The scope of work of the OIA is to determine whether the University’s network of compliance, risk management, control, and governance processes, as designed and represented by management, is adequate, reliable, and functioning in a manner to ensure:

• Risks are appropriately identified and managed;
• Resources are adequately protected;
• Interaction with the various governance groups occurs as needed;
• Significant financial, managerial, and operating information is accurate, reliable, and timely;
• Employees' actions are in compliance with policies, standards, procedures, and applicable laws and regulations;
• Resources are acquired economically, used efficiently, accounted for accurately, and protected from loss, theft, and destruction;
• Programs, plans, and objectives are achieved;
• Quality and continuous improvement are fostered in the University's control process; and
• Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.

Audit Comittee

The Audit Committee will consist of at least three (3) and no more than five (5) members of the Board of Trustees.  The Chairperson of the Board of Trustees will appoint Committee members and the Committee Chair; the Committee Chair shall have a strong financial background. To maintain the highest standards of independence and to mitigate potential conflicts of interest, the following individuals are designated as non-voting, ex-officio participants:

• The Chairperson of the Board of Trustees
• The Chairperson of the Finance Committee
• The University President

The Audit Committee shall 

• Ensure that the OIA has direct and unrestricted access to the Audit Committee Chair and other Committee members
• Review the internal audit function to ensure that independence is maintained and that adequate resources—both staffing and operating budget—are provided, while considering the University’s overall budgeting priorities, to enable the office to effectively fulfill its responsibilities.
• Review and approve the appointment or dismissal of the Chief Audit Executive (“the Internal Auditor”). Any allegations related to the Internal Auditor shall be reported to the University President and Chairman of the Audit Committee. Review and approve the Internal Audit Charter and annual plans for the Office of Internal Audit.
• Review the annual audit plan and results of the year’s work with the Internal Auditor.  Changes to the plan, including management requests for unplanned assignments, will be reviewed.
• Receive and review reports and other work prepared by the Internal Auditor that highlight and identify, if any, significant findings.
• Meet privately with the auditors (internal and external) without the University staff present at least annually.
• Foster a culture of risk awareness and accountability by incorporating annual trainings and self-assessment.

Accountability

The Internal Auditor, in the discharge of her/his duties, shall report directly to and be accountable to the Audit Committee to: 

• Report significant issues related to the processes for controlling the activities of the University and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution. 
• Periodically provides information on the status and results of the annual audit plan and the sufficiency of OIA resources.
• Coordinate with and provide oversight of other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, and external audit).

Independence and Objectivity

To ensure the impartial and unbiased judgment essential to the proper conduct of internal audits, the Internal Auditor shall report functionally to the Audit Committee of the Board of Trustees 
and administratively to the President of the University.  This structure ensures that internal auditors maintain objectivity and impartiality in their work. The Internal Auditor shall be selected by the Committee

Functional Reporting to the Audit Committee shall provide the Board with objective information on governance, risk management, and internal controls.  The Audit Committee shall approve the internal audit charter, the annual plan, the annual operating budget and the appointment, compensation and performance review of the Internal Auditor.

Administrative Reporting of the President shall facilitate the day-to-day administration of the OIA, to include expense approvals, leave requests, and general support. The President shall ensure the internal audit function is aligned with the University’s strategic direction, has access to necessary resources and foster information flow.

The OIA shall remain free of influence by any element of the University, including matters of audit selection, scope, procedures, frequency, timing, financial resources or report content to permit maintenance of an independent and objective mental attitude necessary in rendering audit services.

The Internal Auditor shall have no direct operational responsibility or authority over any of the activities she/he may review. Accordingly, the Internal Auditor shall not develop nor install systems or procedures, prepare records, or engage in any other activity which would normally be subject to audit.  The Internal Auditor will, however, engage with the parties responsible for a completed audit to ensure adherence to the recommendations and timely response. 

Authority

The Internal Auditor and staff are authorized to:

• Have full, free, and unrestricted access to all functions, records, property, and personnel, and all other information sources required to fulfill internal audit requirements and to perform other tasks required or requested by the Audit Committee or the President.
• Have full, free, and unrestricted access to the Chairperson of the Audit Committee.
• Perform risk assessments, allocate resources, set frequency, select subjects, determine scopes of work, and apply the techniques required to accomplish the objectives of audits, special reviews, and investigations.
• Obtain the necessary assistance of personnel from University organizations as well as other specialized services from within or outside the University, as needed and as funding allows.

