Internal Audit Charter
Approved by the Audit and Compliance Committee of the Board of Governors on January 23, 2014.
Wilfrid Laurier University
Internal Audit Charter
The mandate of the University’s Internal Audit (“IA”) department is to be an independent and objective assurance and consulting body established to carry out activities that add value and improve University’s operations. IA assists the University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the University’s governance, risk management, and internal control processes.
The responsibilities of the IA are established by the Audit and Compliance Committee (“Committee”) of the Board of Governors as part of their oversight role.
III. Professional Standards
The IA staff will adhere to the Institute of Internal Auditors (“IIA”) International Standards for the Professional Practice of Internal Auditing, the IIA’s Code of Ethics, and the standards of any other professional designations they hold, as applicable. In addition, the IA staff will adhere to the University’s relevant policies and procedures.
The IA, which has strict accountability for confidentiality and safeguarding records and information, is authorized by the Committee to have full, free, and unrestricted access to any and all of University’s records, physical properties, and personnel pertinent to carrying out any engagement. All University employees are expected to assist the IA in fulfilling its roles and responsibilities. The IA will also have free and unrestricted access to the Committee.
Information, documents, and other relevant data given to IA during the course of an engagement will be handled in the same prudent and confidential manner as by those employees normally accountable for them.
V. Organizational Reporting
Manager of IA will report administratively to VP Finance & Administration, and functionally to the Committee. This dual reporting structure enables the IA to maintain his / her independence and objectivity. The Manager of IA will communicate and interact directly with the Committee as appropriate.
VI. Independence and Objectivity
The IA will remain free from interference from the University’s management and staff, including selection of annual internal audits, the audit scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independence and objectivity.
IA will have no direct operational responsibility or authority over any of the activities audited. Accordingly, he / she will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair IA’s judgment.
IA will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. IA will make a balanced assessment of all the relevant circumstances and not be unduly influenced by self-interests or by others in forming judgments.
The Manager of IA will confirm to the Committee annually in writing the organizational independence of the IA activity.
The scope of IA encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the University’s governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the University’s stated goals and objectives. This includes:
- Preparation, presentation, and implementation of annual risk-based audit plan (refer to section VIII below)
- Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
- Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the University.
- Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Evaluating the effectiveness and efficiency with which resources are employed.
- Evaluating operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
- Monitoring and evaluating governance processes.
- Monitoring and evaluating the effectiveness of the University’s risk management processes.
- Performing consulting and advisory services related to governance, risk management and internal controls as appropriate for the University.
- Reporting significant risk exposures and internal control issues, including fraud risks, governance issues, and other matters as needed or requested by the Committee.
- Investigating and reporting on known or suspected violations of policies and procedures, financial irregularities, fraud or misuse of University assets, both independently and in collaboration with the University Secretary and General Counsel.
- Evaluating specific operations or processes at the request of the Committee or management, as appropriate.
- Managing externally contracted resources, as necessary, to assist in the delivery of IA services.
- Reporting periodically on the IA activity’s purpose, authority, responsibility, and performance relative to its plan (refer to section IX below).
- Issuing audit reports to the Committee and Management as applicable, summarizing the results of audit activities performed, including audit findings and related recommendations (refer to section IX below).
- Performing and reporting on follow-up reviews to determine the status of recommendations contained in previously issued audit reports (refer to section IX below).
- Keeping the Committee and VP, Finance and Administration informed of emerging trends and successful practices in internal auditing.
- Serving as a consulting resource for the review of policies and procedures, financial and administrative systems, organizational structures, enterprise risk management, and other related governance, risk and control activities.
- Coordinating, maintaining and updating the Legislative Compliance Report, and presenting to the Committee annually.
- Assisting the University’s external auditors with IA work in completing the year-end financial statement audit, as well as with other submissions and reporting requirements.
- Maintain professionalism with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter and to meet the minimum continuing professional education credit requirements.
- Attend at, and participate in Board and various other committee meetings as deemed appropriate.
VIII. Internal Audit Plan
The Manager of IA will submit to the Committee the annual IA plan for review and approval. The IA plan will consist of a work schedule as well as budget and resource requirements for the next fiscal year. The Manager of IA will communicate the impact of resource limitations and significant interim changes to the Committee. Additionally, IA plan for the following fiscal year will be presented for information and will be subject to approval process as outlined above.
The annual IA plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input of senior management and the Committee. The Manager of IA will review and adjust the plan, as necessary, in response to changes in the University’s business, risks, operations, programs, systems, and controls. Any significant deviation from the approved annual IA plan will be communicated to the Committee at their regularly scheduled meetings. Additionally, the Committee Chair will be informed between the Committee meetings, if more timely communication is deemed necessary.
IX. Reporting and Monitoring
A written report will be prepared and issued by the Manager of IA following the conclusion of each IA engagement and will be distributed to management as appropriate. IA results will also be communicated to the Committee in a summary audit report. All IA reports will be presented to the Committee in a confidential manner, preserving the integrity of the IA process.
The IA report will include management’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management's response should include a timetable for anticipated completion of action to be taken and an explanation for any corrective action that will not be implemented.
The IA will be responsible for appropriate follow-up on engagement findings and recommendations. All significant findings will remain in an open issues file until cleared.
The Manager of IA will periodically report to the Committee on the IA’s purpose, authority, and responsibility, as well as performance relative to its plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the Committee.
A copy of the IA reports prepared for the Committee will be provided to the University’s external auditors.
X. Charter Review and Approval