Click here to view the signed copy of the Department Charter

Audit Charter

Mission and Scope of Work

The purpose of the Office of Internal Audit is to provide independent, objective assurance and advisory services designed to add value and improve the operations of the University of Minnesota. The mission of the Office of Internal Audit is to enhance and protect organizational value by providing stakeholders with risk-based and objective assurance, advice, and insight. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The scope of work of the Office of Internal Audit is to determine whether the University of Minnesota's system of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:

• Risks are appropriately identified and managed to optimize the achievement of institutional strategic objectives.
• Governance processes provide sufficient oversight and direction and are coordinated where necessary.
• Important financial, managerial, and operating information is accurate, reliable, and timely.
• Operations are consistent with established goals and objectives and are carried out effectively, efficiently, ethically, and equitably.
• Employees' actions comply with policies, standards, procedures, and applicable laws and regulations.
• Resources and assets are acquired economically, used efficiently, and protected adequately.
• Quality and continuous improvement are fostered in the University's control processes.
• Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.
• The integrity of University information and the means used to identify, measure, analyze, classify, and report such information is reliable.

The Office of Internal Audit considers risks broadly and includes within its scope all activity posing financial, operational, technological, regulatory or reputational risk to the University. This work includes objective examinations of evidence to provide independent assurance and/or advisory services on the adequacy and effectiveness of governance, risk management, and control processes.

Opportunities for improving control processes, efficiency, governance, and risk management may be identified during audit engagements. These opportunities will be communicated to the appropriate level of management.

Independence

To provide for the independence of the Office of Internal Audit, the Board of Regents delegates directly to the chief auditor the authorities necessary to perform the duties set forth in the mission and scope of work. The chief auditor will have full and free access to the Board of Regents leadership and Audit & Compliance Committee. Additionally, the chief auditor's administrative and operational authorities are directly delegated and overseen by the Board of Regents. At least annually, the chief auditor will confirm to the Audit & Compliance Committee the organizational independence of the internal audit function and any current operational authorities.

The Office of Internal Audit is to be free from undue influence in the selection of activities to be examined, the audit techniques and procedures to be used, and the reporting of results.

In addition to audit activities identified by the chief auditor or requested by the Audit & Compliance Committee, the Office of Internal Audit may perform audit assurance and advisory services in alignment with the department's mission and scope of work requested by the University's President, including the chief auditor participating on the President's cabinet by invitation. The nature and scope of advisory services may be established through mutual agreement between the President or other senior leaders and the Office of Internal Audit, provided the internal audit function does not assume management or operational responsibilities.

Audit & Compliance Committee's Responsibilities

The Audit & Compliance Committee responsibilities for the establishment and ongoing support and oversight of the Office of Internal Audit to ensure it has sufficient authority to fulfill its duties are outlined in Board of Regents Policy: Board Operations and Agenda Guidelines and Board of Regents Policy: Reservation and Delegation of Authority.

Office of Internal Audit Responsibilities

Ethics and Professionalism

The chief auditor will ensure all OIA auditors:

• Conform with the Institute of Internal Audit's (IIA's) Global Internal Audit Standards, including the principles of Ethics and Professionalism: integrity, objectivity, competency, due professional care, and confidentiality.
• Understand, respect, meet, and contribute to the legitimate and ethical expectations of the organization and be able to recognize conduct that is contrary to those expectations.
• Encourage and promote an ethics-based culture in the organization.
• Report organizational behavior that is inconsistent with the organization's ethical expectations, as described in applicable policies and procedures.

Objectivity

The chief auditor will ensure that the internal audit function remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of: engagement selection, scope, procedures, frequency, timing, and communication. If the chief auditor determines that objectivity may be impaired in fact or appearance, the details of the impairment will be disclosed to appropriate parties.

Internal auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively such that they believe in their work product, do not compromise quality, and do not subordinate their judgment on audit matters to others, either in fact or appearance.

Internal auditors will have no direct operational responsibility or authority over any of the activities they review. Accordingly, internal auditors will not implement internal controls, develop procedures, install systems, or engage in other activities that may impair their judgment, including:

• Assessing specific operations for which they had responsibility within the previous year.
• Performing operational duties for the University or its affiliates other than those related to the functioning of the internal audit department or assigned by the Board.
• Initiating or approving transactions external to the internal audit function.
• Directing the activities of any University employee that is not employed by the Office of Internal Audit, except to the extent that such employees have been appropriately assigned to internal audit teams or to assist internal auditors.