The Internal Auditor and staff are not authorized to:

• Perform any operational duties for the University or its affiliates.
• Initiate or approve accounting transactions external to the OIA, except for monitoring executive expenses, as necessary. 
• Direct the activities of any University employee not employed by the OIA, except to the extent that such employee has been appropriately assigned to an audit team or to otherwise assist the Office of Internal Audit. 

Responsibilities

The Internal Auditor and staff have responsibility to:

• Develop an Annual Risk Assessment profile that is presented to the Audit Committee.
• Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by the Audit Committee and/or the President and Cabinet and submit that plan to the Audit Committee for review and 
  approval. 
• Implement the annual audit plan, as approved, including any special tasks or projects requested by the Audit Committee or the President. 
• Review management, financial, and operating processes and controls to appraise their soundness, reliability and adequacy in order to effectively advise the Audit Committee, President, Cabinet, and managers as to whether the systems of internal control established by the Board of Trustees and University management provide reasonable assurance of achieving effectiveness and efficiency of operations, reliability of operating processes, accuracy of financial reporting, and compliance with applicable laws and regulations.
• Perform advisory services, beyond internal auditing assurance services to the President and Cabinet, as requested.
• Establish documented standards for:
  • Performance, documentation, and reporting of audit activities;
  • Timely follow up to assess whether appropriate action has been completed to address reported audit findings and recommendations;
  • Continuing education and a systematic training program for internal auditors in accordance with professional standards; and
  • Appropriate minimum levels of audit staffing.
• Conduct investigations of significant suspected fraudulent activities and provide timely information with respect to material matters to keep the Audit Committee, the President and CFO informed. Provide consultation on current and proposed operating policies and procedures and changes in the system of internal controls.
• Review with internal, external, local or federal auditors the scope and results of their examination of the University’s annual financial statements and any other matters related to the conduct of the audit, which will be communicated to the Committee.
• Issue periodic reports to the Audit Committee and the President summarizing results of audit activities.
• Keep the Audit Committee and the President informed of emerging trends and successful best practices in internal auditing.
• Consider the scope of work of the external auditor and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable cost.
• Participate in a peer review program designed to assess and assure compliance with professional standards.

Reporting

At the conclusion of each audit activity, the Internal Auditor will prepare a draft report for discussion with appropriate management of the area audited. Management will be provided with a set time to respond to the draft report. The draft report will be finalized and provided to the management of the audited area timely. Management will provide a written response to the Internal Auditor, and the response will be included in the final issued report. The response should state concurrence or non-concurrence with each recommendation and should include a timetable for anticipated completion and the name of the employee responsible for implementing the recommendation. If management does not concur with the recommendation, then 
management must provide a rationale as to why management is willing to accept the risk associated with not implementing the recommendation.

In cases where a response is not included with the final, issued report, management of the audited
area should respond, in writing, to the Internal Auditor within thirty days of publication of the report, to the Internal Auditor.

The Internal Auditor shall be responsible for appropriate follow-up on audit findings and recommendations and provide an annual status report to the Audit Committee. All unimplemented recommendations will remain in an open issues file until cleared by the Internal Auditor. 

Professional Standards

The Office of Internal Audit shall adhere to the mandatory elements of The Institute of Internal Auditors' International Professional Practices Framework, which are the Global Internal Audit Standards, Topical Requirements, and the Code of Ethics, as promulgated by the Institute of Internal Auditors. The OIA is to utilize the Committee of Sponsoring Organizations (COSO) as the model for evaluating the adequacy of internal controls. All auditors are expected to conduct their work with integrity, objectivity, confidentiality, and competency.

Resource Management

The Internal Audit Department will work with the Audit Committee and the President to ensure adequate resources are allocated to fulfill its responsibilities, including staff training and development to maintain professional competency. 

Quality Assurance and Improvement

The Internal Audit Department will implement a quality assurance and improvement program to evaluate the effectiveness of the audit function and ensure compliance with professional standards. 

Periodic Assessment

The Internal Auditor will periodically assess the contents of this Charter to ensure that it remains adequate to enable the Office of Internal Audit to accomplish its objectives.

Amendments

Any amendments to this Charter must be approved by the Audit Committee and the Board of Trustees.