Internal Audit Charter

Mission

The mission of the Internal Audit Department is to provide independent, risk-based, and objective assurance, advice, and insight to assist the Board of Trustees and university administration in the effective discharge of their oversight, management, and operating responsibilities.

Purpose

The purpose of the Internal Audit Department is to strengthen Northern Illinois University’s (NIU) ability to create, protect, and sustain value by providing the Board of Trustees and university administration with independent, risk-based, and objective assurance, advice, insight, and foresight.

The Internal Audit Department enhances NIU’s:

• Successful achievement of its objectives
• Governance, risk management, and control processes
• Decision-making and oversight
• Reputation and credibility with its stakeholders
• Ability to serve the university community

The Internal Audit Department is most effective when:

• Internal auditing is performed by competent professionals in conformance with the Institute of Internal Auditors’ Global Internal Audit Standards^TM, which are set in the public interest.
• The internal audit function is independently positioned with direct accountability to the Board of Trustees.
• Internal auditors are free from undue influence and committed to making objective assessments.

Responsibilities

Internal audit provides assurance services, consulting services, follow-up reviews and assists with investigations. The nature and scope of an assurance engagement are determined by the Executive Director of Internal Audit / Chief Internal Auditor. An assurance audit provides an opinion or conclusion regarding the activity under review and, depending on the engagement, includes:

• Determining that risks are appropriately identified and managed.
• Reviewing and appraising the adequacy and effectiveness of accounting, financial, and operating controls.
• Determining the extent of compliance with established policies, plans, and procedures, and with applicable laws and regulations.
• Evaluating the accuracy, reliability, and timeliness of accounting and operational information developed within the organization.
• Identifying areas of cost savings and/or operational improvement.
• Evaluating the extent to which university assets are accounted for and safeguarded from losses of all kinds.
• Reviewing the design of or modifications to major electronic data processing systems prior to their implementation.
• Assessing the potential for the occurrence of fraud and how the institution manages the fraud risk.

Opportunities to improve internal control may be identified during assurance audits. They will be communicated to the appropriate level of management and follow-up actions by management will be reviewed to determine whether appropriate actions have been taken. The Chief Internal Auditor will advise the President when internal audit recommendations are not implemented. If corrective action is required, the President shall notify the chair of the Board of Trustees and the chair and vice chair of the Finance, Audit, Compliance, Facilities, and Operations (FACFO) Committee of the Board of Trustees.

In addition to performing assurance audits, the Internal Audit Department provides consulting services that are advisory in nature and are generally performed at the specific request of an engagement client. Consulting may range from formal engagements with defined scope and objective, to advisory activities, such as participating in standing or ad hoc committees or project teams. Consulting may also include formal guidance provided on an as-needed basis. Consulting services are conducted in accordance with applicable standards.

As the Chief Audit Executive, the Executive Director of Internal Audit / Chief Internal Auditor is generally responsible for the administration of this policy and for effectively directing and managing internal audit activities at Northern Illinois University. The Chief Internal Auditor is specifically responsible for:

• Communicating all material results of internal audit activity to senior management and the FACFO Committee.
• Developing a flexible, two-year audit plan, using an appropriate risk-based methodology and submitting the plan to the President for approval by June 30 each year. The plan should include risks and control concerns identified by senior leadership through the annual risk assessment process and address compliance requirements established by the Fiscal Control and Internal Auditing Act (FCIAA).
• Implementing the audit plan, as approved by the President and the Board of Trustees, by performing operational, compliance, technology, financial, and fraud prevention and detection audits, as well as any special projects requested by management or the FACFO Committee.
• Issuing periodic reports to the President, senior leadership, and/or the FACFO Committee summarizing the results and status of audit activities.
• Reporting annually to the President and FACFO Committee regarding audit plans, activities, staffing, accomplishments, and the organizational structure of the Internal Audit Department. The annual report is due by September 30 each year and should also include a summarization of the scope and results of internal audits and status of management’s corrective action plans.
• Establishing a follow-up process to monitor and identify whether management corrective action plans have been implemented or senior management has accepted the risk of not taking action. This includes proper disclosure to the FACFO Committee when risks have been accepted.
• Assisting management in the coordination of the annual FCIAA certification of internal controls for the university.
• Reviewing the authority, responsibility, and performance related to the internal audit plan on a periodic basis and providing the Internal Audit Charter to the President and FACFO Committee for review and approval.
• Considering emerging trends and successful practices in internal auditing.
• Considering the scope of work of external auditors and regulatory agencies as appropriate, to reduce duplication and optimize audit coverage.
• Assisting in the investigation of significant suspected fraudulent activities within the institution and notify management of the results.
• Ensuring all internal auditors maintain sufficient knowledge, skills, and experience to meet the requirements of state statutes and the requirements of this charter.

