Doc. T06-061, as amended
Passed by the Board of Trustees on November 8, 2006
Latest revision: December 10, 2020

Mission and Purpose

University Internal Audit (Internal Audit) office provides independent, objective assurance and consulting services designed to add value and improve the University’s operations. Internal Audit helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of control, risk management, and governance processes. Internal Audit is guided by The Institute of Internal Auditors International Professional Practices Framework, including its mandatory elements the International Standards for the Professional Practice of Internal Auditing, Core Principles for the Professional Practice of Internal Auditing, Definition of Internal Auditing and Code of Ethics.

Internal Audit is responsible for the coordination and monitoring of all audit activity throughout the University, including, but not limited to, internal audits, external contracted audits as well as federal and state audits.

Independence

Internal Audit reports functionally to the Audit Committee of the Board of Trustees and administratively to the University President. Internal Audit shall have free and unrestricted access to Senior Management and the members of the Audit Committee. To maintain its independence and auditor objectivity, Internal Audit shall have no direct operational responsibility or authority over any activities it reviews. In addition, Internal Audit does not develop and implement procedures, prepare records, make management decisions or engage in any other activity that could be reasonably construed to impair its independence and auditor objectivity.

Authority

Authority is granted to Internal Audit to have full, free and unrestricted access to any and all of the University’s records, physical properties and personnel as necessary to fulfill its mission and purpose. Information obtained will be maintained with appropriate confidentiality. The scope of audit coverage is University-wide with no function, activity, or unit of the University being exempt. No University personnel may interfere with the determination of Internal Audit’s scope, its performance of work or communicating results.

Responsibility

The scope of Internal Audit’s responsibilities encompasses the examination and evaluation of risk exposures and the adequacy and effectiveness of the University’s controls, governance, operations, risk management and information systems, including the performance of the following:

  • Developing a risk based audit plan consistent with University goals, with the flexibility to respond to unplanned needs and presenting it for the Audit Committee’s approval;
  • Reviewing the reliability and integrity of financial and operational information and the means used to identify, measure, classify, and report such information;
  • Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations that could have a significant impact on operations and reporting;
  • Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets;
  • Reviewing and appraising the effectiveness and efficiency with which resources are employed;
  • Reviewing operations or programs to ascertain whether results are consistent with established strategic goals and objectives and whether the operations and programs are being carried out as planned;
  • Assessing the effectiveness of University’s ethics-related objectives, programs and activities;
  • Assessing whether information technology governance supports the University’s strategies and objectives;
  • Consulting engagements based on the potential to improve controls, governance, risk management, information systems and operations to the extent agreed upon with Management;
  • Investigating allegations of ethics violations and fraud;
  • Reviewing specific information systems or operations at the request of the Audit Committee or Management, as appropriate;
  • Following-up on Management’s action plans reported in response to audit observations and recommendations;
  • Maintaining a professional audit staff with the knowledge, skills, and other competencies needed to fulfill Internal Audit’s responsibilities;
  • Developing and maintaining a quality assurance and improvement program that includes internal self-assessments, ongoing monitoring and an independent external assessment performed once every five years that covers Internal Audit activity; and
  • As per the Audit Committee Charter (Doc.T03-030), providing the Audit Committee with a periodic report of all audit activity at the University and an opportunity to annually review and approve the Internal Audit Charter.

General Protocol

Audit Liaison

The Senior Vice President and Vice Chancellors for Administration and Finance will appoint an Audit Liaison to function as the principal contact for all President’s Office and campus audit matters. The Audit Liaison will work with Internal Audit to ensure proper coordination and monitoring of all audit matters. It is the Audit Liaison’s responsibility to timely notify Internal Audit whenever Management engages a firm to perform audit or non-audit services or when an outside agency notifies the Campus or President’s Office that it will be conducting an audit or investigation and to provide periodic status updates, including preliminary audit results and Management’s draft responses. Internal Audit will provide assistance where required.

The Audit Liaison or Management is required to inform the Director of Internal Audit (Director) if the University’s independent external auditor is engaged to perform audit or non-audit services in order for the Audit Committee to pre-approve all proposed services in accordance with the Audit Committee Charter. The Director will assess the planned engagement to determine if it is prohibited by the Audit Committee Charter. If it is an allowed service the Director will present it to the Audit Committee Chair for approval. The Director will inform the Audit Liaison or Management if the engagement is approved.

Internal Audits

A written notification statement will be sent to appropriate persons prior to the start of an internal audit. Certain audits may be carried out without prior notice at the discretion of the Director or Audit Committee where the element of surprise is necessary or in the best interests of the University. An entrance conference outlining the objective, scope, timing, resource allocation and audit process will be held with the Audit Liaison and representatives of the operation, department or fund being reviewed. Upon audit fieldwork completion, preliminary observations will be communicated to Management followed by a draft audit report. Management will provide official action plan responses to all reported observations within 15 days of receiving the final draft report, including the individual(s) responsible for the completion of the action plan and a due date(s). The final report will be distributed to Management and the Chair and Vice Chair of the Audit Committee.

Confidentiality

All University audit records, both internal and external, including paper and electronic reports, supporting workpapers, notes and all other partial or whole documents will be considered confidential. Reports or other audit related documents will not be publicly disclosed except as directed by law or other regulation, the Director, University General Counsel or University President.

Doc. T06-061, as amended | Internal Audit Charter
Passed by the Board of Trustees on November 8, 2006
Revised:
February 24, 2010
December 14, 2011
December 12, 2012
December 11, 2013
December 10, 2014
December 9, 2015
December 9, 2016
December 8, 2017
December 13, 2018
December 18, 2019
December 10, 2020