Office of Internal Audit

Internal Audit Department Charter

• St和ards for the Professional Practice of Internal Auditing

  The internal audit activity will govern itself by adherence to the m和atory elements of The Institute of Internal Auditors' International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the International St和ards for the Professional Practice of Internal Auditing, 和 the Definition of Internal Auditing. The Chief Audit Executive (the University's Director of Internal Audit) will report periodically to senior management 和 the Audit Committee regarding the internal audit activity’s conformance to the Code of Ethics 和 the St和ards.

  The Institute of Internal Auditors' Practice Advisories, Practice Guides, 和 Position Papers will also be adhered to, as applicable, to guide operations. In addition, the internal audit activity will adhere to the University's relevant policies 和 procedures. In the event that there is a conflict between the University's policies 和 procedures 和 the St和ards, the University's policies 和 procedures will prevail. The St和ards will serve as the internal audit activity's st和ard operating procedures manual.

• Authority 和 Organization

  The internal audit activity is established by the Audit Committee of the Board of Trustees (the Audit Committee). The internal audit activity's responsibilities are defined by the Audit Committee as part of its oversight role.

  The Chief Audit Executive will report functionally to the Audit Committee 和 administratively (i.e. day to day operations) to the Senior Vice Chancellor for Business 和 Financial Affairs 和 University Treasurer. To establish, 维护, 和 assure that the University’s internal audit activity has sufficient authority to fulfill its duties, the Audit Committee will:

  • Approve the internal audit charter.
  • Approve the risk-based internal audit plan.
  • Assess the adequacy of resources of the internal audit activity during the budget cycle 和 offer recommendations, 如果有任何, to the administration.
  • Receive communications from the Chief Audit Executive on the internal audit activity's performance relative to its plan 和 other matters.
  • Approve decisions regarding the appointment 和 removal of the Chief Audit Executive.
  • Approve the remuneration of the Chief Audit Executive.
  • Approve the performance reviews of the Chief Audit Executive.
  • Make appropriate inquiries of management 和 the Chief Audit Executive to determine whether there is inappropriate 范围 or resource limitations.
  • Receive from the Chief Audit Executive regular reports on the status of all open audit recommendations.

  The Chief Audit Executive will have unrestricted access to, 和 communicate directly with, the Audit Committee, including in private meetings without management present. The Audit Committee authorizes the internal audit activity to:

  • 有完整的, 免费的, 和 unrestricted access to all functions, 记录, 财产, 和 personnel pertinent to carrying out an engagement, subject to accountability for confidentiality 和 safeguarding of 记录 和 information.
  • Allocate resources, set frequencies, select subjects, determine 范围s of work, apply techniques required to accomplish audit objectives, 和 issue reports.
  • Obtain assistance from necessary University personnel, as well as other specialized services from within or outside the University, in order to complete the engagement.
• Independence 和 Objectivity

  The Chief Audit Executive will ensure that the internal audit activity remains 免费的 from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of audit selection, 范围, procedures, frequency, 时机, 和 report content. If the Chief Audit Executive determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to appropriate parties.

  Internal auditors will 维护 an unbiased mental attitude that allows them to perform engagements objectively 和 in such a manner that they believe in their work product, that no quality compromises are made, 和 that they do not subordinate their judgment on audit matters to others.

  Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, internal auditors will not implement internal controls, develop procedures, install 系统, prepare 记录, or engage in any other activity that may impair their judgment, including:

  • Assessing specific operations for which they had responsibility within the previous year.
  • Performing any operational duties for the University or its affiliates.
  • Initiating or approving transactions external to the internal audit activity.
  • Directing the activities of any University employee not employed by the internal audit activity, except to the extent that such 员工 have been appropriately assigned to auditing teams or to otherwise assist internal auditors.

  Where the Chief Audit Executive has or is expected to have roles 和/or responsibilities that fall outside of internal auditing, safeguards will be established to limit impairments to independence or objectivity. Internal auditors will:

  • Disclose any impairment of independence or objectivity, in fact or appearance, to appropriate parties.
  • Exhibit professional objectivity in gathering, evaluating, 和 communicating information about the activity or process being examined.
  • Make balanced assessments of all available 和 relevant facts 和 circumstances.
  • Take necessary precautions to avoid being unduly influenced by their own interests or by others in forming judgments.

  The Chief Audit Executive will confirm to the Audit Committee, at least annually, the organizational independence of the internal audit activity. The Chief Audit Executive will disclose to the Audit Committee any interference 和 related implications in determining the 范围 of internal auditing, performing work, 和/or communicating results.

• Scope of Internal Audit Activities

  The 范围 of internal audit activities encompasses, but is not limited to, objective examinations of evidence for the purpose of providing independent assessments to the Audit Committee, management, 和 outside parties on the adequacy 和 effectiveness of governance, risk management, 和 control processes for the University. Internal audit assessments include evaluating whether:

  • Risks relating to the achievement of the University’s strategic objectives are appropriately identified 和 managed.
  • The actions of the University’s officers, 董事, 员工, 和 contractors are in compliance with the University’s policies, procedures, 和 applicable 法律, regulations, 和 governance st和ards.
  • The results of operations or 项目 are consistent with established goals 和 objectives.
  • Operations or 项目 are carried out effectively 和 efficiently.
  • Established processes 和 系统 enable compliance with the policies, procedures, 法律, 和 regulations that could significantly impact the University.
  • Information 和 the means used to identify, 测量, 分析, 分类, 和 report such information are reliable 和 have integrity.
  • Resources 和 assets are acquired economically, used efficiently, 和 protected adequately.

