Internal Audit Charter
Adopted June 20, 2014
The Louisiana State University System Internal Audit function is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of the LSU System. It assists the University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization’s governance, risk management, and internal control.
Management of each of the System’s component institutions has the responsibility to
ensure that assets are properly safeguarded, internal controls are established and
are sufficient to ensure compliance with applicable laws and regulations, and procedures
are sufficient to detect errors and fraud in a timely manner. Campus heads are also
responsible for providing input into the annual risk assessment and audit plan and
for establishing and enforcing a policy to ensure the effective and timely resolution
of all audit findings.
Internal Audit is established by the Board of Supervisors (Board). Internal Audit furnishes impartial, independent analyses, appraisals, recommendations, and pertinent comments on the business activities of the institution. Its responsibilities are defined by the Board as part of their oversight role.
Internal auditing is centrally managed by the Chief Auditor who serves as the System’s “Chief Audit Executive” as defined by the International Standards for the Professional Practice of Internal Auditing. The Chief Auditor reports to the Board of Supervisors (Board) through the Audit Committee and to the President. The Board approves the internal audit charter as well as all decisions regarding the appointment and removal of the Chief Auditor.
The Audit Committee will:
- Approve the risk-based internal audit plan
- Approve the internal audit budget and resource plan
- Receive communications from the Chief Auditor on the Internal Audit’s performance relative to its plan and other matters and annually evaluate, along with the President, the performance of the Chief Auditor
- Make appropriate inquiries of management and the Chief Auditor to determine whether there is inappropriate scope or resource limitations.
The Chief Auditor will communicate and interact directly with the Audit Committee including, when appropriate, in executive session and between meetings as appropriate.
Professionalism and commitment to excellence are facilitated by operating within a framework of professional practice. Internal Audit will govern itself by adherence to The Institute of Internal Auditors’ mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (Standards). This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of Internal Audit’s performance.
Internal Audit, with strict accountability for confidentiality and safeguarding records and information, is authorized full, free, and unrestricted access to any and all records, physical properties, and personnel pertinent to carrying out any engagement at all LSU System institutions. All employees are requested to assist Internal Audit in fulfilling its roles and responsibilities. Internal Audit will also have free and unrestricted access to the Audit Committee.
Independence and Objectivity
Internal Audit will remain free from interference by any element in the organization, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.
Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair internal auditor’s judgment.
Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.
The Chief Auditor will confirm to the Audit Committee, at least annually, the organizational independence of the internal audit activity.
The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the organization’s governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the University’s stated goals and objectives. This includes:
- Evaluating risk exposure relating to achievement of the University’s strategic objectives.
- Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
- Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the organization.
- Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Evaluating the effectiveness and efficiency with which resources are employed.
- Evaluating operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
- Monitoring and evaluating governance processes.
- Monitoring and evaluating the effectiveness of risk management processes.
- Performing consulting and advisory services related to governance, risk management, and control as appropriate for the University.
- Reporting periodically on Internal Audit’s purpose, authority, responsibility, and performance relative to its plan.
- Reporting significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the Audit Committee.
- Evaluating specific operations at the request of the Audit Committee or management, as appropriate.
- Investigate allegations of fraud at all System institutions.
- Giving due consideration to the scope of work of the external auditors and other regulatory agencies, as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.
Internal Audit Plan
At least annually, the Chief Auditor will submit to senior management, for review, and the Audit Committee, for approval, an internal audit plan. The internal audit plan will consist of a work schedule as well as budget and resource requirements for the next fiscal year. The Chief Auditor will communicate the impact of resource limitations and significant interim changes to the President and the Audit Committee.
The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input of senior management and the Audit Committee. The Chief Auditor will review and adjust the plan as necessary in response to changes in the University’s business, risks, operations, programs, systems, and controls. Any significant deviation from the approved internal audit plan will be communicated to the President and the Audit Committee through periodic activity reports.
Reporting and Monitoring
Internal Audit ensures that the results of audits and other services are properly communicated to the appropriate management or operating personnel in the form of written reports, consultation, advice, or any other means. The Chief Auditor will authorize the issuance of all internal audit reports. Written reports include, or will be followed by, management comments itemizing specific actions taken or planned to resolve the reported finding and to ensure that operational objectives are achieved. Management’s response should include a timetable for anticipated completion of action to be taken and an explanation for any recommended corrective action that will not be implemented. Internal Audit will be responsible for appropriate follow-up on engagement findings and recommendations. All significant findings will remain in an open issues file until cleared.
The Chief Auditor shall report not less than quarterly to the Audit Committee and President and annually to the entire Board on internal and external audit activities. Upon presentation to the President and acceptance by the Audit Committee, copies of the quarterly report will be provided to the Board.
Quality Assurance and Improvement Program
Internal Audit will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of Internal Audit’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.
The Chief Auditor will communicate to the President and the Audit Committee on Internal Audit’s quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every five years.