Skip to main content.

Internal Audit Charter

Policy Number T06-061
Effective Date November 08, 2006
Responsible Office/Person Board of Trustees

Doc. T06-061
Revised 2/24/10

Internal Audit Charter

Mission and role

The University Internal Audit office provides independent, objective assurance and consulting services to University Management and the Board of Trustees. -The office assists the University in accomplishing its objectives and improving operations by using a systematic, disciplined approach to evaluate and improve the effectiveness of control, risk management, and governance processes. The office is responsible for the coordination and monitoring of all audit matters of the University, including internal audits, external contracted audits, and those carried out by the Office of the State Auditor, as well as various federal and state agencies.

Independence

University Internal Audit reports functionally to the Audit Committee of the Board of Trustees and administratively to the University President. To maintain independence and objectivity, internal auditors shall have no direct operational responsibility or authority over any activities they review. Internal auditors do not develop and install procedures, prepare records, make management decisions, or engage in any other activity that could be reasonably construed to compromise their independence or impair their objectivity.

Authority

Authority is granted for full, free, and unrestricted access to any and all of the University's records, physical properties, and personnel as necessary to fulfill its objective. Information obtained will be maintained with appropriate confidentiality. The general scope of audit coverage is system-wide and no function, activity, or unit of the University is exempt from audit and review. Internal Audit shall also have free and unrestricted access to the members of the Audit Committee.

Responsibility

The scope of Internal Audit encompasses the examination and evaluation of the adequacy and effectiveness of the organization's governance, risk management process, and system of internal control structure. Assurances may be achieved by:

  • Reviewing the reliability and integrity of financial and operational information and the means used to identify, measure, classify, and report such information.
  • Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations that could have a significant impact on operations and reports.
  • Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
  • Reviewing and appraising the economy and efficiency with which resources are employed.
  • Reviewing operations or programs to ascertain whether results are consistent with established goals and objectives and whether the operations and programs are being carried out as planned.
  • Reviewing specific operations at the request of the Audit Committee or management, as appropriate.
  • Following-up on plans taken in response to audit observations and recommendations.
  • Developing an annual audit plan that addresses management and campus needs, with the flexibility to respond to unplanned needs as they arise.
  • Maintaining a professional audit staff with sufficient knowledge, skills, and other competencies to fulfill the Internal Audit responsibilities.
  • As per the Audit Committee Charter (Doc.T03-030), provide a quarterly summary, of a full, accurate, and complete disclosure of all University audit activity.

General protocol

Each campus Vice Chancellor for Administration and Finance will appoint a Campus Audit Liaison to function as the principal campus contact and coordinator for all campus audit matters. The Campus Audit Liaison will work with Internal Audit to ensure proper coordination and monitoring of all audit matters. The Senior Vice President for Administration, Finance, & Technology will appoint a University Audit Liaison with the responsibility of ensuring that campus action plan responses conform to established policy and procedure, and if necessary, will develop a separate University administration response to the audit report.

Internal audits

A notification statement of scope will be sent to appropriate persons prior to the start of any internal audit. An entrance conference outlining the purpose, scope, timing, and process of the audit will be held with the Campus Audit Liaison and representatives ofthe operation, department, or fund being reviewed. Certain audits may be carried out without prior notice, at the discretion of the Audit Director, where the element of surprise is necessary or in the best interests of the University. At fieldwork completion, a point listing and/or preliminary draft will be discussed, followed by an initial written draft audit report. An exit meeting will be held, if necessary, to discuss and conclude content and wording of the draft report. The campus will provide official action plan responses to all required observations within 30 days of receiving the final draft report. After appropriate University administration distribution, the final draft audit report will be submitted to the Audit Committee for their acceptance by vote.

External contracted audits

When necessary to engage an external audit firm for the performance of the University'S annual financial report and other audits requiring an independent certified public accounting firm due to regulatory agency requirements, the Audit Director will notify the Chair of the Audit Committee of the proposed purpose, scope, and a plan for contracting. The Chair will approve the proposed plan for solicitation of proposals from qualified independent external audit firms and appoint a selection committee as appropriate, or advise the Director as to the preference of the Audit Committee in leading the selection committee. The Director will request the Audit Committee to review and vote to approve the selections of the external audit firm. The Director will have the appropriate contract executed and act as contract administrator. All audit services contracts must be signed by the Senior Vice President for Administration, Finance, & Technology and Treasurer, the Director ofInternal Audit, and an authorized representative of the audit firm. Appropriate entrance and exit conferences will be conducted with the audit firm, applicable audit liaisons, and representatives ofthe audited entity. The campus will provide official action plan responses to all required observations within 30 days of receiving the final draft report. After appropriate University administration distribution, the final external audit report will be submitted to the Audit Committee for their acceptance by vote.

Other Federal & State agency audits

It is the responsibility of the Campus Audit Liaison to timely notify Internal Audit whenever an outside agency will be conducting an audit anywhere in the University. The Internal Audit office will provide assistance where required. All outside agency audit reports published, along with campus or administration official responses, will be included in periodic reports to the Audit Committee.

Confidentiality

All University draft audit reports, both internal and external, including supporting workpapers, notes and all other partial or whole documents, will be considered confidential until such time as they are accepted by the Audit Committee. After acceptance by the Audit Committee, reports or other audit related documents will not be publicly disclosed except as directed by law or other regulation, the Director of Audit, the University General Counsel, or the President.

Professional standards and ethics

The Internal Audit office has the responsibility to carry out its duties in accordance with The Institute of Internal Auditor's (IIA) International Standards for the Professional Practice of Internal Auditing and the Institute's Code of Ethics. Other professional standards and practice advisories followed by the office, where appropriate, include those of the Association of College and University Auditors (ACUA), the Information Security Audit and Control Association (ISACA) and the Association of Certified Fraud Examiners (ACFE).

Back to top of screen