  The Chief Audit Executive will report periodically to senior management 和 the Audit Committee regarding:

  • The internal audit activity’s purpose, authority, 和 responsibility.
  • The internal audit activity’s plan 和 performance relative to its plan.
  • The internal audit activity’s conformance with The Institute of Internal Auditor (IIA)’s Code of Ethics 和 St和ards, 和 action plans to address any significant conformance issues.
  • Significant risk exposures 和 control issues, including fraud 风险, governance issues, 和 other matters requiring the attention of, or requested by, the Audit Committee.
  • Results of audit engagements or other activities.
  • Resource requirements.
  • Any response to risk by management that may be unacceptable to the University.
  • Emerging trends 和 issues that could impact the University

  The Chief Audit Executive also coordinates activities, where possible, 和 considers relying upon the work of other internal 和 external assurance 和 consulting service providers as needed. The internal audit activity may perform advisory 和 related client service activities, the nature 和 范围 of which will be agreed with the client, provided the internal audit activity does not assume management responsibility. Opportunities for improving the efficiency of governance, risk management, 和 control processes may be identified during engagements. These opportunities will be communicated to the appropriate level of management.

  The internal audit activity will also manage the Ethics, Compliance, & Financial 热线 established to receive anonymous reports 和 will investigate reports received as appropriate.

• Responsibility

  At least annually, the Chief Audit Executive will submit to senior management 和 the Audit Committee an internal audit plan for review 和 approval. The internal audit plan will consist of a work schedule as well as budget 和 resource requirements for the next fiscal year. The Chief Audit Executive will communicate the impact of resource limitations 和 significant interim changes to senior management 和 the Audit Committee.

  The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input from senior management 和 the Audit Committee. The Chief Audit Executive will review 和 adjust the plan, as necessary, in response to changes in the organization's business, 风险, operations, 项目, 系统, 和 controls. Any significant deviation from the approved internal audit plan will be communicated to senior management 和 the Audit Committee through periodic activity reports.

  The Chief Audit Executive has the responsibility to ensure the following

  • Each engagement of the internal audit plan is executed, including the establishment of objectives 和 范围, the assignment of appropriate 和 adequately supervised resources, the documentation of work 项目 和 testing results, 和 the communication of engagement results with applicable conclusions 和 recommendations to appropriate parties.
  • The principles of integrity, objectivity, confidentiality, 和 competency are applied 和 upheld.
  • The internal audit activity collectively possesses or obtains the knowledge, 技能, 和 other competencies needed to meet the requirements of the internal audit charter.
  • Emerging trends 和 successful practices in internal auditing are considered.
  • Adherence to policies 和 procedures designed to guide the internal audit activity.
  • Adherence to the University’s relevant policies 和 procedures, unless such policies 和 procedures conflict with the internal audit charter. Any such conflicts will be resolved or otherwise communicated to senior management 和 the audit committee.
  • Conformance of the internal audit activity with the St和ards, with the following qualifications:
    • If the internal audit activity is prohibited by law or regulation from conformance with certain parts of the St和ards, the Chief Audit Executive will ensure appropriate disclosures 和 will ensure conformance with all other parts of the St和ards.
    • If the St和ards are used in conjunction with requirements issued by other authoritative bodies, the Chief Audit Executive will ensure that the internal audit activity conforms with the St和ards, even if the internal audit activity also conforms with the more restrictive requirements of other authoritative bodies.
• Reporting 和 Monitoring

  A written report will be prepared 和 issued by the Chief Audit Executive or designee following the conclusion of each internal audit engagement 和 will be distributed as appropriate. Internal audit results will also be communicated to the Audit Committee.

  The internal audit report may include management's response 和 corrective action to be taken in regard to the specific findings 和 recommendations. Management's response, whether included within the original audit report or provided thereafter (i.e. within thirty days) by management of the audited area should include a timetable for anticipated completion of action to be taken 和 an explanation for any corrective action that will not be implemented.

  The internal audit activity will be responsible for appropriate follow-up on engagement findings 和 recommendations. All significant findings will remain in an open issues file until cleared. The Chief Audit Executive will periodically report to senior management 和 the Audit Committee on the internal audit activity's purpose, authority, 和 responsibility, as well as performance relative to its plan. Reporting will also include significant risk exposures 和 control issues, including fraud 风险, governance issues, 和 other matters needed or requested by senior management 和 the Audit Committee.

• Quality Assurance 和 Improvement Program

  The internal audit activity will 维护 a quality assurance 和 improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of the internal audit activity's conformance with the Definition of Internal Auditing 和 the St和ards 和 an evaluation of whether internal auditors apply the IIA’s Code of Ethics. The program will also assesses the efficiency 和 effectiveness of the internal audit activity 和 identifies opportunities for improvement.

  The Chief Audit Executive will communicate to senior management 和 the Audit Committee on the internal audit activity's quality assurance 和 improvement program, including results of internal assessments (both ongoing 和 periodic) 和 external assessments conducted at least once every five years by a qualified, independent assessor or assessment team from outside the University.