Internal Audit Charter

Mission

The mission of the Internal Audit Department is to provide independent and objective assurance and consulting services to assist the Board of Trustees and university administration in the effective discharge of their oversight, management, and operating responsibilities.

Purpose

Internal auditing is defined as an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.  It helps an organization accomplish its objective by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Based on an objective assessment of evidence, the Internal Audit Department is to determine whether the university’s internal control, risk management, and governance processes, as designed and implemented by management, are adequate and functioning as intended. 

Responsibilities

Internal audit provides assurance services, consulting services, follow-up reviews and assists with investigations. The nature and scope of an assurance engagement are determined by the Internal Audit Director.  An assurance audit provides an opinion or conclusion regarding the activity under review and, depending on the engagement, includes:

• Determining that risks are appropriately identified and managed.
• Reviewing and appraising the adequacy and effectiveness of accounting, financial, and operating controls.
• Determining the extent of compliance with established policies, plans, and procedures, and with applicable laws and regulations.
• Evaluating the accuracy, reliability, and timeliness of accounting and operational information developed within the organization.
• Identifying areas of cost savings and/or operational improvement.
• Evaluating the extent to which university assets are accounted for and safeguarded from losses of all kinds.
• Reviewing the design of or modifications to major electronic data processing systems prior to their implementation.
• Assessing the potential for the occurrence of fraud and how the institution manages the fraud risk.

Opportunities to improve internal control may be identified during assurance audits.  They will be communicated to the appropriate level of management and follow-up actions by management will be reviewed to determine whether appropriate actions have been taken.  The Internal Audit Director will advise the President when internal audit recommendations are not implemented.  If corrective action is required, the President shall notify the chair of the Board of Trustees and the chair and vice chair of the Finance, Audit, Compliance, Facilities, and Operations (FACFO) Committee of the Board of Trustees.

In addition to performing assurance audits, the Internal Audit Department provides consulting services that are advisory in nature and are generally performed at the specific request of an engagement client.  Consulting may range from formal engagements with defined scope and objective, to advisory activities, such as participating in standing or ad hoc committees or project teams.  Consulting may also include formal guidance provided on an as-needed basis.  Consulting services are conducted in accordance with applicable standards.

As the Chief Audit Executive, the Director of Internal Audit is generally responsible for the administration of this policy and for effectively directing and managing internal audit activities at Northern Illinois University.  The Director is specifically responsible for

• Communicating all material results of internal audit activity to senior management and the FACFO Committee.
• Developing a flexible, two-year audit plan, using an appropriate risk-based methodology and submitting the plan to the President for approval by June 30 each year. The plan should include risks and control concerns identified by senior leadership through the annual risk assessment process and address compliance requirements established by the Fiscal Control and Internal Auditing Act (FCIAA).
• Implementing the audit plan, as approved by the President, by performing operational, compliance, technology, financial, and fraud prevention and detection audits, as well as any special projects requested by management or the FACFO Committee.
• Issuing periodic reports to the President, senior leadership, and/or the FACFO Committee summarizing the results and status of audit activities.
• Reporting annually to the President and FACFO Committee regarding audit plans, activities, staffing, accomplishments, and the organizational structure of the Internal Audit Department. The annual report is due by September 30 each year and should also include a summarization of the scope and results of internal audits and status of management’s corrective action plans.
• Establishing a follow-up process to monitor and identify whether management corrective action plans have been implemented or senior management has accepted the risk of not taking action. This includes proper disclosure to the FACFO Committee when risks have been accepted.
• Assisting management in the coordination of the annual FCIAA certification of internal controls for the university.
• Reviewing the authority, responsibility, and performance related to the internal audit plan on a periodic basis and providing the Internal Audit Charter to the President and FACFO Committee for review and approval.
• Considering the scope of work of external auditors and regulatory agencies as appropriate, to reduce duplication and optimize audit coverage.
• Assisting in the investigation of significant suspected fraudulent activities within the institution and notify management of the results.
• Ensuring all internal auditors maintain sufficient knowledge, skills, and experience to meet the requirements of state statutes and the requirements of this charter. 

Authority

The Internal Audit Department reports functionally and administratively to the President of the University and The Board of Trustees (BOT) through its Finance, Audit, Compliance, Facilities, and Operations Committee (FACFO).  This reporting relationship permits independent and unbiased judgments essential to the proper conduct of audits.  Internal Audit staff have free and unrestricted communication with management and members of the FACFO Committee. 

With the concurrence of the President and the Board of Trustees and in accordance with the Fiscal Control and Internal Auditing Act (Illinois Compiled Statutes, 30 ILCS 10/1001), the Internal Audit Department is authorized to review and evaluate policies, procedures, and practices of any university activity, program, or function.  This authority provides for full access to all records, properties, and personnel relevant to the subject under review.  Persons requesting an audit, special project, or investigation to be performed by the Internal Audit Department should direct their request to the Office of the President.  In performing the audit engagements, the Internal Audit Department has no direct responsibility for or authority over any of the activities reviewed.  Therefore, the internal audit review and appraisal process does not in any way substitute or relieve other university personnel from their assigned responsibilities.

Internal audit records are not public documents.  Internal Audit reports are made available to university administration, the FACFO Committee and to others as mandated by legal, statutory, or regulatory requirements.  Requests for an internal audit report should be directed to the Internal Audit Director and when approved by the President will be distributed within established parameters.

Professional Standards

The Internal Audit Department must carry out its duties in accordance with the Fiscal Control and Internal Auditing Act enacted by the State of Illinois (Illinois Compiled Statutes, 30 ILCS 10).  This includes performing audits in accordance with the Institute of Internal Auditor’s International Professional Practices Framework (IPPF) which were adopted by the State of Illinois Internal Audit Advisory Board as the standard of performance for all state internal auditors.  The IPPF requires mandatory adherence to the Core Principles of the Professional Practice of Internal Auditing, Definition of Internal Auditing, the Code of Ethics, and the Standards.  Other professional accounting and auditing standards will be followed as applicable, including the government auditing standards published by the U.S. General Accounting Office. 

Approved by the Board of Trustees on December 5, 2019