Charter
Purpose
The Office of Internal Auditing (OIA) provides independent, objective assurance and consulting services designed to add value and improve the University’s operations. The OIA assists the University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the University’s risk management, internal control, and governance processes.The internal audit activity is established by General Statute Chapter 143, Article 79. The internal audit activity’s responsibilities are defined by these laws. The Council of Internal Auditing has authority to set policy related to the internal audit function.
The core principles articulate internal audit effectiveness. For an internal audit function to be considered effective, all principles should be present and operating effectively.
• Demonstrates integrity.
• Demonstrates competence and due professional care.
• Is objective and free from undue influence (independent).
• Aligns with the strategies, objectives, and risks of the University.
• Is appropriately positioned and adequately resourced.
• Demonstrates quality and continuous improvement.
• Communicates effectively.
• Provides risk-based assurance.
• Is insightful, proactive, and future-focused.
• Promotes organizational improvement.
• Demonstrates integrity.
• Demonstrates competence and due professional care.
• Is objective and free from undue influence (independent).
• Aligns with the strategies, objectives, and risks of the University.
• Is appropriately positioned and adequately resourced.
• Demonstrates quality and continuous improvement.
• Communicates effectively.
• Provides risk-based assurance.
• Is insightful, proactive, and future-focused.
• Promotes organizational improvement.
The OIA will govern itself by adherence to The Institute of Internal Auditors’ mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing (Standards), and the Core Principles for the Professional Practice of Internal Auditing. This mandatory guidance constitutes principles of fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the OIA.
The requirement within General Statute Chapter 143, Article 79 will be adhered to as applicable to guide operations. The Institute of Internal Auditors’ Practice Advisories, Practice Guides, and Position Papers will also be adhered to as applicable to guide operations. In addition, the OIA will adhere to North Carolina Agricultural and Technical State University’s relevant policies and procedures, policies and procedures in the State Internal Audit Manual published by the Council of Internal Auditing for the State of North Carolina, guidance issued by the UNC System Office, and the OIA’s Audit Manual.
The requirement within General Statute Chapter 143, Article 79 will be adhered to as applicable to guide operations. The Institute of Internal Auditors’ Practice Advisories, Practice Guides, and Position Papers will also be adhered to as applicable to guide operations. In addition, the OIA will adhere to North Carolina Agricultural and Technical State University’s relevant policies and procedures, policies and procedures in the State Internal Audit Manual published by the Council of Internal Auditing for the State of North Carolina, guidance issued by the UNC System Office, and the OIA’s Audit Manual.
The OIA, with strict accountability for confidentiality and safeguarding records and information, is authorized to have full, free, and unrestricted access to any and all of North Carolina Agricultural and Technical State University records, physical properties, and personnel pertinent to carrying out any engagement. All employees are requested to assist the OIA in fulfilling its roles and responsibilities. The OIA shall have free and unrestricted access to the Risk Management, Audit and Compliance Committee of the Board of Trustees (BOT).
To provide for the independence of the OIA, its personnel report to the Director of Internal Auditing, who reports administratively to the General Counsel and Vice Chancellor for Legal Affairs, Risk, and Compliance and functionally to the Risk Management, Audit and Compliance Committee (Committee). The Director shall have full and independent access to the Chancellor, General Counsel and Vice Chancellor for Legal Affairs, Risk, and Compliance, and the Committee.
Administrative oversight by the General Counsel and Vice Chancellor for Legal Affairs, Risk, and Compliance includes the day-to-day operations. Functional oversight by the Committee includes:
• Approval of the internal auditing charter.
• Approval of the risk based internal audit plan.
• Review of internal audit reports when issued.
• Confirmation and assurance of the independence of the internal audit function.
• Meeting privately with the Director of Internal Auditing, as deemed necessary.
• Review of the effectiveness of the internal audit function, including compliance with The Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing.
• Resolution of significant disagreements between management and the NC Office of the State Auditor, internal audit, or other external auditors in connection with the preparation of the financial statements or with other audits.
• Review and concur in the appointment, replacement, or dismissal of the Director of Internal Auditing and the compensation package.
Administrative oversight by the General Counsel and Vice Chancellor for Legal Affairs, Risk, and Compliance includes the day-to-day operations. Functional oversight by the Committee includes:
• Approval of the internal auditing charter.
• Approval of the risk based internal audit plan.
• Review of internal audit reports when issued.
• Confirmation and assurance of the independence of the internal audit function.
• Meeting privately with the Director of Internal Auditing, as deemed necessary.
• Review of the effectiveness of the internal audit function, including compliance with The Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing.
• Resolution of significant disagreements between management and the NC Office of the State Auditor, internal audit, or other external auditors in connection with the preparation of the financial statements or with other audits.
• Review and concur in the appointment, replacement, or dismissal of the Director of Internal Auditing and the compensation package.
The OIA shall be free from interference by any element of the University, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude. The Director of Internal Auditing will disclose any interferences to the Committee and discuss the implications.
Internal auditors will have no direct operational responsibility or authority over any of the University’s operating units. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair the internal auditor’s judgment.
Internal Auditing may provide assurance services where it had previously performed consulting services, provided the nature of the consulting did not impair objectivity and provided individual objectivity is managed when assigning resources to the engagement.
Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments. If independence or objectivity is impaired in fact or appearance, the details of the impairment will be disclosed to appropriate parties.
The Director of Internal Auditing will confirm to the BOT, at least annually, the organizational independence of the OIA.
Internal auditors will have no direct operational responsibility or authority over any of the University’s operating units. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair the internal auditor’s judgment.
Internal Auditing may provide assurance services where it had previously performed consulting services, provided the nature of the consulting did not impair objectivity and provided individual objectivity is managed when assigning resources to the engagement.
Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments. If independence or objectivity is impaired in fact or appearance, the details of the impairment will be disclosed to appropriate parties.
The Director of Internal Auditing will confirm to the BOT, at least annually, the organizational independence of the OIA.
The scope of internal auditing encompasses, but is not limited to, examination and evaluation of the adequacy and effectiveness of the University’s governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the University’s stated goals and objectives. The Director and staff of the OIA have responsibility to:
• Provide assurance services and consulting and advisory services related to governance, risk management, and control processes as appropriate for the University.
• Evaluate risk exposure relating to achievement of the organization's strategic objectives.
• Evaluate the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
• Evaluate the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the University.
• Evaluate the means of safeguarding assets and, as appropriate, verify the existence of those assets.
• Evaluate the effectiveness and efficiency with which resources are employed.
• Evaluate operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
• Monitor and evaluate governance processes.
• Report periodically on the OIA purpose, authority, and responsibility, as well as performance relative to the internal audit plan.
• Evaluate and assess significant functions and new or changing services, systems, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
• Evaluate specific issues and operations at the request of the Committee or senior management.
• Communicate the impact of resource limitations and significant interim changes to senior management and the Committee.
• Assist and/or conduct the investigation of suspected fraudulent activities within the University in cooperation with the Chief of Police and/or General Counsel and Vice Chancellor for Legal Affairs, Risk, and Compliance and notify the Chancellor and the Committee of the results.
• Report significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the Committee.
• Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University.
• Participate in entrance and exit conferences with external auditors.
• Provide assurance services and consulting and advisory services related to governance, risk management, and control processes as appropriate for the University.
• Evaluate risk exposure relating to achievement of the organization's strategic objectives.
• Evaluate the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
• Evaluate the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the University.
• Evaluate the means of safeguarding assets and, as appropriate, verify the existence of those assets.
• Evaluate the effectiveness and efficiency with which resources are employed.
• Evaluate operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
• Monitor and evaluate governance processes.
• Report periodically on the OIA purpose, authority, and responsibility, as well as performance relative to the internal audit plan.
• Evaluate and assess significant functions and new or changing services, systems, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
• Evaluate specific issues and operations at the request of the Committee or senior management.
• Communicate the impact of resource limitations and significant interim changes to senior management and the Committee.
• Assist and/or conduct the investigation of suspected fraudulent activities within the University in cooperation with the Chief of Police and/or General Counsel and Vice Chancellor for Legal Affairs, Risk, and Compliance and notify the Chancellor and the Committee of the results.
• Report significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the Committee.
• Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University.
• Participate in entrance and exit conferences with external auditors.
At least annually, the Director of Internal Auditing will submit to senior management and the Committee an internal audit plan for review and approval. The flexible audit plan will be developed using an appropriate risk-based methodology, including any risks or control concerns identified by management and the Committee.
The Director of Internal Auditing will review and adjust the plan, as necessary, in response to changes in North Carolina Agricultural and Technical State University’s risks, operations, programs, systems, and controls. Any significant deviation from the approved internal audit plan will be communicated to senior management and the Committee through periodic activity reports.
The Director of Internal Auditing will review and adjust the plan, as necessary, in response to changes in North Carolina Agricultural and Technical State University’s risks, operations, programs, systems, and controls. Any significant deviation from the approved internal audit plan will be communicated to senior management and the Committee through periodic activity reports.
A written report will be prepared and issued following the conclusion of each internal audit engagement and will be distributed as appropriate. Internal audit results will also be communicated to senior management and the Committee.
The internal audit report may include management's response and corrective action taken or to be taken in regard to specific findings and recommendations. Management's response, whether included within the original audit report or provided thereafter by management of the audited area should include a timetable for anticipated completion of the action to be taken and an explanation for any corrective action that will not be implemented.
The Office of Internal Auditing will be responsible for appropriate follow-up on engagement findings and recommendations. All significant findings will remain in an open issues file until clear.
The Director of Internal Auditing will periodically report to senior management and the Committee on the purpose, authority, and responsibility of the OIA, as well as performance relative to the audit plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the Committee.
The OIA will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will assess the efficiency and effectiveness of the OIA and identify opportunities for improvement. The program will also assess whether internal auditors apply the Code of Ethics and will include an evaluation of conformance with the Definition of Internal Auditing and the Standards.
At least annually, the Director of Internal Auditing will communicate to senior management and the Committee on the quality assurance and improvement program, including results of internal assessments, and any external assessments which are conducted at least every five years.
At least annually, the Director of Internal Auditing will communicate to senior management and the Committee on the quality assurance and improvement program, including results of internal assessments, and any external assessments which are conducted at least every five years.
