University of Calgary

Charter

University of Calgary, Internal Audit Charter, 2009

Mission

The mission of the Office of the Internal Auditor (OTIA) is to provide independent, objective assurance and consulting services designed to add value and improve University operations. It helps the University accomplish its strategic objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Scope and objectives

The scope of the work of the OTIA encompasses all University units, operations and services, and is intended to determine whether the University's network of risk management, control (including computerized information controls and security), and governance processes, as represented by management, are appropriately designed and implemented effectively. In order to achieve these objectives, the OTIA will conduct audits to determine whether:  
  • Risks are appropriately identified and managed;
  • Significant financial, managerial, and operating information is accurate, reliable and timely;
  • The University’s major policies and procedures are documented and kept current; and that the Internal control system is adequate to ensure adherence, in a material way, to the policies and procedures;
  • Resources are acquired economically and efficiently;
  • Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately; and
  • University assets, including information, are adequately protected

Authority

The Director of Internal Audit and staff of the OTIA are authorized to:
  • Have unrestricted access to all functions, records, property, and personnel (except documents protected by solicitor-client privilege held by University Legal Council);
  • Have full and free access to the Audit Committee;
  • Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish the audit mission;
  • Require the necessary assistance of personnel in units of the University where they perform audits, as well as other specialized services from within or outside the University;  and
  • Share internal audit plans, working and audit findings with the external auditor.

Independence

To ensure the independence of the University OTIA, its personnel report to the Director of Internal Audit, who reports functionally to the Audit Committee and administratively to the Vice President, Finance and Services. The budget for Internal Audit will be reviewed by the Audit Committee to ensure that resources are adequate to support the charter and annual audit plan.  The Director of Internal Audit will periodically report to the Audit Committee on the adequacy of resources.

Accountability

The Director of Internal Audit in the discharge of his/her duties shall be accountable to the management and the Audit Committee to:
  • Ensure that audits are Conducted in accordance with professional standards;
  • Conduct and annual risk assessment of the University’s major operations and prepare a multi year risk based audit plan intended to address the material areas of risk identified in the risk assessment;
  • Report to the appropriate level of management the significant issues identified during the course of the audits; where appropriate provide recommendations for improvements; and obtain management action plans to address these issues;
  • Provide regular reporting to the Audit Committee, in summary form, on the material issues identified during the course of the audits; management action plans;  and an update, where applicable, on the status of the implementation of these plans;
  • Provide an annual assessment on the adequacy and effectiveness of the University's process for controlling its activities and managing its risks in the areas set forth under the mission and scope of work performed;
  • Report instances of any difficulties encountered in the course of the work including any restrictions on the scope of the audit work or access to required information;
  • Periodically provide information on the status and results of the annual audit plan, including resources used, and report on the sufficiency of audit resources;
  • Coordinate with the external auditor; and
  • Keep the Audit Committee informed of emerging trends and successful practices in internal auditing.

Responsibility

In addition to the accountabilities, outlined above, The Director of Internal Audit has responsibility to:
  • Establish and maintain documented policies and procedures for conducting the activities, and to direct the technical and administrative functions in internal audit in accordance with the University policies; direction provided by the Audit Committee; and professional standards;
  • Select, develop and maintain competent internal audit staff that collectively has the ability, knowledge, skill and experience necessary to meet the requirements of this charter;
  • Source, externally or within the organization, specialized resources in cases where internal departmental resources do not posses the necessary expertise;
  • Conduct periodic follow-up reviews to evaluate the adequacy of management’s corrective action;
  • Establish a quality assurance program covering the internal audit activities;
  • Develop internal audit performance measurement goals, monitor and periodically report the results to the Audit Committee;
  • Ensure the annual signoff of the internal audit Supplemental Code of Ethics by all internal audit staff;
  • Assist in the investigation of significant suspected fraudulent activities within the University and notify management and the Audit Committee of the results;
  • Evaluate and assess the impact on internal controls of significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion;
  • Consider the scope of work of the external auditors and other audit work engaged by management or external funding agencies, as appropriate, for the purpose of providing optimal audit coverage to the organization at a reasonable overall cost; and
  • Perform consulting services to assist management in meeting its objectives. Examples may include facilitation, internal control awareness training and advisory services.
 
The Director of Internal Audit and OTIA staff are not authorized to:
  • Perform any operational duties for the University;
  • Initiate or approve accounting transactions external to the operations of the OTIA; or
  • Direct the activities of any University employee not employed by the OTIA except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.

Standards of Audit Practice

All internal audit activity, regardless of whether assurance or consulting services, shall meet or exceed International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors.

Confidentiality of Engagement Records

The Director of Internal Audit will control access to engagement records; and consult with senior management and/or legal counsel prior to releasing such records to external parties. Internal audit engagement records include reports, supporting documentation, review notes, and correspondence, regardless of storage media. Engagement records are generally produced under the presumption that their contents are confidential and may contain a mix of both facts and opinions. Access to engagement records by external parties is normally not granted except in response to an order, subpoena or warrant, from a Canadian court. The Auditor General of Alberta has statutory authority to access all records.

Approval

This charter was reviewed and approved by the Board of Governors of the University of Calgary on April 8, 2011.