Department Charter
Click here to view the signed copy of the Department Charter
MISSION AND SCOPE OF WORK
The purpose of the Office of Internal Audit is to provide independent, objective assurance and advisory services designed to add value and improve the operations of the University of Minnesota. The mission of the Office of Internal Audit is to enhance and protect organizational value by providing stakeholders with risk-based and objective assurance, advice, and insight. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The scope of work of the Office of Internal Audit is to determine whether the University of Minnesota’s system of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:
- Risks are appropriately identified and managed to optimize the achievement of institutional strategic objectives.
- Governance processes provide sufficient oversight and direction and are coordinated where necessary.
- Important financial, managerial, and operating information is accurate, reliable, and timely.
- Operations are consistent with established goals and objectives and are carried out effectively and efficiently.
- Employees’ actions comply with policies, standards, procedures, and applicable laws and regulations.
- Resources and assets are acquired economically, used efficiently, and protected adequately.
- Quality and continuous improvement are fostered in the University’s control processes.
- Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.
The Office of Internal Audit considers risks broadly and includes within its scope all activity posing financial, operational, technological, regulatory or reputational risk to the University. Opportunities for improving management control, efficiency and the University’s image may be identified during audits. They will be communicated to the appropriate level of management.
ACCOUNTABILITY
The Chief Auditor, in the discharge of his/her duties, is accountable per Board of Regents policy to the Board of Regents Audit & Compliance Committee and Chair of the Board of Regents to:
- Provide assessments on the adequacy and effectiveness of the University’s processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.
- Report significant issues relating to the processes for controlling University activities including potential improvements to those processes.
- Reporting the acceptance of risk by the administration, as appropriate.
- Provide information concerning outstanding issues through their resolution.
- Periodically provide information on the status and results of the annual audit plan and the sufficiency of department resources.
- Coordinate efforts with other control and monitoring functions (e.g., compliance, security, legal environmental, external auditors, etc.).
INDEPENDENCE
To provide for the independence of the Office of Internal Audit, the Board of Regents delegates directly to the Chief Auditor the authorities necessary to perform the duties set forth in the mission and scope of work. The Chief Auditor will have full and free access to the Board of Regents leadership and Audit & Compliance Committee. Additionally, the Chief Auditor's administrative and operational authorities are directly delegated and overseen by the Board of Regents.
In addition to audit activities by the Chief Auditor or requested by the Audit & Compliance Committee, the Office of Internal Audit may perform audit assurance and advisory services in alignment with the department's mission and scope of work requested by the University's President including the Chief Auditor participating on the President's cabinet by invitation.
The Office of Internal Audit is to be free from undue influence in the selection of activities to be examined, the audit techniques and procedures to be used, and the reporting of its results.
RESPONSIBILITY
The Chief Auditor and staff of the Office of Internal Audit are responsible for:
- Developing a flexible annual audit plan using an appropriate risk based methodology, including any risks or control concerns identified by management, and submitting that plan to the Audit & Compliance Committee for review and concurrence, as well as providing periodic updates as to the status of and/or changes to the plan.
- Implementing the annual audit plan, as approved, including any special tasks or projects requested by management and the Audit & Compliance Committee.
- Following up on engagement findings and corrective actions, and report periodically to the President and the Audit & Compliance Committee any corrective actions not effectively implemented.
- Maintaining a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
- Disclosing any impairment of audit independence or objectivity, in fact or appearance, to appropriate parties.
- Maintaining an ongoing audit quality assurance and improvement program that covers all aspects of the internal audit function which promotes the continuous improvement of the internal audit practice and includes periodic assessment by independent external resources.
- Considering the scope of, and placing reliance on, the work of the external auditors, regulators, and internal oversight units as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.
- Issuing periodic reports to the Audit & Compliance Committee and management summarizing results of audit activities.
- Keeping the Audit & Compliance Committee informed of emerging trends and successful practices in internal auditing.
- Conducting investigations of allegations of financial and operational misconduct.
- Notifying the Board of any matter that significantly involves the authority and role of the Board, including its fiduciary, oversight, and public accountability responsibilities, or if it raises unusual questions of public interest or public policy, has significant impact on the University's mission, or poses a significant risk to the University.
REPORTING
The Chief Auditor will report periodically to the President, the Chair of the Board of Regents, and the Audit & Compliance Committee regarding:
- The Office of Internal Audit's purpose, authority, and responsibility.
- The Office of Internal Audit's plan and performance relative to its plan.
- The Office of Internal Audit's conformance with the Institute of Internal Auditor's Code of Ethics and Standards, and any actions to address any significant conformance issues.
- Significant risk exposures and control issues, including fraud risks, governance issues, and other matters requiring the attention of, or requested by, the Audit & Compliance Committee.
- Results of audit engagements and other audit activities.
- Resource requirements.
- The acceptance of risk by leadership.
AUTHORITY
The Chief Auditor and staff of the Office of Internal Audit are authorized to:
- Have unrestricted access to all University functions, records, property, and personnel, subject to state and federal law and accountability for confidentiality and safeguarding of records and information.
- Allocate departmental resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives, and report content without subordinating their judgment on audit matters to others.
- Obtain the necessary assistance of personnel in units of the University where they perform audits, as well as other specialized services from within or outside the institution.
The Chief Auditor and staff of the Office of Internal Audit are not authorized to:
- Perform any operational duties for the University.
- Initiate or approve accounting transactions external to the Office of Internal Audit.
- Direct activities of any University employee not employed by the Office of Internal Audit, except to the extent such employees have been appropriately assigned to audit teams or to otherwise assist the internal auditors.
STANDARDS OF AUDIT PRACTICE
The Office of Internal Audit will govern itself by adherence to the mandatory elements of The Institute of Internal Auditors' International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, The Code of Ethics, the International Standards for the Professional Practice of Internal Auditing, and the Definition of Internal Auditing. The Chief Auditor will report periodically to senior leadership and the Audit & Compliance Committee regarding the Office's conformance to the Code of Ethics and the Standards.
________________________________________
Board of Regents Chair
________________________________________
Audit & Compliance Committee Chair
________________________________________
President
________________________________________
Chief Auditor
Dated ___________________________________
Job Openings
The Office of Internal Audit does not currently have any job openings.
Staff Directory
Quinn GaalswykTitle: Chief Auditor | Kelly KuhnsTitle: Director |
Rachel FlennerTitle: Director | Michelle Balthazor (UMD)Title: Associate Director |
Mike BentonTitle: IT Audit Director | Ashley GillesTitle: Principal Auditor |
Jonathan HarperTitle: Principal IT Auditor | Jake OstlerTitle: Principal IT Auditor |
Jason RasmussenTitle: Principal Auditor | Jean ValnesTitle: Principal Auditor |
Kelsey CarlsonTitle: Senior Auditor II | Jessie JiangTitle: Senior Auditor II |
Cassie Knutson (UMD)Title: Senior Auditor II | Maria NeslundTitle: Senior Auditor I |
Jaime RayTitle: Staff Auditor I | Gretchen WolfangelTitle: Senior Data Analytics Auditor |