Internal Audit Charter
An internal audit charter is a formal written document that defines the purpose, authority and responsibility of the Office of Internal Audit within the University. This charter has been approved by the Audit & Risk Committee of the Board of Regents.
Memorial University of Newfoundland
Internal Audit Charter
1 Mission and Scope of Work
1.1 The mission of the Internal Audit department is to provide independent, objective assurance and advisory services designed to add value and improve University (herein to include the University and its affiliates) operations. Internal Audit will help the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, compliance and governance processes.
1.2 The scope of work of the Internal Audit department is to determine whether the organization’s risk management, control, and governance processes, as designed and represented by administration, are adequate and functioning in a manner to ensure:
- risks are appropriately identified and managed;
- controls designed to manage the risks are adequate and are working effectively;
- interaction with the members of the University community occurs as needed;
- significant financial, managerial, and operating information is accurate, reliable, and timely;
- employees’ actions are in compliance with policies, procedures, and applicable laws and regulations;
- resources are acquired economically, used efficiently and effectively, and are adequately protected;
- quality and continuous improvement is fostered in the organization’s control process; and
- significant legislative or regulatory issues impacting the organization are recognized and addressed appropriately.
2.1 The University Auditor, in the discharge of his/her duties, shall be accountable to the Board of Regents through the Audit and Risk Committee and the President and Vice-Chancellor for:
- Concluding at the completion of each audit project of the adequacy and effectiveness of management’s risk and control processes.
- Issuing reports to administration which describe opportunities to strengthen risk, control and governance processes. The reports will include administration’s action plans to address issues identified.
- Issuing a semi-annual status report on internal audit progress against the audit plan, significant risk and control exposures and on any other matters requested by the President and Vice-Chancellor and/or the Audit and Risk Committee and on administration’s progress towards remediating previously identified issues.
- Executing the approved audit plan.
3.1 The internal audit activity is free from interference by administration in determining the scope of internal audits, performing work, and communicating results. To provide for the independence of the Internal Audit department, its personnel report to the University Auditor, who reports administratively to the President and Vice-Chancellor and functionally to the Audit and Risk Committee of the Board of Regents. The University Auditor shall have full and independent access to the Audit and Risk Committee.
4.1 The University Auditor has responsibility for:
- developing the annual audit plan using an appropriate risk-based methodology, and submitting that plan to the Audit and Risk Committee for review and approval after it has been endorsed by the Vice-Presidents Council and the President and Vice-Chancellor;
- executing the audit plan, as approved, including any special tasks or projects requested by administration and/or the Audit and Risk Committee;
- presenting a revised audit plan for approval to the Audit and Risk Committee if changes in the risk profile of the University suggest the original plan requires modification;
- developing a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of the Charter; and enhancing staff skills through a combination of coaching/mentoring and professional development and training courses;
- identifying and maintaining the audit risk universe based on appropriate methodology;
- managing the Internal Audit department in accordance with best practices of the internal audit profession within budget constraints;
- investigating suspected acts of criminal and fraudulent activity as requested;
- planning the scope of work including discussion with the external auditors and the requirements of regulators, as appropriate, for the purpose of providing optimal audit coverage to the University; and
- providing advisory services to administration that add value and promote the best interests of the University.
5.1 The University Auditor is authorized to direct a broad, comprehensive program of internal auditing. To accomplish this mandate, members of the Internal Audit department are authorized to:
- have full and unrestricted access to all organizational functions, records, property, and personnel including the Audit and Risk Committee;
- allocate resources, set frequencies, select subjects, determine scope of work, and apply the techniques required to accomplish audit objectives; and
- be agents of change; provide advisory services to management as requested.
5.2 The Internal Audit department is not authorized to:
- perform any operational duties for the University or its affiliates that could in any way interfere with the department’s real or perceived independence;
- initiate or approve accounting transactions external to the Internal Audit department; or
- direct the activities of any employee not employed by the Internal Audit department, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.
6 Standard of Audit Practice
The Internal Audit Department will meet the Standards for the Professional Practice of Internal Auditing of The Institute of Internal Auditors.