Audit Charter

This Charter shall be effective this 20th day of June, 2007 and shall expire unless readopted or amended prior to the 30th day of June, 2009.

Introduction

The Internal Audit Department (Internal Audit) shall provide Colorado State University System Board of Governors, the Chancellor and the administration with an independent and objective evaluation of the effectiveness, efficiency, and application of the accounting, financial, and other internal controls necessary to accomplish System objectives in compliance with policies and procedures, regulatory requirements, and sound business practices.  This Charter of Operations for the Internal Audit Department is intended to supplement Article VIII of the Bylaws relating to the Director of Internal Audit and is authorized by Article XII of the Bylaws.

Purpose

Internal Audit conducts reviews of campus and system records and operations and reports the results of these reviews to management, to the Chancellor, and the Audit Committee of the Board of Governors. In fulfilling its responsibility to assist the Chancellor,  Audit Committee, and other administrators in the effective discharge of their responsibilities, Internal Audit is committed to providing independent, objective, and timely service to its customers, as well as responding to their requests for consulting and other services, and to adding value to and improving the System’s operations. Internal Audit helps the System accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit conducts its projects in accordance with the Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors. In addition, Internal Audit adheres to all policies and procedures of the System and its campuses.

Authority

The Director of Internal Audit and the Internal Audit staff are authorized to:

  • Have full and unrestricted access to all records, physical properties, and personnel relevant to any function under review or audit.
  • Request the assistance of all employees in fulfilling Internal Audit’s function.
  • Maintain the independence necessary to render objective reports by assuring all audit activities (including audit scope, procedures, frequency, timing, and report content) are free from influence by auditee.
  • Have free and unrestricted access to the Chancellor and Audit Committee.

The Director of Internal Audit and the Internal Audit staff are not authorized to:

  • Perform any operational duties for the System, its campuses, or its affiliates.
  • Initiate or approve accounting transactions external to Internal Audit.
  • Assume direct operational responsibility or authority over any of the activities under review or audit.
  • Develop or install systems or procedures, prepare records, or engage in any other activity that would normally be audited.

Independence and Management of the Audit Function

In order to provide for the independence of the Internal Audit Department, Internal Audit staff report to the Director of Internal Audit.  The Director of Internal Audit is ultimately accountable to the Board and shall have a direct reporting relationship to the Board through its Audit Committee.  In order to promote effective management of Internal Audit, the Director shall also report to the Chancellor for purposes of administration and for assurance of adequate and appropriate consideration of audit findings within the organization. 

Responsibility

The Director of Internal Audit and the Internal Audit staff have a responsibility to:

  • To implement an annual audit plan developed by the Chancellor and Board of Governors Audit Committee, using an appropriate risk-based methodology, including any risks or control concerns identified by management. The Chancellor and the Audit Committee shall approve significant changes to the approved plan.
  • Implement the approved annual audit plan and any special tasks or projects requested by the Chancellor, or Audit Committee.
  • Maintain sufficient knowledge, skills, expertise, and professional certifications to meet the requirements of this Charter. 
  • Apply the care and skill expected of a reasonably prudent and competent internal auditor.
  • Safeguard the documents and information given to Internal Audit during a periodic review or audit in the same prudent manner employed by those employees normally accountable for the documents and information.
  • Evaluate and assess new or changing services, processes, and operations coincident with their development, implementation, and/or expansion. 
  • Issue periodic reports to the Chancellor and Audit Committee summarizing results of audit activities.
  • Keep the Chancellor and Audit Committee, and management informed of emerging trends and successful practices in internal auditing.
  • Assist in the investigation of significant suspected fraudulent activities within the System and notify the Chancellor and Audit Committee of the results.
  • Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the System at a reasonable overall cost.

Audit Scope

The scope of Internal Audit encompasses the examination and evaluation of the adequacy and effectiveness of the use of internal control to achieve the stated goals and objectives of the Colorado State University System. The scope includes:

  • Reviewing the reliability and integrity of financial and operating information and the means used to identify measure, classify, and report such information.
  • Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations that could have a material impact on operations and reports.
  • Reviewing established systems of internal control to ascertain whether they are functioning as designed.
  • Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
  • Reviewing specific operations at the Audit Committee, or with the Chancellor, as appropriate.

Special Investigations

Individual staff members are urged to contact the Internal Audit Department directly to report financial or operating irregularities or areas of doubt and concern. The identity of any employee making such contact will be kept confidential if so requested by the employee.

Reporting

A written report will be prepared and issued by the Director of Internal Audit or designee following the conclusion of each audit. A copy of each audit report will be forwarded to the Chancellor, the Audit Committee and to other affected parties. The Director of Internal Audit or designee may include in the audit report the auditee’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management’s response should include a timetable for anticipated completion of the corrective action to be taken and an explanation for any recommendations not addressed by corrective action.
Internal Audit shall be responsible for appropriate follow-up on audit findings and recommendations. If Internal Audit should determine that implementation of findings and recommendations are not occurring with a reasonable timeframe, the Director of Internal Auditing will notify the Chancellor, the Audit Committee and any other appropriate administration.

Audit Standards and Ethics

Audit work of Internal Audit shall be performed in accordance with Generally Accepted Auditing Standards endorsed by the Institute of Internal Auditors in Standards for the Professional Practice of Internal Auditing.

Members of the Internal Audit Department are responsible to maintain the high standards of conduct, independence, and character necessary to provide proper and meaningful internal auditing for the System.