Internal Auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of Queen’s University (the University). The Internal Audit department (Internal Audit) assists the University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the University’s governance, risk management, and control processes.
The responsibilities of the Internal Audit department are defined by the Audit Committee of the Board of Trustees as part of their oversight function
Internal Audit staff shall govern themselves by adherence to The Institute of Internal Auditors' (Institute) "Code of Ethics". The Institute's "International Standards for the Professional Practice of Internal Auditing" (Standards) shall guide the operating procedures for Internal Audit . These two documents constitute an addendum to this charter. The Institute of Internal Auditors' "Practice Advisories" will be adhered to as applicable. In addition, Internal Audit will adhere to the University’s policies and procedures and Internal Audit's Standard Operating Procedures Manual. The Standard Operating Procedures Manual shall include attribute, performance, and implementation standards to guide Internal Audit.
Internal Audit has the authority to audit all parts of the University and shall have full, free, and unrestricted access to any and all of the University’s records, physical properties, and personnel relevant to any function under review. Management will:
Internal Audit shall also have free and unrestricted access to the Provost, Principal, Chair of the Board of Trustees, and the Audit Committee of the Board of Trustees
Documents and information given to Internal Audit during a periodic review will be handled in the same prudent and confidential manners as by those employees normally accountable for them.
The Director, Internal Audit shall report administratively to the Vice Principal (Finance & Administration) and functionally to the Audit Committee of the Board of Trustees.
All Internal Audit activities shall remain free of influence by any element of University management, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of an independent and objective mental attitude necessary in rendering reports.
Internal auditors shall have no direct operational responsibility or authority over any of the activities they review. Accordingly, they shall not develop nor install systems or procedures, prepare records, or engage in any other activity which would normally be audited.
The scope of Internal Audit encompasses the examination and evaluation of the adequacy and effectiveness of the University's governance, risk management process, system of internal control structure, and the quality of performance in carrying out assigned responsibilities to achieve the University's stated goals and objectives. It includes:
10. Monitoring and evaluating the effectiveness of the University’s risk management system.
11. Performing and reporting on follow-up reviews to determine the status of recommendations contained in reports.
12. Reviewing the quality of external auditors and the degree of coordination with Internal Audit.
To the extent that resources are available, Internal Audit will provide advice and assistance to University management when requested, by:
Annually, the Director, Internal Audit shall submit to senior management and the Audit Committee a summary of the five year audit plan, annual audit plan, staffing plan, and budget for the following fiscal year. The five year and annual audit plans are to be developed based on a prioritization of the audit universe using a risk based methodology. Any significant deviation from the formally approved audit plans shall be communicated to senior management and the Audit Committee through periodic activity reports.
A written report will be prepared and issued by the Director, Internal Audit following the conclusion of each audit and will be distributed as appropriate. A copy of each audit report and a summarization will be forwarded to the Vice Principal (Finance and Administration), Chair of the Audit Committee, and the external auditor. A summarization will be forwarded to the Audit Committee.
The Director, Internal Audit may include in the audit report the auditee's response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management's response should include a timetable for anticipated completion of action to be taken and an explanation for any recommendations not addressed or agreed to.
Internal Audit shall be responsible for appropriate follow-up on audit findings and recommendations. All significant findings will remain in an open issues file until cleared by the Director, Internal Audit or the Audit Committee.
In cases where a response is not included within the audit report, management of the audited area should respond, in writing, within thirty days of publication to Internal Audit and those on the distribution list.
The Director, Internal Audit should periodically assess whether the purpose, authority, and responsibility, as defined in this charter, continue to be adequate to enable the internal auditing activity to accomplish its objectives. The result of this periodic assessment should be communicated to senior management and Audit Committee of the Board of Trustees.