The mission of the Office of Internal Audit is to assist the Board of Trustees, Audit Committee of the Board of Trustees, President, and University managers in the discharge of their oversight, management, and operating responsibilities in relation to governance processes, the systems of internal controls, and compliance with laws, regulations, and University policies by providing relevant, timely, independent, and objective assurance, advisory, and investigative services using a systematic, disciplined approach to evaluate risk and improve the effectiveness of control and governance processes.
The scope of work of the Office of Internal Audit is to determine whether the University's network of risk management, control, and governance processes, as designed and represented by management, is adequate, reliable, and functioning in a manner to ensure:
- Risks are appropriately identified and managed;
- Resources are adequately protected;
- Interaction with the various governance groups occurs as needed;
- Significant financial, managerial, and operating information is accurate, reliable, and timely;
- Employees' actions are in compliance with policies, standards, procedures, and applicable laws and regulations;
- Resources are acquired economically, used efficiently, accounted for accurately, and protected from loss, theft, and destruction;
- Programs, plans, and objectives are achieved;
- Quality and continuous improvement are fostered in the University's control process; and
- Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.
The Chief Audit Executive (Internal Auditor), in the discharge of his/her duties, shall be accountable to the Audit Committee of the Board of Trustees (Audit Committee) and the University President (President) to:
- Report significant issues related to the processes for controlling the activities of the University and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.
- Periodically provide information on the status and results of the annual audit plan and the sufficiency of Office of Internal Audit resources.
- Coordinate with and provide oversight of other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, and external audit).
To ensure the impartial and unbiased judgment essential to the proper conduct of internal audits, the Chief Audit Executive (Internal Auditor) shall report functionally to the Audit Committee and administratively to the President.
The Office of Internal Audit shall remain free of influence by any element of the University, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of an independent and objective mental attitude necessary in rendering audit services.
The Internal Auditor shall have no direct operational responsibility or authority over any of the activities he/she may review. Accordingly, the Internal Auditor shall not develop nor install systems or procedures, prepare records, or engage in any other activity which would normally be subject to audit.
The Internal Auditor and staff are authorized to:
- Have full, free, and unrestricted access to all functions, records, property, and personnel, and all other information sources required to fulfill internal audit requirements and to perform other tasks required or requested by the Audit Committee or the President.
- Have full, free, and unrestricted access to the Chairperson of the Audit Committee.
- Perform risk assessments, allocate resources, set frequency, select subjects, determine scopes of work, and apply the techniques required to accomplish the objectives of audits, special reviews, and investigations.
- Obtain the necessary assistance of personnel from University organizations as well as other specialized services from within or outside the University, as funding allows.
The Internal Auditor and staff are not authorized to:
- Perform any operational duties for the University or its affiliates.
- Initiate or approve accounting transactions external to the Office of Internal Audit, with the exception of monitoring executive expenses, as necessary.
- Direct the activities of any University employee not employed by the Office of Internal Audit, except to the extent that such employee has been appropriately assigned to an audit team or to otherwise assist the Office of Internal Audit.
The Internal Auditor and staff have responsibility to:
- Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by the Audit Committee and/or the President and Cabinet, and submit that plan to the Audit Committee for review and approval.
- Implement the annual audit plan, as approved, including any special tasks or projects requested by the Audit Committee or the President.
- Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
- Review management, financial, and operating processes and controls to appraise their soundness, reliability and adequacy in order to effectively advise the Audit Committee, President, Cabinet, and managers as to whether the systems of internal control established by the Board of Trustees and University management provide reasonable assurance of achieving effectiveness and efficiency of operations, reliability of operating processes, accuracy of financial reporting, and compliance with applicable laws and regulations.
- Provide recommendations to improve operating efficiency and internal controls.
- Establish documented standards for:
- Performance, documentation, and reporting of audit activities;
- Timely follow up to assess whether appropriate action has been completed to address reported audit findings and recommendations;
- Continuing education and a systematic training program for internal auditors in accordance with professional standards; and
- Appropriate minimum levels of audit staffing.
- Conduct investigations of significant suspected fraudulent activities and provide timely information with respect to material matters to keep the Audit Committee and the President adequately informed.
- Provide consultation on current and proposed operating policies and procedures and changes in the system of internal controls.
- Issue periodic reports to the Audit Committee and the President summarizing results of audit activities.
- Keep the Audit Committee and the President informed of emerging trends and successful best practices in internal auditing.
- Consider the scope of work of the external auditor and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable cost.
- Participate in a peer review program designed to assess and assure compliance with professional standards.
At the conclusion of each audit activity, the Internal Auditor will prepare a draft report for discussion with appropriate management of the area audited. Management will be provided a set time to respond to the draft report. The draft report will be finalized, and provided management of the audited area timely provides a written response to the Internal Auditor, the response will be included in the final, issued report. The response should state concurrence or non-concurrence with each recommendation and should include a timetable for anticipated completion and the name of the employee responsible for implementing the recommendation. If management does not concur with the recommendation, then management must provide a rationale as to why management is willing to accept the risk associated with not implementing the recommendation.
In cases where a response in not included with the final, issued report, management of the audited area should respond, in writing, within thirty days of publication of the report, to the Internal Auditor.
The Internal Auditor shall be responsible for appropriate follow up on audit findings and recommendations. All unimplemented recommendations will remain in an open issues file until cleared by the Internal Auditor.
The Office of Internal Audit shall adhere to the Standards for the Professional Practice of Internal Auditing and the Code of Ethics, as promulgated by the Institute of Internal Auditors.
The Internal Auditor will periodically assess the contents of this Charter to ensure that it remains adequate to enable the Office of Internal Audit to accomplish its objectives.