Internal Audit
Charter
Louisiana Tech University
Internal Audit Activity Charter
This charter sets forth the purpose, mission, objectives, authority, and responsibility of the internal audit activity at Louisiana Tech University. The charter establishes the internal audit activity’s position within the University; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities..
Purpose and Mission
The purpose of the University’s internal audit activity is to provide independent, objective assurance and consulting services designed to add value and improve the University’s operations. The mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. The internal audit activity helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes. The internal audit activity is guided by a value-driven philosophy of partnering with other departmental units to continuously improve the operations of the University.
Standards for the Professional Practice of Internal Auditing
The internal audit activity will govern itself by adherence to the mandatory elements of the Institute of Internal Auditors’ International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing (Standards), and the Definition of Internal Auditing. The Director of Internal Audit (Chief Audit Executive) will report periodically to the University President and, through the System Director of Internal & External Audit, to the Board of Supervisors of the University of Louisiana System (Board) regarding the internal audit activity’s conformance to the Code of Ethics and the Standards.
Authority
The University’s internal audit activity is established by the Board. The internal audit activity’s responsibilities are defined by the Board as part of their oversight role. The Director of Internal Audit will report administratively (i.e., day-to-day operations) to the President of the University and functionally to the Board, through the System Director of Internal & External Audit and the Finance Committee. To establish, maintain, and assure that the University’s internal audit activity has sufficient authority to fulfill its duties, the Board of Supervisors will:
• Approve the internal audit activity’s charter.
• Approve the risk based internal audit plan.
• Approve the internal audit activity’s budget and resource plan.
• Receive communications from the Director of Internal Audit on the internal audit activity’s performance relative to its plan and other matters.
• Approve decisions regarding the appointment and removal of the Director of Internal Audit.
• Approve the remuneration of the Director of Internal Audit.
• Make appropriate inquiries of management and the Director of Internal Audit to determine whether there is inappropriate scope or resource limitations.
The Director of Internal Audit will have unrestricted access to and communicate and interact directly with the System Director of Internal & External Audit, the Finance Committee of the Board of Supervisors, and the Board of Supervisors, including in private meetings without management present.
The Board of Supervisors authorizes the internal audit activity to:
• Have full, free, and unrestricted access to all functions, records, property, and personnel pertinent to carrying out any engagement, subject to accountability for confidentiality and safeguarding of records and information.
• Audit or review any function, activity, or unit of the University and the accounts of all organizations required to submit financial statements to the University.
• Have direct and unrestricted access and present to the President of the University any matter considered to be of sufficient importance to warrant attention or that has been brought to the internal audit activity for review.
• Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
• Obtain the necessary assistance of personnel of the University where they perform audits, as well as other specialized services from within or outside the University, in order to complete the engagement.
Independence and Objectivity
The Director of Internal Audit will ensure that the internal audit activity remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of audit selection, scope, procedures, frequency, timing, and report content. If the Director of Internal Audit determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to appropriate parties.
Internal auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively and in such a manner that they believe in their work product, that no quality compromises are made, and that they do not subordinate their judgment on audit matters to others.
Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, internal auditors will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment, including:
• Assessing specific operations for which they had responsibility within the previous year.
• Performing any operational duties for the University or its affiliates.
• Initiating or approving transactions external to the Department of Internal Audit.
• Directing the activities of any University employee not employed by the internal audit activity, except to the extent that such employees have been appropriately assigned to auditing teams or to otherwise assist internal auditors.
To provide for the independence of the internal audit activity, its personnel will report to the University’s Director of Internal Audit, who reports functionally to the Board of Supervisors through the System Director of Internal & External Audit and administratively to the President of the University. Therefore, internal audits and appraisals do not in any way substitute for nor relieve other persons in the University of the responsibilities assigned to them.
Where the Director of Internal Audit has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards will be established to limit impairments to independence or objectivity. Internal auditors will:
• Disclose any impairment of independence or objectivity, in fact or appearance, to appropriate parties.
• Exhibit professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.
• Make balanced assessments of all available and relevant facts and circumstances.
• Take necessary precautions to avoid being unduly influenced by their own interests or by others in forming judgments.
At least annually, the Director of Internal Audit will confirm to the University President and the Board of Supervisors of the University of Louisiana System through the System Director of Internal & External Audit, the organizational independence of the internal audit activity. The Director of Internal Audit will also disclose to those parties any interference and related implications in determining the scope of internal auditing, performing work, and/or communicating results.
Scope of Internal Audit Activities
The scope of internal audit activities encompasses, but is not limited to, objective examinations of evidence for the purpose of providing independent assessments to the Board, management, and outside parties on the adequacy and effectiveness of governance, risk management, and control processes for the University. Internal audit assessments include evaluating whether:
• Risks relating to the achievement of the University’s strategic objectives are appropriately identified and managed.
• The actions of the University’s officers, directors, employees, and contractors are in compliance with the University’s policies, procedures, applicable laws, regulations, and governance standards.
