Charter

Purpose

The Office of Internal Auditing provides independent, objective assurance and consulting services designed to add value and improve the University’s operations. The Office of Internal Auditing assists the University in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal control, and governance processes.

The Office of Internal Auditing will govern itself by adherence to The Institute of Internal Auditors' mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (standards). This mandatory guidance constitutes principles of fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the Office of Internal Auditing.

The Institute of Internal Auditors' Practice Advisories, Practice Guides, and Position Papers will also be adhered to as applicable to guide operations.  In addition, the Office of Internal Auditing will adhere to North Carolina Agricultural and Technical State University's relevant policies and procedures and the Office of Internal Auditing's Audit Manual.

The Office of Internal auditing, with strict accountability for confidentiality and safeguarding records and information, is authorized to have full, free, and unrestricted access to any and all of North Carolina Agricultural and Technical State University records, physical properties, and personnel pertinent to carrying out any engagement.  All Employees are requested to assist the Office of Internal Auditing in fulfilling its roles and responsibilities.  The Office of Internal Auditing shall have free and unrestricted access to the Risk Management, Audit and Compliance Committee of the Board of Trustees.

To provide for the independence of the Office of Internal auditing, its personnel report to the Director of Internal Auditing, who reports administratively to the Chancellor and functionally to the Risk Management, Audit and Compliance Committee.  The Director shall have full and independent access to the Chancellor and the Risk Management, Audit and Compliance Committee.

Administrative oversight by the Chancellor includes the day-to-day operations.  Functional oversight by the Risk Management, Audit and Compliance Committee includes:

  • Approval of the internal audit charter. 
  • Approval of the risk based internal audit plan. 
  • Review of internal audit reports when issued. 
  • Confirmation and assurance of the independence of the internal audit function. 
  • Meeting privately with the Director of Internal Auditing as deemed necessary. 
  • Review of the effectiveness of the internal audit function, including compliance with The Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing. 
  • Resolution of disagreements between internal audit and management concerning audit findings and recommendations. 

The Office of Internal Auditing shall be free from interference by any element of the University, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.

Internal auditors will have no direct operational responsibility or authority over any of the University's operating units.  Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair the internal auditor's judgment.

Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.  Internal auditors will make a balanced assessment of all relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.

The Director of Internal Auditing will confirm to the Board of Trustees, at least annually, the organizational independence of the Office of Internal Auditing.

The scope of internal auditing encompasses, but is not limited to examination and evaluation of the adequacy and effectiveness of the University's governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the University's stated goals and objectives.  The Director and staff of the Office of Internal Auditing have responsibility to:

  • Evaluate the reliability and integrity of information and the means used to identify, measure, classify, and report such information. 
  • Evaluate the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the University. 
  • Evaluate the means of safeguarding assets and , as appropriate, verify the existence of those assets.
  • Evaluate the effectiveness and efficiency with which resources are employed.
  • Evaluate operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
  • Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of the Internal Audit Charter.
  • Perform engagements with integrity, proficiency, and due professional care.
  • Perform consulting and advisory services related to governance, risk management, and control as appropriate for the University.
  • Establish a quality assurance program that covers all aspects of the Office of Internal Auditing.
  • Communicate to the Chancellor and the Risk Management, Audit and Compliance Committee the results of the quality assurance assessments conducted at least every five years.
  • Evaluate and assess significant functions and new or changing services, systems, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
  • Keep the Chancellor and the Risk Management, Audit and Compliance Committee informed of emerging trends and successful practices in internal auditing.
  • Communicate the impact of resource limitations and significant interim changes to senior management and the Risk Management, Audit and Compliance Committee.
  • Assist and/or conduct the investigation of suspected fraudulent activities within the University in cooperation with the Chief of Police and/or General counsel and notify the Chancellor and the Risk Management, Audit and Compliance Committee of the results.
  • Report significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the Risk Management, Audit and Compliance Committee.
  • Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University.
  • Participate in opening and closing conferences with external auditors.
  • Ensure the requirements are met with regard to internal audit activities as set forth by the University of North Carolina Board of Governors and the state of North Carolina Council of Internal Auditing.

At least annually, The Director of Internal Auditing will submit to the Chancellor and the Risk Management, Audit and Compliance Committee an internal audit plan for review and approval.  The flexible audit plan will be developed using an appropriate risk-based methodology, including any risks or control concerns identified by management and the Risk Management, Audit and Compliance Committee.

The Director of Internal Auditing will review and adjust the plan, as necessary, in response to changes in North Carolina Agricultural and Technical State University's risk, operations, programs, systems, and controls.  Any significant deviation from the approved internal audit plan will be communicated to senior management and the Risk Management, Audit and Compliance Committee through periodic activity reports.

A written report will be prepared and issued following the conclusion of each internal audit engagement and will be distributed as appropriate.  Internal audit results will also be communicated to the Chancellor and the Risk Management, Audit and Compliance Committee.

The internal audit report may include management's response and corrective action taken or to be taken in regard to specific findings and recommendations.  Management's response, whether included within the original audit report or provided thereafter by management of the audited area should include a timetable for anticipated completion of the action to be taken and an explanation for any corrective action that will not be implemented.

The Office of Internal Auditing will be responsible for appropriate follow-up on engagement findings and recommendations.  All significant findings will remain in an open issues file until clear.

The Director of Internal Auditing will periodically report to senior management and the Risk Management, Audit and Compliance Committee on the purpose, authority, and responsibility of the Office of Internal Auditing, as well as performance relative to the audit plan.  Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the Risk Management, Audit and Compliance Committee.