Search
Internal Audit » Audit Charter

Internal Audit Charter

Introduction

 

Internal auditing is an independent objective assurance and consulting activity designed to add value and improve the University's operations.  It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

 

The purpose of internal auditing is to assist members of the University in the effective discharge of their responsibilities by furnishing them with analyses, appraisals, recommendations, counsel and information concerning the activities reviewed and by promoting effective control at reasonable cost.  The University's executive management team is committed to internal auditing and values the information obtained from assurance and consulting engagements completed in accordance with professional standards. 

 

Correspondingly, the Internal Audit Department is committed to providing timely, accurate and meaningful information to assist management in its stewardship to educate, inspire and serve its constituency in accordance with the mission of Creighton University.  The Internal Audit Department abides by the control principles set forth in the Internal Control Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission and utilizes a risk-based approach for engagement selection.  An annual service plan is formulated and executed in accordance with the Internal Audit Department's overall strategy.

 

Background and Structure

 

The Board of Directors established the Internal Audit Department August 1, 1983 and its authority and responsiblities are defined in this charter, which has been approved by the Audit Committee of the Board of Directors and the University President.  The Internal Audit Director functions as the chief audit executive and reports administratively to the President and functionally to the Audit Committee of the Board of Directors.  Approval of the Audit Committee is required for the removal or replacement of the chief audit executive.

 

The Internal Audit Department serves as an in-house consultant on emerging issues and other matters of importance and through its engagement process provides informal education and training on significant issues pertaining to risk, control and governance.  Internal auditors also participate on University committees and task forces and provide formal training on relevant topics.

 

Creighton University is an institutional member of the Association of College and University Auditors and its Internal Audit Department participates in the Global Auditing Information Network internal auditing benchmarking service of the Institute of Internal Auditors, Inc.

 

Authority

 

Authorization is granted for full and complete access to any and all of the University's records (either manual or electronic), physical properties and personnel relevant to an assurance or consulting engagement.  The Internal Audit Department is authorized to review and evaluate all University activities, policies, plans, procedures and systems.  Documents and information provided to internal auditors during an engagement will be handled in the same prudent manner as employees normally accountable for such information.

 

Responsibility and Scope of Work

 

It is the responsibilty of the Internal Audit Director to ensure that assurance and consulting services conform to the International Standards for the Professional Practice of Internal Auditing promulgated by the Internal Auditing Standards Board of the Institute of Internal Auditors, Inc.  It is the responsibility of internal auditors employed in the Internal Audit Department to adhere to established professional standards and abide by the Institute of Internal Auditors' Code of Ethics.

 

In order to maintain independence and objectivity, internal auditors shall have no direct responsibility or authority over any of the activities or operations for which they perform assurance or consulting services.  They should not develop and implement procedures, prepare records or engage in any other activity that the Internal Audit Department would normally review and that could reasonably be construed to compromise independence and objectivity.

 

The Internal Audit Department's objectivity is not adversely affected, however, by recommending standards or controls to be applied in developing systems and procedures or by evaluating existing or planned financial and operating systems and related procedures and making recommendations for modification and improvements thereto in order to improve controls and/or enhance operational effectiveness.  Decisions to adopt or implement recommendations made as a result of an internal audit assurance or consulting engagement are the responsibility of University management.  Consistent with professional standards, participation on University committees, limited-life project teams, ad-hoc meetings and other routine exchanges of information shall not be considered impairments to independence and objectivity. 

 

The scope of the internal auditing work encompasses evaluating and improving the adequacy and effectiveness of University risk management, control and governance processes and the quality of performance in carrying out assigned responsibilities.  The purpose of this effort is to provide reasonable assurance that these processes are functioning as intended and will enable the University's objectives and goals to be met, and to make recommendations for improving University operations in terms of both efficient and effective performance.  Internal audit activities may include:

  • Ensuring that unit strategies and initiatives are aligned with University goals and objectives.
  • Evaluating risk management processes established by management to identify, evaluate and respond to potential risks that may impact the University's ability to achieve its goals and objectives.
  • Evaluating control processes established by management to ensure that identified risks are appropriately mitigated.
  • Evaluating governance processes utilized by representatives of the University's stakeholders (board of directors) to provide oversight of the risk and control processes administered by management.
  • Assessing compliance with state and federal laws and contractual obligations.
  • Assessing compliance with University policies and procedures and sound business practices.
  • Participating in the planning, design and implementation of major information systems to ensure the systems are properly tested, secured, documented and implemented to meet user requirements.
  • Appraising the efficiency and effectiveness with which resources are deployed.
  • Coordinating audit efforts with external auditors and reviewers.

 

Engagement Reporting and Accountability

 

The Internal Audit Director ensures that the results of the assurance and consulting services are properly communicated to appropriate personnel in accordance with professional standards.  This includes:

  • Presenting engagement results including management's comments and action plans as applicable, to the University president, the area vice president and the unit leader of the activity served, the external audit firm and others as appropriate.
  • Providing adequate follow-up to ensure action is taken to correct reported conditions.
  • Submitting an annual service plan to the Audit Committee of the Board of Directors.
  • Reporting summarized findings and the status of corrective actions to the Audit Committee of the Board of Directors semiannually.
  • Furnishing full audit reports to the Audit Committee of the Board of Directors upon request.

 

-signed- *

Bruce Lauritzen,

Chairman, Audit Committee

Board of Directors

Creighton University

May 28, 2003

 

-signed- *

Fr. John P. Schlegel, S.J.

President and Cheif Executive Officer

Creighton University

May 22, 2003

 

* Original signed Audit Charter on file with the Internal Audit Department.