Internal auditors will:

• Disclose impairments of independence or objectivity, in fact or appearance, to the appropriate parties.
• Exhibit professional objectivity in gathering, evaluating, and communicating information.
• Make balanced assessments of all available and relevant facts and circumstances.
• Take necessary precautions to avoid conflicts of interest, bias, and undue influence.

Managing the Internal Audit Function

The chief auditor and staff are responsible for:

• Developing a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submitting that plan to the Audit & Compliance Committee for review and approval, as well as providing periodic updates as to the status of and/or modifications to the plan in response to changes in risks, operations, programs, systems, controls or resources.
• Implementing the annual audit plan, as approved, including any special tasks or projects requested by management and the Audit & Compliance Committee.
• Following up on audit engagement findings to confirm whether corrective actions have taken place.
• Maintaining a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
• Ensuring internal audit engagements are performed, documented, and communicated in accordance with the Global Internal Audit Standards and any applicable laws or regulations.
• Identifying and considering trends and emerging issues that could impact the University and communicate to the Board and senior management as appropriate.
• Establishing, and ensuring adherence to, methodologies designed to guide the internal audit function.
• Keeping the Audit & Compliance Committee informed of emerging trends and successful practices in internal auditing management and performance.
• Coordinating activities and considering reliance upon the work of other external auditors and regulators, and internal oversight units as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.
• Issuing periodic reports to the Audit & Compliance Committee and management summarizing results of audit activities.
• Conducting investigations of allegations of financial and operational misconduct.
• Notifying the Board of any matter that significantly involves the authority and role of the Board, including its fiduciary, oversight, and public accountability responsibilities, or raises unusual questions of public interest or public policy, has significant impact on the University's mission, or poses a significant risk to the University.

Quality Assurance and Improvement Program

The chief auditor will develop, implement, and maintain a quality assurance and improvement program that covers all aspects of the internal audit function. The program will include external and internal assessments of the internal audit function's conformance with the Global Internal Audit Standards, as well as performance measurement to assess the internal audit function's progress toward the achievement of its objectives and promotion of continuous improvement. Also, if applicable, the assessment will include plans to address the internal audit function's deficiencies and opportunities for improvement.

External assessments will be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the University. Qualifications of the external team will include at least one assessor holding an active Certified Internal Auditor (CIA) credential and one with experience in higher education.

Communications with the Board and University Leadership

The chief auditor will report periodically to the administration, the Chair of the Board of Regents, and the Audit & Compliance Committee regarding:

• The Office of Internal Audit's mandate (i.e., purpose, authority, and responsibility).
• The Office of Internal Audit's plan, performance relative to its plan, and/or significant revisions to the plan.
• Results from the quality assurance and improvement program, which include the internal audit function's conformance with the Global Internal Audit Standards and action plans to address the internal audit function's deficiencies and/or opportunities for improvement.
• The Office of Internal Audit's conformance with the Institute of Internal Auditor's Code of Ethics and Standards, and actions to address any significant conformance issues.
• Significant risk exposures and control issues, including fraud risks, governance issues, and other matters requiring the attention of, or requested by, the Audit & Compliance Committee.
• Results of audit engagements and other audit activities.
• Internal audit budget and resource requirements, including any significant revisions.
• Management's responses to risk that the internal audit function determines does not adequately address the risk and/or the acceptance of significant risk by leadership.
• Any significant scope or resource limitations.

Authority

The internal audit function's authority is created by its direct reporting relationship to the University Board of Regents. The Board of Regents authorizes the chief auditor and staff of the Office of Internal Audit to:

• Have full unrestricted access to all University functions, records, data, property, and personnel, subject to state and federal law. Internal auditors are accountable for confidentiality and safeguarding records and information.
• Allocate departmental resources, select areas to audit and set frequencies for audits, determine scopes of work, and apply the techniques required to accomplish audit objectives, and communicate content to accomplish the function's objectives without subordinating their judgment on audit matters to others.
• Obtain the necessary assistance of personnel in units of the University where they perform audits, as well as other specialized services from within or outside the institution.

Standards of Audit Practice

The Office of Internal Audit will govern itself by adherence to the mandatory elements of The Institute of Internal Auditors' International Professional Practices Framework, which are the Global Internal Audit Standards and Topical Requirements.

The Office of Internal Audit currently has no job openings.