Internal Audit Services Charter

View signed copy

Purpose and Mission

Internal auditing is an independent objective assurance and consulting activity designed to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight. Internal Audit Services (IAS) helps Utah State University (USU) accomplish its objectives by bringing a systematic, disciplined approach to evaluate and help improve the effectiveness of University operations.

Authority

IAS is authorized and required by the following:

  • Utah Code Chapter 631-5-201, also known as the Utah Internal Audit Act - requires the establishment of an internal audit program in Utah’s public higher education institutions.
  • Utah System of Higher Education (USHE)’s Internal Audit Program Policy 567 - requires each institution to maintain an internal audit activity plan.

The Chief Audit Executive (CAE) reports functionally to the Board of Trustees' Audit, Risk and Compliance (ARC) Committee and administratively to the USU President. IAS will have unrestricted access to, and communicate directly with the President and the ARC Committee.

The ARC Committee provides organizational IAS oversight by:

  • Approving its charter, audit plan and resource allocations.
  • Receiving communications related to audit activities.
  • Participating in discussions and approving decisions regarding the appointment and termination of the services of the CAE.

IAS is authorized by the President and the ARC Committee to:

  • Receive full, unrestricted access to records, property and personnel pertinent to carrying out audit engagements.
  • Allocate resources and determine scope of engagements.
  • Apply techniques required to accomplish audit objectives and issue related reports.
  • Obtain assistance from USU personnel and independent specialists, to complete engagements.

Standards

IAS activities are conducted in accordance with the mandatory elements of the Institute of Internal Auditors’ (IIA) International Professional Practices Framework (IPPF), including the International Standards for the Professional Practice of Internal Auditing, Core Principles for the Professional Practice of Internal Auditing, Definition of Internal Auditing and the Code of Ethics.

The CAE will address IAS’ conformance to the mandatory elements and adherence to the Code of Ethics annually to the President and ARC Committee.

Independence and Objectivity

In order to maintain independence, internal audit activities will remain free from interference from any element in the University. This includes activities pertaining to the selection, scope, timing, audit work or report content.

All IAS staff will:

  • Disclose any impairment of independence or objectivity, in fact or appearance, to appropriate parties.
  • Exhibit professional objectivity in gathering, evaluating and communicating information about the activity or processes being examined.
  • Make balanced assessment of all available and relevant facts and circumstances.

Should the CAE or other IAS staff have roles and/or responsibilities that fall outside of internal auditing, safeguards will be established to limit impairments to independence and objectivity.

The CAE will confirm the independence of the internal audit activity annually to the President and ARC Committee.

Scope

The scope of internal audit activities includes:

  • Conducting independent, objective assessments to provide assurance to the ARC Committee, the President, senior administrators, and other USU stakeholders regarding the adequacy, effectiveness and efficiency of governance, risk management and operations.
  • Providing consulting and related activities with the goal of assisting University departments in fulfilling their objectives.

Internal audit assessments include evaluating:

  • Risks facing the University are identified, mitigated or accepted within established risk tolerances.
  • The actions of officers, directors, employees and outside parties associated with USU comply with federal and state laws, USU policies and applicable standards or regulations.
  • Organizational operations are effective, efficient and consistent with University goals
  • Controls established to prevent, detect and correct errors are adequate and effective.
  • University resources and assets are acquired economically, used efficiently and safeguarded adequately.

Observations and opportunities for improvement identified during internal audit assessments as well as in consulting and related activities are communicated to the appropriate level of management and/or the ARC Committee.

The CAE will report on results and effectiveness of internal audit activities to the President and/or ARC Committee, including:

  • Completed engagements and other activities in comparison to approved audit plan.
  • Updates on ongoing projects.
  • Overview of major findings and recommendations, specifying critical ones.
  • Risk assessment process, including key risks identified.
  • Results of anonymous reporting system.

Responsibility 

The CAE has the responsibility to:

  • Submit a risk-based audit plan for the ARC Committee’s review and approval.
  • Obtain approval to deviate from approved audit plan as necessary, to address changes in USU operations, risks and controls, respond to external, emerging issues or address a hotline complaint.
  • Communicate to the President and the ARC Committee the adequacy of audit resources, including personnel and technical tools and the impact of limitations, if any.
  • Ensure the internal audit activity’s conformance with the IIA IPPF as well as compliance with relevant federal and state statutes, USU policies and procedures, and internal processes and procedures.
  • Ensure each engagement is conducted per the applicable internal audit processes and procedures.
  • Communicate the results of engagements as well as consulting and related activities to senior management and/or the ARC Committee.
  • Conduct follow-up reviews to reevaluate engagement findings, assess implementation of recommendations and corrective actions and report the results of these reviews.
  • Coordinate with other internal and external assurance providers.

Quality Assurance and Improvement Program

IAS maintains a quality assurance and improvement program (QAIP) that covers all aspects of operations. The program includes an evaluation of the conformance with the IIA’s IPPF Standards and auditors’ adherence to the IIA's Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity, including identifying opportunities for improvement, if any.

The CAE will report to the President and the ARC Committee the status of the QAIP, including results of internal assessments (both ongoing and periodic) and external assessments or validations, conducted at least once every five years by a qualified, independent assessor/validator or external assessment team.

Last revision: October 2022