• The results of operations or programs are consistent with established goals and objectives.
• Operations or programs are being carried out effectively and efficiently.
• Established processes and systems enable compliance with the policies, procedures, laws, and regulations that could significantly impact the University.
• Information and the means used to identify, measure, analyze, classify, and report such information are reliable and have integrity.
• Resources and assets are acquired economically, used efficiently, and protected adequately.
The Director of Internal Audit will report periodically to senior management and the Board regarding:
• The internal audit activity’s purpose, authority, and responsibility.
• The internal audit activity’s plan and performance relative to its plan.
• The internal audit activity’s conformance with The IIA’s Code of Ethics and Standards, and action plans to address any significant conformance issues.
• Significant risk exposures and control issues, including fraud risks, governance issues, and other matters requiring the attention of, or requested by, the Board.
• Results of audit engagements or other activities.
• Resource requirements.
• Any response to risk by management that may be unacceptable to the University.
The Director of Internal Audit also coordinates activities, where possible, and considers relying upon the work of other internal and external assurance and consulting service providers as needed. The internal audit activity may perform advisory and related client service activities, the nature and scope of which will be agreed with the client, provided the internal audit activity does not assume management responsibility.
Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during engagements. These opportunities will be communicated to the appropriate level of management.
Responsibility
The chief audit executive has the responsibility to:
• Annually develop and submit to senior management and the Board a risk-based internal audit plan for review and approval. The flexible annual audit plan will be developed based on internal audit’s assessment of risk with input from management regarding areas of concern and areas of increased risk.
• Communicate to senior management and the Board the impact of resource limitations on the internal audit plan.
• Review and adjust the annual internal audit plan, as necessary, in response to changes in the University’s business, risks, operations, programs, systems, and controls.
• Communicate to senior management and the Board any significant interim changes to the internal audit plan.
• Ensure each engagement of the internal audit plan is executed, including the establishment of objectives and scope, the assignment of appropriate and adequately supervised resources, the documentation of work programs and testing results, and the communication of engagement results with applicable conclusions and recommendations to appropriate parties.
• Follow up on engagement findings and corrective actions, and report periodically to senior management and the Board any corrective actions not effectively implemented.
• Ensure the principles of integrity, objectivity, confidentiality, and competency are applied and upheld.
• Ensure the Department of Internal Audit collectively possesses or obtains the knowledge, skills, and other competencies needed to meet the requirements of the internal audit charter.
• Maintain a Quality Assurance and Improvement Program by which the Director assures the operations of internal auditing activities are adequate.
• Perform consulting services, beyond internal auditing’s assurance services, to assist management in meeting its objectives.
• Ensure trends and emerging issues that could impact the University are considered and communicated to senior management and the Board as appropriate.
• Ensure emerging trends and successful practices in internal auditing are considered.
• Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
• Assist in the investigation of significant suspected fraudulent activities within the University and notify management and the Finance Committee of the results.
• Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage.
• Establish and ensure adherence to policies and procedures designed to guide the internal audit activity.
• Ensure adherence to the University’s relevant policies and procedures, unless such policies and procedures conflict with the internal audit charter. Any such conflicts will be resolved or otherwise communicated to senior management and the Board.
• Submit written and timely reports to the President of the University and appropriate members of management at the conclusion of each engagement to acknowledge satisfactory performance or to set forth observations and/or recommendations for correction or improvement.
• Forward a copy of each internal audit report and a summary to the System’s Director of Internal & External Audit.
• Ensure conformance of the internal audit activity with the Standards, with the following qualifications:
o If the internal audit activity is prohibited by law or regulation from conformance with certain parts of the Standards, the chief audit executive will ensure appropriate disclosures and will ensure conformance with all other parts of the Standards.
o If the Standards are used in conjunction with requirements issued by other authoritative bodies (e.g., AICPA, GAO, etc.), the chief audit executive will ensure that the internal audit activity conforms with the Standards, even if the internal audit activity also conforms with the more restrictive requirements of other authoritative bodies.
Quality Assurance and Improvement Program
The internal audit activity will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program is detailed in the Audit Manual of the Louisiana Tech University Department of Internal Audit. The program will include an evaluation of the internal audit activity’s conformance with the Standards and an evaluation of whether internal auditors apply the IIA’s Code of Ethics. The program will also assess the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement. The program will include both internal and external assessments. The internal assessments will include ongoing monitoring of the performance of the internal audit activity and periodic self-assessments. Act 314 of the 2015 Regular Legislative Session (L.R.S. 17:3351) which became effective on August 1, 2015, states that any state entity with an appropriation in the general appropriation bill of $30 million or more must establish an Internal Audit function and comply with IIA Standards. The Standards provide that external assessments are required to be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization. Therefore, an external assessment will be required to be completed by July 31, 2020, which is five years from the effective date of Act 314 of 2015. The Director of Internal Audit will communicate to senior management and the Board on the internal audit activity’s quality assurance and improvement program, including results of internal assessments (ongoing monitoring and periodic self-assessments) and external assessments.