Internal Audit Charter

Introduction

Internal Auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of Queen’s University (the University). The Internal Audit department (Internal Audit) assists the University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the University’s governance, risk management, and control processes.

Role

The responsibilities of the Internal Audit department are defined by the Audit Committee of the Board of Trustees as part of their oversight function

Professional Standards

Internal Audit staff shall govern themselves by adherence to The Institute of Internal Auditors' (Institute) "Code of Ethics". The Institute's "International Standards for the Professional Practice of Internal Auditing" (Standards) shall guide the operating procedures for Internal Audit . These two documents constitute an addendum to this charter. The Institute of Internal Auditors' "Practice Advisories" will be adhered to as applicable. In addition, Internal Audit will adhere to the University’s policies and procedures and Internal Audit's Standard Operating Procedures Manual. The Standard Operating Procedures Manual shall include attribute, performance, and implementation standards to guide Internal Audit.

Authority

Internal Audit has the authority to audit all parts of the University and shall have full, free, and unrestricted access to any and all of the University’s records, physical properties, and personnel relevant to any function under review. Management will:

• Support Internal Audit by providing complete, accurate, and timely information as requested by Internal Audit;
• Cooperate with Internal Audit to ensure the reporting process is effective and efficient and reports are closed in a timely manner; and;
• Keep the Director, Internal Audit informed of known or suspected cases of fraud involving University funds, property, employees or contractors.

Internal Audit shall also have free and unrestricted access to the Provost, Principal, Chair of the Board of Trustees, and the Audit Committee of the Board of Trustees

 Documents and information given to Internal Audit during a periodic review will be handled in the same prudent and confidential manners as by those employees normally accountable for them.

Organization

The Director, Internal Audit shall report administratively to the Vice Principal (Finance & Administration) and functionally to the Audit Committee of the Board of Trustees.

Independence

All Internal Audit activities shall remain free of influence by any element of University management, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of an independent and objective mental attitude necessary in rendering reports.

Internal auditors shall have no direct operational responsibility or authority over any of the activities they review.  Accordingly, they shall not develop nor install systems or procedures, prepare records, or engage in any other activity which would normally be audited.

Audit Scope

The scope of Internal Audit encompasses the examination and evaluation of the adequacy and effectiveness of the University's governance, risk management process, system of internal control structure, and the quality of performance in carrying out assigned responsibilities to achieve the University's stated goals and objectives.  It includes:

1. Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
2. Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports and whether the University is in compliance.
3. Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
4. Reviewing and appraising the economy and efficiency with which resources are employed.
5. Reviewing established systems of internal control to ascertain whether they are adequately designed and operating effectively.
6. Reviewing operations, programs or major projects to ascertain whether results are consistent with established goals and objectives and whether the operations, programs or major projects are being carried out as planned.
7. Examining and reporting on the adequacy of internal controls for new or significantly modified central financial and administrative information systems as well as divisional/departmental systems interfacing with the central information systems;
8. Investigating and reporting on alleged violations of policies and procedures, errors, fraud or misuse of University assets, and rules and regulations covering research and other grants.
9. Reviewing specific operations at the request of the Audit Committee or management, as appropriate.

10. Monitoring and evaluating the effectiveness of the University’s risk management system.

11. Performing and reporting on follow-up reviews to determine the status of recommendations contained in reports.

12. Reviewing the quality of external auditors and the degree of coordination with Internal Audit.

To the extent that resources are available, Internal Audit will provide advice and assistance to University management when requested, by:

1. Serving as a consulting resource for the review of policies and procedures, financial and administrative systems, enterprise risk management, organizational structures, and other related governance, risk and control activities.
2. Serving as a consulting resource for the development of control procedures for new or significantly modified manual and computer-based financial and administrative systems.

Audit Planning

Annually, the Director, Internal Audit shall submit to senior management and the Audit Committee a summary of the five year audit plan, annual audit plan, staffing plan, and budget for the following fiscal year.  The five year and annual audit plans are to be developed based on a prioritization of the audit universe using a risk based methodology.  Any significant deviation from the formally approved audit plans shall be communicated to senior management and the Audit Committee through periodic activity reports.

Reporting

A written report will be prepared and issued by the Director, Internal Audit following the conclusion of each audit and will be distributed as appropriate.  A copy of each audit report and a summarization will be forwarded to the Vice Principal (Finance and Administration), Chair of the Audit Committee, and the external auditor. A summarization will be forwarded to the Audit Committee.

The Director, Internal Audit may include in the audit report the auditee's response and corrective action taken or to be taken in regard to the specific findings and recommendations.  Management's response should include a timetable for anticipated completion of action to be taken and an explanation for any recommendations not addressed or agreed to. 

Internal Audit shall be responsible for appropriate follow-up on audit findings and recommendations.  All significant findings will remain in an open issues file until cleared by the Director, Internal Audit or the Audit Committee.

In cases where a response is not included within the audit report, management of the audited area should respond, in writing, within thirty days of publication to Internal Audit and those on the distribution list.

Periodic Assessment

The Director, Internal Audit should periodically assess whether the purpose, authority, and responsibility, as defined in this charter, continue to be adequate to enable the internal auditing activity to accomplish its objectives.  The result of this periodic assessment should be communicated to senior management and Audit Committee of the Board of Trustees.