Internal Auditor

Internal Audit Charter

Mission/Scope of Work 

The mission of the internal audit activity is to provide an independent, objective assurance and consulting services designed to add value and improve the University’s operations. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The scope of work of the internal audit activity is to determine whether the University’s network of risk management, control and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:

  • Risks are appropriately identified and managed.
  • Interaction with the various governance groups occurs as needed.
  • Significant financial, managerial and operating information is accurate, reliable, and timely.
  • Employees’ actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
  • Resources are acquired economically, used efficiently and adequately protected.
  • Programs, plans, and objectives are achieved.
  • Quality and continuous improvement are fostered in the University’s control process.
  • Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.

Opportunities for improving management control, profitability, and the University’s image may be identified during audits. They will be communicated to the appropriate level of management.

Accountability

The chief audit executive, in the discharge of his/her duties, shall be accountable to management, the President and the audit committee to:

  • Provide annually an assessment on the adequacy and effectiveness of the University’s processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.
  • Report significant issues related to the processes for controlling the activities of the University and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.
  • Periodically provide information on the status and results of the annual audit plan and the sufficiency of activity resources.
  • Coordinate with other control and monitoring functions (risk management, compliance, security, legal, and ethics, environmental, external audit) to conduct risk assessments and develop or recommend monitoring activities to evaluate the adequacy and effectiveness of internal controls.
  • Summarize reports and issues identified to him or her by each campus.

Each campus director, in the discharge of his/her duties, shall be accountable to their campus Chancellor and provide information, on request for the chief audit executive, to be presented at the Audit Committee including:

  • Provide annually an assessment on the adequacy and effectiveness of the campus processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.
  • Report significant issues related to the processes for controlling the activities of the campus and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.
  • Periodically provide information on the status and results of the annual audit plan and the sufficiency of activity resources.
  • Coordinate with other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, external audit) to conduct risk assessments and develop or recommend monitoring activities to evaluate the adequacy and effectiveness of internal controls.
  • Supply all work products issued to the chief audit executive, including an annual report.

Independence

To provide for the independence of the internal auditing activity, administration’s personnel report to the chief audit executive, who reports functionally to the audit committee and administratively to the President in a manner outlined in the above section on Accountability. The chief audit executive will include as part of the annual report to the audit committee a section on internal audit personnel. 

The campus directors will report to their campus Chancellor and provide information to the chief audit executive as outlined in the above section on Accountability.

Responsibility

The chief audit executive and staff of the central internal audit activity have responsibility to:

  • Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the audit committee for review and approval as well as periodic updates.
  • Implement the annual audit plan, as approved, including as appropriate, any special tasks or projects requested by management and the audit committee.
  • Maintain a professional administration audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
  • Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
  • Issue periodic reports to the audit committee and management summarizing results of audit activities.
  • Keep the audit committee informed of emerging trends and successful practices in internal auditing.
  • Provide a list of significant measurement goals and results to the audit committee.
  • Assist in the investigation of significant suspected fraudulent activities within the University, which is not accomplished by the campus internal audit functions, and notify management and the audit committee of the results.
  • Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.
  • Summarize information from the campuses on each item of responsibility below and provide it to the audit committee.

Each campus director and staff of the internal audit activity has responsibility to:

  • Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the Chancellor for review and approval as well as periodic updates. The Plan shall be presented to the audit committee annually.
  • Implement the annual audit plan, as approved, including as appropriate, any special tasks or projects requested by management and the audit committee.
  • Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
  • Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
  • Issue periodic reports to the chief audit executive and management summarizing results of audit activities.
  • Keep the chief audit executive informed of emerging trends and significant issues, as it relates to their campus.
  • Provide a list of significant measurement goals and results to the chief audit executive.
  • Assist in the investigation of significant suspected fraudulent activities within their campus and notify management and the chief audit executive of the results.
  • Consider the scope of work of the University-selected external auditors for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.

Authority

The chief audit executive and staff of the internal audit activity are authorized to:

  • Have unrestricted access to all functions, records, property and personnel.
  • Have full and free access to the audit committee (for campus directors and staff this should be accomplished through the chief audit executive).
  • Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
  • Obtain the necessary assistance of personnel in units of the University where they perform audits, as well as other specialized services from within or outside the University.

The chief audit executive and staff of the internal audit activity are not authorized to:

  • Perform any operational duties for the University or its affiliates.
  • Initiate or approve accounting transactions external to the internal auditing activity.
  • Direct the activities of any University employee not employed by the internal auditing activity, except to the extent such employees have been appropriately assigned to auditing teams or otherwise assist the internal auditors.

Standards of Audit Practice

Management's Responsibilities

Management is responsible for ensuring that systems of internal control are in place, good business practices are implemented and followed in all areas, compliance is maintained, fraud risks are identified and mitigated, and effective governance is established. This provides assurance that financial information and other management information are reliable, that University resources are used efficiently and effectively and that the potential for fraud is minimized. 

Management provides a written response to report recommendations issued within time frames requested by internal audit. Management is responsible to address issues identified by implementing recommendations or agreed-upon corrective action plans.

Access to the Audit Committee

Each campus director and staff of the internal audit activity has the ability to access the Audit Committee by requesting they be added to the next Audit Committee agenda.