Internal Audit Services' Charter
Internal auditing is an independent objective assurance and consulting activity designed to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight to improve operations of the University. Internal Audit Services helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
The function of Internal Audit Services is authorized and required by the following:
- Utah Internal Audit Act - requires the establishment of an internal audit program in Utah’s public higher education institutions.
- Utah System of Higher Education Board of Regents’ Internal Audit Program Policy 567 - requires each institution to maintain an internal audit activity plan.
Internal Audit Services will conduct reviews of University organizational units, activities or processes as necessary. It has two distinct but compatible functions:
- Serve as a control function by examining and providing reasonable assurance to management and appropriate external bodies concerning the adequacy and effectiveness of established controls such as University policies and procedures and other research institution standards.
- Provide consulting and operational auditing services with the goal of assisting University departments in fulfilling their objectives.
Internal Audit Services shall adhere to the Mandatory Guidance of the Institute of Internal Auditors including:
- The Definition of Internal Auditing
- The Code of Ethics
- The International Standards for the Professional Practice of Internal Auditing
- The Core Principles
In addition, Internal Audit Services shall adhere to the University’s policies and procedures.
The Chief Audit Executive reports directly to both the University President and to the Board of Trustees' Audit, Risk and Compliance Committee Chair. The hiring and termination of services of the Chief Audit Executive is subject to approval of the Audit, Risk and Compliance Committee.
Internal Audit Services is authorized by the Board of Trustees and the Office of the President to have full and unrestricted access to all records, personnel and physical properties relevant to the performance of audits and reviews.
Internal Audit Services will have unrestricted access to the President and the Board of Trustees’ Audit, Risk and Compliance Committee.
Independence and Objectivity
In order to maintain independence, internal audit activities will remain free from interference from any element in the University. This includes activities pertaining to the selection, scope, timing, audit work or report content.
The Chief Audit Executive reports to both to the University President and the Chair of the Audit, Risk and Compliance Committee. The hiring and termination of the Chief Audit Executive is subject to approval of the Audit, Risk and Compliance Committee.
Internal auditors are expected to be objective in performing their responsibilities. Circumstances that may hinder objectivity must be disclosed and discussed with the Chief Audit Executive. These include potential or actual conflicts of interest relating to family, community or business.
Internal Audit Services will:
- Demonstrate integrity
- Demonstrate competence and due professional care
- Be objective and free from undue influence
- Perform work aligned with strategies, objectives and risks of the University
- Be appropriately positioned and adequately resourced
- Demonstrate quality and continuous improvement
- Communicate effectively
- Provide risk-based assurance
- Be insightful, proactive and future focused
- Promote University-wide improvement
The results of audits and reviews will be documented and communicated to the appropriate administrators.
Internal audit reports will include the observations, conclusions and recommendations derived from the completed audit work. The report may include the management response or corrective action that will be taken in regard to the findings or recommendations.
Internal Audit Services will allow management sufficient time to implement these corrective actions or plans before conducting a follow-up evaluation to assess satisfactory implementation of audit recommendations.
The Chief Audit Executive provides the Audit, Risk and Compliance Committee and the University President with regular updates regarding internal audit activities. In addition, an annual report of internal audit activities is prepared for the Audit, Risk and Compliance Committee chair to present to the Utah Board of Regents.