Internal Audit Charter
Internal auditing is an independent objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. (Definition of Internal Auditing, The Institute of Internal Auditors, Inc.)
The purpose of internal auditing is to assist members of the University in the effective discharge of their responsibilities by furnishing them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed and by promoting effective control at reasonable cost. The University's executive management team is committed to internal auditing and values the information obtained from assurance and consulting engagements completed in accordance with international professional standards.
Correspondingly, the Internal Audit Department is committed to providing timely, accurate, and meaningful information to assist management in its stewardship to educate, inspire, and serve its constituency in accordance with the mission of Creighton University. The Internal Audit Department abides by the control principles set forth in the Internal Control Integrated Frameworkę published by the Committee of Sponsoring Organizations of the Treadway Commission and utilizes a risk-based approach for engagement selection. An annual service plan is formulated and executed in accordance with the Internal Audit Department' overall strategy.
Background and Structure
The Board of Directors established the Internal Audit Department August 1, 1983, and its purpose, authority and responsibilities are defined in this charter, which has been approved by the Audit Committee of the Board of Directors and the University President. The Internal Audit Director functions as the chief audit executive and reports administratively to the Senior Vice President for Operations with direct access to the President, and functionally to the Audit Committee of the Board of Directors.
The Internal Audit Director has full access to the Audit Committee of the Board of Directors and attends all audit committee meetings, functions as secretary in the preparation of meeting minutes, and may request executive sessions. The annual service plan and resource requirements are submitted to the Audit Committee for approval. Periodic accountability reports and the results of quality assurance and improvement activities are also reported to Senior Management and the Audit Committee. Approval of the Audit Committee is required for the removal or replacement of the chief audit executive.
In addition to providing assurance services, the Internal Audit Department serves as an in-house consultant on emerging issues and other matters of importance and through its engagement process provides informal education and training on significant issues pertaining to risk, control, and governance. Internal auditors also participate on University committees and task forces and provide formal training on relevant topics.
Creighton University is an institutional member of the Association of College and University Auditors and its Internal Audit Department participates in the Global Auditing Information Network internal auditing benchmarking service of the Institute of Internal Auditor's Inc.
Authorization is granted for full and complete access to any and all of the University's records (either manual or electronic), physical properties, and personnel necessary to accomplish its purpose. The Internal Audit Department is authorized to review and evaluate all University activities, policies, plans, procedures, and systems. Documents and information provided to internal auditors during an engagement will be handled in the same prudent manner as employees normally accountable for such information.
Responsibility and Scope of Work
It is the responsibility of the Internal Audit Director to ensure that the Internal Audit Department and the assurance and consulting services it provides conform to the Definition of Internal Auditing (Definition), The Code of Ethics (Code), and the International Standards for the Professional Practice of Internal Auditing (Standards) established by The Institute of Internal Auditors, Inc. It is the responsibility of internal auditors employed in the Internal Audit Department to adhere to the Definition, Code, and Standards. These obligations are mandatory.
Assurance services are categorized as follows: financial, compliance, process (operational), systems (including information technology), fraud (including ethics), and multiple objective department reviews (i.e. financial, operations, compliance, technology).
Consulting services are categorized as follows: counsel and advice, facilitation, process evaluation, and training.
In order to maintain independence and objectivity, internal auditors shall have no direct responsibility or authority over any of the activities or operations for which they perform assurance or consulting services. They should not develop and implement procedures, prepare records, or engage in any other activity that the Internal Audit Department would normally review and that could reasonably be construed to compromise independence and objectivity.
The Internal Audit Department's objectivity is not adversely affected, however, by recommending standards or controls to be applied in developing systems and procedures, or by evaluating existing or planned financial and operating systems and related procedures and making recommendations for modification and improvements thereto in order to improve controls and/or enhance operational effectiveness. Decisions to adopt or implement recommendations made as a result of an internal audit assurance or consulting engagement are the responsibility of University management. Consistent with international professional standards, participation on University committees, limited-life project teams, ad-hoc meetings, and other routine exchanges of information shall not be considered impairments to independence and objectivity.
The scope of internal auditing work encompasses evaluating and improving the adequacy and effectiveness of University risk management, control, and governance processes and the quality of performance in carrying out assigned responsibilities. The purpose of this effort is to provide reasonable assurance that these processes are functioning as intended and will enable the University's objectives and goals to be met, and to make recommendations for improving University operations in terms of both efficient and effective performance.
Internal audit activities may include:
- Ensuring that unit strategies and initiatives are aligned with University goals and objectives
- Evaluating risk management processes established by management to identify, evaluate, and respond to potential risks that may impact the University's ability to achieve its goals and objectives
- Evaluating control processes established by management to ensure that identified risks are appropriately mitigated
- Evaluating governance processes utilized by representatives of the University's stakeholders (board of directors) to provide oversight of the risk and control processes administered by management
- Assessing compliance with state and federal laws, and contractual obligations
- Assessing compliance with University policies and procedures, and sound business practices
- Participating in the planning, design, and implementation of major information systems to ensure the systems are properly tested, secured, documented and implemented to meet user requirements
- Appraising the efficiency and effectiveness with which resources are deployed
- Coordinating audit efforts with external auditors and reviewers
Engagement Reporting and Accountability
The Internal Audit Director ensures that the results of the assurance and consulting services are properly communicated to appropriate personnel in accordance with international professional standards. This includes:
- Presenting engagement results including management's comments and action plans as applicable, to the University president, the area vice president and the unit leader of the activity served, the external audit firm, and others as appropriate
- Providing adequate follow-up to ensure action is taken to correct reported conditions
- Submitting an annual service plan to the Audit Committee of the Board of Directors
- Reporting summarized findings and the status of corrective actions to the Audit Committee of the Board of Directors semiannually
- Furnishing full audit reports to the Audit Committee of the Board of Directors upon request
Chairman, Audit Committee
Board of Directors
March 31, 2011
Fr. John P. Schlegel, S.J.
President and Chief Executive Officer
February 8, 2011
Senior Vice President for Operations
February 5, 2011
* Original signed Audit Charter on file with the Internal Audit Department.