Authority

The Internal Audit Department reports functionally and administratively to the President of the University and The Board of Trustees (BOT) through its Finance, Audit, Compliance, Facilities, and Operations (FACFO) Committee. This reporting relationship confirms the internal audit function’s authority and permits independent and unbiased judgments essential to the proper conduct of audits. Internal Audit staff have free and unrestricted communication with management and members of the FACFO Committee. 

With the concurrence of the President and the Board of Trustees and in accordance with the Fiscal Control and Internal Auditing Act (Illinois Compiled Statutes, 30 ILCS 10/1001), the Internal Audit Department is authorized to review and evaluate policies, procedures, and practices of any university activity, program, or function. This authority provides for full access to all records, properties, and personnel relevant to the subject under review. Persons requesting an audit, special project, or investigation to be performed by the Internal Audit Department should direct their request to the Office of the President. In performing the audit engagements, the Internal Audit Department has no direct responsibility for or authority over any of the activities reviewed.  Therefore, the internal audit review and appraisal process does not in any way substitute or relieve other university personnel from their assigned responsibilities.

Internal audit records are not public documents. Internal Audit reports are made available to university administration, the FACFO Committee and to others as mandated by legal, statutory, or regulatory requirements. Requests for an internal audit report should be directed to the Executive Director of Internal Audit / Chief Internal Auditor, and when approved by the President, will be distributed within established parameters.

Professional Standards

The Internal Audit Department must carry out its duties in accordance with the Fiscal Control and Internal Auditing Act enacted by the State of Illinois (Illinois Compiled Statutes, 30 ILCS 10). This includes adhering to the mandatory elements of the IIA International Professional Practices Framework including the Global Internal Audit Standards and Topical Requirements. Other professional accounting and auditing standards will be followed as applicable, including the government auditing standards published by the U.S. General Accounting Office. The chief internal auditor will report annually to the President, Board of Trustees and senior management regarding the Internal Audit Department’s conformance with the Standards, which will be assessed through a quality assurance and improvement program.

Board of Trustees Oversight

To establish, maintain, and ensure that the Internal Audit Department has sufficient authority to fulfill its duties, the FACFO Committee of the Board of Trustees will:

• Discuss with the chief internal auditor and senior management the appropriate authority, role, responsibilities, scope, and services (assurance and/or advisory) of the internal audit function.
• Ensure the chief internal auditor has unrestricted access to and communicates and interacts directly with the FACFO Committee, including in private meetings without senior management present, in accordance with applicable Illinois state laws or regulations applicable to public meetings and records.
• Discuss with the chief internal auditor and senior management other topics that should be included in the internal audit charter.
• Participate in discussions with the chief internal auditor and senior management about the “essential conditions,” described in the Global Internal Audit Standards, which establish the foundation that enables an effective internal audit function.
• Approve the internal audit function’s charter, which includes the internal audit mandate and the scope and types of internal audit services.
• Review the internal audit charter annually with the chief internal auditor to consider changes affecting the organization, such as the employment of a new chief audit executive or changes in the type, severity, and interdependencies of risks to the organization; and approve the internal audit charter annually.
• With the university President, approve the risk-based internal audit plan.
• Provide input to senior management on the appointment and removal of the chief internal auditor, ensuring adequate competencies and qualifications and conformance with the Global Internal Audit Standards.
• Review and provide input to senior management on the chief internal auditor’s performance.
• Receive communications from the chief internal auditor about the internal audit function including its performance relative to its plan.
• Ensure a quality assurance and improvement program has been established and review the results annually.
• Make appropriate inquiries of senior management and the chief internal auditor to determine whether scope or resource limitations are inappropriate.

Quality Assurance and Improvement Program

The Internal Audit Department will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include both internal and external assessments and will ensure conformance with the Global Internal Audit Standards and continuous performance improvement. Annually, the chief internal auditor will communicate with the FACFO Committee and senior management about the Internal Audit Department’s quality assurance and improvement program, including the results of internal assessments (ongoing monitoring and periodic self-assessments) and external assessments. External assessments will be conducted at least once every five years by a qualified, independent assessor or assessment team, in conformance with the requirements of the Fiscal Control and Internal Auditing Act enacted by the State of Illinois (Illinois Compiled Statutes, 30 ILCS 10).

Approved by the Northern Illinois University Board of Trustees December 12, 2024