(October 13, 2005)
Mission and Scope of Work
The mission of the Internal Audit Office is to provide independent, objective assurance and consulting services designed to add value and improve the University's operations and to meet the needs of the Board of Trustees and the University's executive management. The Office helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The scope of work of the Internal Audit Office is to determine whether the University's network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:
- Risks are appropriately identified and managed.
- Interaction with the various governance groups occurs as needed.
- Significant financial, managerial, and operating information is accurate, reliable, and timely.
- Employees' actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
- Resources are acquired economically, used efficiently, and adequately protected.
- Programs, plans, and objectives are achieved.
- Quality and continuous improvement are fostered in the University's control process.
- Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.
To provide for the independence of the Internal Audit Office, the Director reports functionally to the Trustee Audit Committee (TAC) and the President, and administratively to the Vice President for Finance and Administration in a manner outlined below in the section on Accountability.
The Director and Staff of the Internal Audit Office, in the discharge of their duties, shall be accountable to executive management and the TAC to:
- Report significant issues related to the processes for controlling the activities of the University and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.Periodically provide information on the status and results of the annual audit plan and the sufficiency of office resources.
- Coordinate with and provide oversight of other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, information systems and external audit).
The Director and Staff of Internal Audit Office have responsibility to:
- Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the TAC for review and approval as well as periodic updates.
- Implement the annual audit plan, as approved, including as appropriate any special tasks or projects requested by executive management and the TAC.
- Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
- Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
- Issue periodic reports to the TAC and management summarizing results of audit activities.
- Keep the TAC informed of emerging trends and successful practices in internal auditing.
- Provide a list of significant measurement goals and results to the TAC.
- Assist in the investigation of significant suspected fraudulent activities within the University and notify executive management and the TAC of the results.
- Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.
The Director and Staff of Internal Audit Office are authorized to:
- Have unrestricted access to all University functions, records, property, and personnel.
- Have full and free access to the TAC.
- Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
- Obtain the necessary assistance of personnel in units of the University where they perform audits, as well as other specialized services from within or outside the University.
The Director and Staff of the Internal Audit Office are not authorized to:
- Perform any operational duties for the University or its affiliates.
- Initiate or approve accounting transactions external to the Internal Audit Office.
- Direct the activities of any University employee not employed by the internal auditing office, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.
Standards of Audit Practice
The Director and Staff of the Internal Audit Office will abide by the Institute of Internal Auditors ' and the Information Systems Audit and Control Association's Codes of Ethics, and will conduct audit activities in accordance with the Standards for the Professional Practice of Internal Auditing issued by the IIA and the recommendations of the Association for College and University Auditors.