This Charter shall be effective this 24th day of June, 2009.
The Internal Auditing Department (IA) shall provide Colorado State University System Board of Governors, the Chancellor and the administration with an independent and objective evaluation of the effectiveness, efficiency, and application of the accounting, financial, and other internal controls necessary to accomplish System objectives in compliance with policies and procedures, regulatory requirements, and sound business practices. This Charter of Operations for the Internal Auditing Department is intended to supplement Article VIII of the Bylaws relating to the Director of IA and is authorized by Article XII of the Bylaws.
IA conducts reviews of campus and system records and operations and reports the results of these reviews to management, to the Chancellor, and the Audit Committee of the Board of Governors. In fulfilling its responsibility to assist the Chancellor, Audit Committee, and other administrators in the effective discharge of their responsibilities, IA is committed to providing independent, objective, and timely service to its customers, as well as responding to their requests for consulting and other services, and to adding value to and improving the System’s operations. IA helps the System accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. IA conducts its projects in accordance with the Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors. In addition, IA adheres to all policies and procedures of the System and its campuses.
The Director of IA and the IA staff are authorized to:
- Have full and unrestricted access to all records, physical properties, and personnel relevant to any function under review or audit.
- Request the assistance of all employees in fulfilling IA’s function.
- Maintain the independence necessary to render objective reports by assuring all audit activities (including audit scope, procedures, frequency, timing, and report content) are free from influence by auditee.
- Have free and unrestricted access to the Chancellor and Audit Committee.
The Director of IA and the IA staff are not authorized to:
- Perform any operational duties for the System, its campuses, or its affiliates.
- Initiate or approve accounting transactions external to IA.
- Assume direct operational responsibility or authority over any of the activities under review or audit.
- Develop or install systems or procedures, prepare records, or engage in any other activity that would normally be audited.
Independence and Management of the Audit Function
In order to provide for the independence of the IA Department, IA staff report to the Director of IA. The Director of IA is ultimately accountable to the Board and shall have a direct reporting relationship to the Board through its Audit Committee. In order to promote effective management of IA, the Director shall also report to the Chancellor for purposes of administration and for assurance of adequate and appropriate consideration of audit findings within the organization.
The Director of IA and the IA staff have a responsibility to:
- To implement an annual audit plan developed by the Chancellor and Board of Governors Audit Committee, using an appropriate risk-based methodology, including any risks or control concerns identified by management. The Chancellor and the Audit Committee shall approve significant changes to the approved plan.
- Implement the approved annual audit plan and any special tasks or projects requested by the Chancellor, or Audit Committee.
- Maintain sufficient knowledge, skills, expertise, and professional certifications to meet the requirements of this Charter.
- Apply the care and skill expected of a reasonably prudent and competent internal auditor.
- Safeguard the documents and information given to IA during a periodic review or audit in the same prudent manner employed by those employees normally accountable for the documents and information.
- Evaluate and assess new or changing services, processes, and operations coincident with their development, implementation, and/or expansion. Issue periodic reports to the Chancellor and Audit Committee summarizing results of audit activities.
- Keep the Chancellor and Audit Committee, and management informed of emerging trends and successful practices in internal auditing.
- Assist in the investigation of significant suspected fraudulent activities within the System and notify the Chancellor and Audit Committee of the results.
- Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the System at a reasonable overall cost.
The scope of IA encompasses the examination and evaluation of the adequacy and effectiveness of the use of internal control to achieve the stated goals and objectives of the Colorado State University System. The scope includes:
- Reviewing the reliability and integrity of financial and operating information and the means used to identify measure, classify, and report such information.
- Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations that could have a material impact on operations and reports.
- Reviewing established systems of internal control to ascertain whether they are functioning as designed.
- Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Reviewing specific operations at the Audit Committee, or with the Chancellor, as appropriate.
Individual staff members are urged to contact the IA Department directly to report financial or operating irregularities or areas of doubt and concern. The identity of any employee making such contact will be kept confidential if so requested by the employee.
A written report will be prepared and issued by the Director of IA or designee following the conclusion of each audit. A copy of each audit report will be forwarded to the Chancellor, the Audit Committee and to other affected parties. The Director of IA or designee may include in the audit report the auditee’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management’s response should include a timetable for anticipated completion of the corrective action to be taken and an explanation for any recommendations not addressed by corrective action.
IA shall be responsible for appropriate follow-up on audit findings and recommendations. If IA should determine that implementation of findings and recommendations are not occurring with a reasonable timeframe, the Director of IA will notify the Chancellor, the Audit Committee and any other appropriate administration.
Audit Standards and Ethics
Audit work of IA shall be performed in accordance with the International Professional Practices Framework (including all of its component parts) promulgated by the Institute of Internal Auditors.
Members of the IA Department are responsible to maintain the high standards of conduct, independence, and character necessary to provide proper and meaningful internal auditing for the System.