AUDIT & ADVISORY SERVICES
INTERNAL AUDIT CHARTER
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve the University’s operations. It assists the University to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The objectives of internal auditing are to assist members of the University in the effective execution of their responsibilities. Internal auditing achieves this by providing analyses, appraisals, recommendations, and information concerning the activities and assets reviewed and by providing assurance on the effectiveness of controls, compliance, and safeguarding of assets.
Role of Audit & Advisory Services
Audit & Advisory Services (AAS) is responsible for conducting a comprehensive program of internal audits that encompasses all University operations, systems, and programs to assist the Board of Trustees and Management in the effective discharge of their responsibilities. The activities of AAS support the University in its assessment and improvement of the effectiveness of the internal control framework, risk management, and compliance processes.
Authorization and Access
AAS reports operationally to the Audit Committee of the Board of Trustees and administratively to the President of the University, with general guidance from the Provost and Executive Vice President. In accordance with the Audit Committee Charter adopted October 16, 2003, AAS is authorized to full, free, and unrestricted access to all University functions, records, resources, properties, and personnel in order to conduct its independent reviews thoroughly and effectively. All documents and information given to internal auditors during a periodic review will be handled in the same prudent and confidential manner as by those employees normally accountable for them.
Independence and Professional Conduct
AAS has complete independence with respect to the units under audit and, consequently, is not subject to restriction in the scope of its work by the operating unit or staff management. Further, Management does not place any restrictions on the scope of the audits. The general direction as to the scope of work and the activities to be audited originates from the Audit Committee and President, with periodic input from Management. This periodic input is generally in the form of special audit requests.
In performing its functions, AAS shall have no direct responsibility or authority over any of the activities reviewed. It shall not design and install procedures, initiate or approve accounting transactions, prepare records, or engage in any other activity that it would normally review and appraise and which could reasonably be construed to compromise, in appearance or in fact, its independence and objectivity. Therefore, internal audit reviews do not, in any way, substitute for or relieve other University personnel from their assigned responsibilities.
AAS’ objectivity is not adversely affected, however, by recommending standards, controls, or procedures to be applied in developing systems and processes. In selected instances, where appropriate, AAS may recommend or help design improved procedures or processes that enhance the internal control of an area it has audited; however, ownership of, and responsibility for, these materials remains with Management, not with AAS. Furthermore, objectivity is not compromised by evaluating financial and operating systems and related procedures and making recommendations for modifications and improvements to improve controls and enhance operational effectiveness.
AAS shall maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter. Individually and collectively, AAS staff members are responsible for conducting themselves professionally at all times. AAS is responsible for managing all sensitive information in a confidential manner and exercising due professional care in the performance of its audit procedures.
Audit Scope and Responsibilities
The scope of internal auditing encompasses the following activities:
- Review the adequacy and effectiveness of internal controls;
- Verify the existence of assets and ensure they are properly accounted for and safeguarded;
- Conduct special examinations and reviews; most notably, reported occurrences of fraud, embezzlement, or theft. AAS works in collaboration with Management regarding these matters and shall assist in recommending control procedures to prevent or detect such occurrences;
- Evaluate the reliability and integrity of Management’s information by reviewing general controls and computer security protocol over data processing.
- Appraise efficiency and effectiveness with which resources are deployed;
- Identify opportunities for performance improvement (including cost reductions and efficiency enhancements);
- Participate in the design/development of new business and computer systems.
- Review contracts and other agreements with outside firms providing goods and services as appropriate. Review the records and documentation of these outside firms when deemed necessary to ascertain compliance with contract terms;
- Review established systems, policies, and procedures to ensure the University is in compliance with applicable laws and regulations;
- Review the University’s compliance guidelines for ethical business conduct (including periodic conflict of interest and Hotline call resolution);
- Determine the extent to which established objectives and goals for operations or programs are being accomplished;
- When reportable conditions exist, provide adequate follow-up to Management to enable them to take corrective action.
- Present an annual audit plan and status updates to the Audit Committee for its review;
- Report audit findings and status of corrective action to the Audit Committee;
- In accordance with the annual engagement letter, coordinate and support the external auditors with their annual audits and internal control procedures.
AAS is also authorized to perform advisory and consulting services, beyond internal auditing assurance services, to assist Management in meeting its objectives. Examples may include facilitation, process design recommendations, and participation on committees.
Enterprise Risk Assessment
AAS is responsible for periodically performing an enterprise-wide risk assessment. This risk assessment provides information regarding risk factors relative to the various operations/functions of the University. Moreover, the assessment facilitates the development of the annual audit plan.
A written report will be prepared and issued by the Chief Audit Executive following the conclusion of each audit and will be distributed as appropriate. A summary of audit results will be provided to the Audit Committee on a periodic basis.
A written management response to an audit finding will be specifically indicated in the report. Normally, a time limit to respond to audit findings and recommendations will be specified when a response is required.
If the response to any audit finding is not considered adequate, AAS shall consult with the management of the function being audited and attempt to reach a mutually-agreeable resolution.
* * * * *
This charter represents the framework for the conduct of the internal audit function at the University. It is hereby approved by Executive Management, the Audit Committee, and the Chief Audit Executive.
Chairman of the Audit Committee of the Board of Trustees
Chief Audit Executive
Originally adopted: November 2004
Amended: October 2008
Amended: October 2011