Emporia State University
Internal Audit Charter
The Office of Internal Audit provides independent, objective assurance and advisory services designed to add value and improve the operations of Emporia State University. Internal Audit helps the University accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of governance, risk management, and internal control
The internal audit function is established and governed by the Kansas Board of Regents, Fiscal Affairs and Audit Committee (hereafter referred to as the Board).
Internal Audit will adhere to The Institute of Internal Auditors' mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (Standards). This mandatory guidance is part of the International Professional Practices Framework (IPPF) and establishes the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of Internal Audit's performance.
In addition, Internal Audit will adhere to the University's relevant policies and procedures. The Standards shall constitute Internal Audit's operating procedures. Internal Audit will obtain additional resources, tools, and guidance through the Association of College and University Auditors and the Committee of Sponsoring Organizations.
The Office of Internal Audit derives its authority from the Kansas Board of Regents and shall report annually to the Fiscal Affairs and Audit Committee. The Kansas Board of Regents receives its authority from the Kansas State Legislature.
Internal Audit, with strict accountability for confidentiality and safeguarding records and information, is authorized full, free, and unrestricted access to any and all University and University-controlled affiliated corporation records, physical properties, and personnel relevant to an audit. All employees shall assist Internal Audit in fulfilling its roles and responsibilities. Internal Audit will also have free and unrestricted access to the Board.
The Director of Internal Audit is located within the Administration and Finance Division for administrative purposes and has direct reporting access to the President. In any situation where the director perceives a conflict of interest with or on the part of the President’s involvement with the subject of an audit, the director has direct reporting access to the Board.
INDEPENDENCE AND OBJECTIVITY:
Internal Audit shall have no direct operational responsibility or authority over any of the activities they review. Accordingly, they shall not develop nor install systems or procedures, prepare records, or engage in any other activity which normally would be audited or that may impair judgment.
The Director of Internal Audit will confirm to the board, at least annually, the organizational independence of the internal audit activity.
The responsibility of Internal Audit is to serve the University in a manner consistent with the International Professional Practices Framework (IPPF) promulgated by the Institute of Internal Auditors.
The scope of work shall be unrestricted and encompass the examination and evaluation of the adequacy and effectiveness of the University's governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve stated goals and objectives. Internal Audit will:
* Evaluate risk exposure relating to achievement of the organization’s strategic objectives.
* Evaluate the reliability and integrity of financial and operational information and the means used to identify, measure, classify, and report such information.
* Evaluate the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the University.
* Evaluate the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
* Evaluate the effectiveness and efficiency with which resources are employed.
* Evaluate operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
* Monitor and evaluate governance processes.
* Monitor and evaluate the effectiveness of the University's risk management processes.
* Evaluate specific operations at the request of the Board or management, as appropriate.
* Facilitate the University’s response to audits by the Kansas Legislative Division of Post Audit and other external entities.
* Review University-controlled affiliated corporations, including a review of the IRS form 990 for each such corporation, with a focus on potential conflicts of interest and transactions between the University and University-controlled affiliated corporations.
INTERNAL AUDIT PLAN:
The Director of Internal Audit shall report annually to the Kansas Board of Regents’ Fiscal Affairs and Audit Committee, summarizing the prior year's activities and audit plans for the coming year. The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input of senior management and the Board. At a minimum, internal controls for the university's highest risk units, based on public funds exposure, should be assessed on a regular basis. Any significant deviation from the approved internal audit plan will be communicated to senior management and the Board.
REPORTING AND MONITORING:
Following the conclusion of each audit, the Director of Internal Audit (or designee) shall prepare, issue, and distribute a written report as appropriate. The University shall submit each completed internal audit report identifying material financial weaknesses or fraud to the Kansas Board of Regents President and Chief Executive Officer, who shall be responsible for recommending to the Fiscal Affairs and Audit Committee any specific audit findings that should be reviewed further by the Committee.
The internal audit report may include management's response and corrective action to be taken in regard to specific findings and recommendations. Management's response should include a timetable for implementing corrective actions. Internal Audit is responsible for appropriate follow-up on audit findings and recommendations. Findings will be monitored and remain in an open issues file until cleared.
The Director of Internal Audit will periodically report to senior management and the Board on the internal audit activity’s purpose, authority, and responsibility, as well as performance relative to its plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the Board.
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM:
The Office of Internal Audit will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of the internal audit activity’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.
The Director of Internal Audit will communicate to senior management and the Board on Internal Audit’s quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every five years.