MISSION
The mission of the Office of Internal Audit is to assist the Board of Trustees, Audit
Committee of the Board of Trustees, President, and University managers in the discharge
of their oversight, management, and operating responsibilities in relation to governance
processes, the systems of internal controls, and compliance with laws, regulations,
and University policies by providing relevant, timely, independent, and objective
assurance, advisory, and investigative services using a systematic, disciplined approach
to evaluate risk and improve the effectiveness of control and governance processes.
SCOPE
The scope of work of the Office of Internal Audit is to determine whether the University's
network of risk management, control, and governance processes, as designed and represented
by management, is adequate, reliable, and functioning in a manner to ensure:
- Risks are appropriately identified and managed;
- Resources are adequately protected;
- Interaction with the various governance groups occurs as needed;
- Significant financial, managerial, and operating information is accurate, reliable,
and timely;
- Employees' actions are in compliance with policies, standards, procedures, and applicable
laws and regulations;
- Resources are acquired economically, used efficiently, accounted for accurately, and
protected from loss, theft, and destruction;
- Programs, plans, and objectives are achieved;
- Quality and continuous improvement are fostered in the University's control process;
and
- Significant legislative or regulatory issues impacting the University are recognized
and addressed appropriately.
ACCOUNTABILITY
The Chief Audit Executive (Internal Auditor), in the discharge of his/her duties,
shall be accountable to the Audit Committee of the Board of Trustees (Audit Committee)
and the University President (President) to:
- Report significant issues related to the processes for controlling the activities
of the University and its affiliates, including potential improvements to those processes,
and provide information concerning such issues through resolution.
- Periodically provide information on the status and results of the annual audit plan
and the sufficiency of Office of Internal Audit resources.
- Coordinate with and provide oversight of other control and monitoring functions (risk
management, compliance, security, legal, ethics, environmental, and external audit).
INDEPENDENCE
To ensure the impartial and unbiased judgment essential to the proper conduct of internal
audits, the Chief Audit Executive (Internal Auditor) shall report functionally to
the Audit Committee and administratively to the President.
The Office of Internal Audit shall remain free of influence by any element of the
University, including matters of audit selection, scope, procedures, frequency, timing,
or report content to permit maintenance of an independent and objective mental attitude
necessary in rendering audit services.
The Internal Auditor shall have no direct operational responsibility or authority
over any of the activities he/she may review. Accordingly, the Internal Auditor shall
not develop nor install systems or procedures, prepare records, or engage in any other
activity which would normally be subject to audit.
AUTHORITY
The Internal Auditor and staff are authorized to:
- Have full, free, and unrestricted access to all functions, records, property, and
personnel, and all other information sources required to fulfill internal audit requirements
and to perform other tasks required or requested by the Audit Committee or the President.
- Have full, free, and unrestricted access to the Chairperson of the Audit Committee.
- Perform risk assessments, allocate resources, set frequency, select subjects, determine
scopes of work, and apply the techniques required to accomplish the objectives of
audits, special reviews, and investigations.
- Obtain the necessary assistance of personnel from University organizations as well
as other specialized services from within or outside the University, as funding allows.
The Internal Auditor and staff are not authorized to:
- Perform any operational duties for the University or its affiliates.
- Initiate or approve accounting transactions external to the Office of Internal Audit,
with the exception of monitoring executive expenses, as necessary.
- Direct the activities of any University employee not employed by the Office of Internal
Audit, except to the extent that such employee has been appropriately assigned to
an audit team or to otherwise assist the Office of Internal Audit.
RESPONSIBILITIES
The Internal Auditor and staff have responsibility to:
- Develop a flexible annual audit plan using an appropriate risk-based methodology,
including any risks or control concerns identified by the Audit Committee and/or the
President and Cabinet, and submit that plan to the Audit Committee for review and
approval.
- Implement the annual audit plan, as approved, including any special tasks or projects
requested by the Audit Committee or the President.
- Maintain a professional audit staff with sufficient knowledge, skills, experience,
and professional certifications to meet the requirements of this Charter.
- Review management, financial, and operating processes and controls to appraise their
soundness, reliability and adequacy in order to effectively advise the Audit Committee,
President, Cabinet, and managers as to whether the systems of internal control established
by the Board of Trustees and University management provide reasonable assurance of
achieving effectiveness and efficiency of operations, reliability of operating processes,
accuracy of financial reporting, and compliance with applicable laws and regulations.
- Provide recommendations to improve operating efficiency and internal controls.
- Establish documented standards for:
- Performance, documentation, and reporting of audit activities;
- Timely follow up to assess whether appropriate action has been completed to address
reported audit findings and recommendations;
- Continuing education and a systematic training program for internal auditors in accordance
with professional standards; and
- Appropriate minimum levels of audit staffing.
- Conduct investigations of significant suspected fraudulent activities and provide
timely information with respect to material matters to keep the Audit Committee and
the President adequately informed.
- Provide consultation on current and proposed operating policies and procedures and
changes in the system of internal controls.
- Issue periodic reports to the Audit Committee and the President summarizing results
of audit activities.
- Keep the Audit Committee and the President informed of emerging trends and successful
best practices in internal auditing.
- Consider the scope of work of the external auditor and regulators, as appropriate,
for the purpose of providing optimal audit coverage to the University at a reasonable
cost.
- Participate in a peer review program designed to assess and assure compliance with
professional standards.
REPORTING
At the conclusion of each audit activity, the Internal Auditor will prepare a draft
report for discussion with appropriate management of the area audited. Management
will be provided a set time to respond to the draft report. The draft report will
be finalized, and provided management of the audited area timely provides a written
response to the Internal Auditor, the response will be included in the final, issued
report. The response should state concurrence or non-concurrence with each recommendation
and should include a timetable for anticipated completion and the name of the employee
responsible for implementing the recommendation. If management does not concur with
the recommendation, then management must provide a rationale as to why management
is willing to accept the risk associated with not implementing the recommendation.
In cases where a response in not included with the final, issued report, management
of the audited area should respond, in writing, within thirty days of publication
of the report, to the Internal Auditor.
The Internal Auditor shall be responsible for appropriate follow up on audit findings
and recommendations. All unimplemented recommendations will remain in an open issues
file until cleared by the Internal Auditor.
PROFESSIONAL STANDARDS
The Office of Internal Audit shall adhere to the Standards for the Professional Practice
of Internal Auditing and the Code of Ethics, as promulgated by the Institute of Internal
Auditors.
PERIODIC ASSESSMENT
The Internal Auditor will periodically assess the contents of this Charter to ensure
that it remains adequate to enable the Office of Internal Audit to accomplish its
objectives.