Sample Internal Audit Department Charter

Louisiana State University Center for Internal Auditing

Charter

Internal Auditing Department

Introduction:

Internal Auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of the Louisiana State University Center for Internal Auditing (LSUCIA). It assists the LSUCIA in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization's risk management, control, and governance processes.

Role:

The Internal Auditing Department is established by the Board of Directors, and its responsibilities are defined by the Audit Committee of the Board of Directors as part of their oversight function.

Professional Standards:

The Internal Auditing Staff shall govern themselves by adherence to The Institute of Internal Auditors' "Code of Ethics." The Institute's "International Standards for the Professional Practice of Internal Auditing" (Standards) shall constitute the operating procedures for the department. These two documents constitute an addendum to their charter. The Institute of Internal Auditors' "Practice Advisories" will be adhered to as applicable. In addition, Internal Auditing will adhere to LSUCIA policies and procedures and Internal Auditing's Standard Operating Procedures Manual. The Standard Operating Procedures Manual shall include attribute, performance, and implementation standards to guide the Department.

Authority:

Authority is granted for full, free, and unrestricted access to any and all of LSUCIA records, physical properties, and personnel relevant to any function under review. All employees are requested to assist Internal Auditing in fulfilling their staff function. Internal Auditing shall also have free and unrestricted access to the Chairman of the Board of Directors, and the Audit Committee of the Board of Directors.

Documents and information given to Internal Auditing during a periodic review will be handled in the same prudent and confidential manner as by those employees normally accountable for them.

Organization:

The Chief Audit Executive shall report administratively to the Chief Executive Officer and functionally to the Audit Committee of the Board of Directors.

Independence:

All internal audit activities shall remain free of influence by any element in the organization, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of an independent and objective mental attitude necessary in rendering reports.

Internal Auditors shall have no direct operational responsibility or authority over any of the activities they review. Accordingly, they shall not develop nor install systems or procedures, prepare records, or engage in any other activity which would normally be audited.

Audit Scope:

The scope of Internal Audit encompasses the examination and evaluation of the adequacy and effectiveness of the organization's governance, risk management process, system of internal control structure, and the quality of performance in carrying out assigned responsibilities to achieve the organization's stated goals and objectives. It includes:

• Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
• Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports and whether the organization is in compliance.
• Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
• Reviewing and appraising the economy and efficiency with which resources are employed.
• Reviewing operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
• Reviewing specific operations at the request of the Audit Committee or management, as appropriate.
• Monitoring and evaluating the effectiveness of the organization's risk management system.
• Reviewing the quality of performance of external auditors and the degree of coordination with internal audit.
• Review the internal control statement by senior management and the related opinion by the attest auditor for audit planning.

Audit Planning:

Annually, the Chief Audit Executive shall submit to senior management and the Audit Committee a summary of the audit work schedule, staffing plan, and budget for the following fiscal year. The audit work schedule is to be developed based on a prioritization of the audit universe using a risk-based methodology. Any significant deviation from the formally approved work schedule shall be communicated to senior management and the Audit Committee through periodic activity reports.

Reporting:

A written report will be prepared and issued by the Chief Audit Executive or designee following the conclusion of each audit and will be distributed as appropriate. A copy of each audit report and a summarization will be forwarded to the Chief Executive Officer and the Chairman of the Audit Committee.

The Chief Audit Executive or designee may include in the audit report the auditee's response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management's response should include a timetable for anticipated completion of action to be taken and an explanation for any recommendations not addressed.

In cases where a response is not included within the audit report, management of the audited area should respond, in writing, within thirty days of publication to Internal Auditing and those on the distribution list.

Internal Auditing shall be responsible for appropriate follow-up on audit findings and recommendations. All significant findings will remain in an open issues file until cleared by the Chief Audit Executive or the Audit Committee.

Periodic Assessment:

The Chief Audit Executive should periodically assess whether the purpose, authority, and responsibility, as defined in this charter, continue to be adequate to enable the internal auditing activity to accomplish its objectives. The result of this periodic assessment should be communicated to senior management and the Board of Directors.

Louisiana State University Centerfor Internal Auditing

Charter

Internal Auditing Department

Approved this ________ day of _______________, ________.

Acknowledgement:

Chief Financial Officer Chief Executive Officer