.
    4. Assess organizational risk, develop a risk-based internal audit plan and assist leadership to develop effective risk management strategies.
    5. All systems, processes, operations, functions, and activities within Chicago Public Schools (“the district”) are subject to IAAS evaluations. IAAS will identify opportunities for improving management controls and effectiveness and communicate opportunities to the appropriate levels of management.
  5. IAAS Responsibilities. The IAAS must:
    1. Keep the Executive Management Team and Board of Education appropriately informed on all relevant mission and audit plan matters to ensure effective communications and independence.
    2. Develop a flexible and risk-prioritized annual audit plan using an appropriate risk assessment methodology, including any risks or control concerns identified by management.
    3. Implement and conduct the annual audit plan, including as appropriate, any special tasks or projects requested by management and the Board.
    4. Provide periodic updates of audit plan accomplishments to the Executive Management Team and the Board as well as any modifications to the plan.
    5. Maintain professional integrity, attitude and audit staff competence with the sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Board Rule.
    6. Evaluate significant business, process, and organizational changes and assess their impact on the district’s control structure.
    7. Issue periodic reports to the Executive Management Team and the Board summarizing results of audit activities and highlighting significant issues identified and those that have been resolved.
    8. Partner with management on risk management activities and facilitate the Risk Committee to form strategic alliances to identify, assess, manage, and monitor risks so as to add value and drive improvements of the district’s operations. The Risk Committee Charter outlines authority, responsibility, and membership of the committee.
    9. Notify the Office of Inspector General if through the course of an audit or review fraud, waste, or abuse is encountered.
  6. Confidentiality. The IAAS will respect the value and ownership of information received and must not disclose information without appropriate authority unless there is a legal or professional obligation to do so. Professionalism and prudence in the use and protection of information acquired in the course of conducting Internal Audit activities must be exercised at all times.
  7. Standard of Professional Practice and Ethics. The IAAS must comply with the Standards for the Professional Practice of Internal Auditing of The Institute of Internal Auditors (IIA), and the IIA’s Code of Ethics.
  8. Quality Assurance and Improvement Program. The IAAS must maintain a quality assurance and improvement program that covers all aspects of the internal audit department. The program should include an evaluation of the internal audit department’s conformance with the IIA’s Standards for the Professional Practice of Internal Auditing and an evaluation of whether internal auditors apply the IIA’s Code of Ethics. The program should also assess the efficiency and effectiveness of the internal audit department and identify opportunities for improvement.

The Chief Internal Auditor will communicate to senior management and the Board on the internal audit department’s quality assurance and improvement program, including results of internal assessments (both ongoing and periodic) and external assessments conducted at least once every five years by a qualified, independent assessor or assessment team from outside the Chicago Public Schools.

Rule References

Final: Board Rule 3-9 was adopted on a Final basis at the September 22, 2021 Board Meeting [Board Report 21-0922-RU1].
Public Comment Pursuant to Board Rule 2-6 this Rule [3-9] was subject to Public Comment from 7/6/21-8/6/21 and was rescinded and adopted new on an interim basis at the June 23, 2021 Board Meeting [Board Report 21-0623-RU1].

Chicago Board of Education

(773) 553-1600

Contact Online (

1 North Dearborn, Suite 950
Chicago, Illinois 60602