Signed Copy of Internal Audit Services' Charter (PDF)

Internal auditing is an independent objective assurance and consulting activity designed to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight to improve operations of the University. Internal Audit helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. The Audit Committee of the University’s Board of Trustees authorizes the Internal Audit Office to engage in its internal audit activities as provided under law, policy, standards, and as identified herein.

Authority/Unrestricted Access

The function of Internal Audit is authorized and required by the following:

• Utah Internal Audit Act (Utah Code 63I-5-101, et. seq.)) - requires the establishment of an internal audit program in Utah’s public higher education institutions.
• Utah Board of Higher Education (State Board) Policy R567 “Internal Audit Program” - requires each institution to maintain an internal audit activity plan.
• Weber State University PPM 5-10a “Internal Audit” authorizes internal audit activities of the Internal Audit Office and states “Internal Audit's reviews may include any department, system, function or administrative unit of the University and is authorized full, free and unrestricted access to all University fiscal and administrative functions, records, property and personnel or student records.” 

All faculty and staff are required to assist the internal audit activity in fulfilling its roles and responsibilities.  The internal audit activity will also have free and unrestricted access to the Board of Trustees Audit Committee. 

Internal Audit will conduct reviews of University organizational units, activities or processes as necessary.  It has two distinct but compatible functions:

• Serve as a control function by examining and providing reasonable assurance to management and appropriate external bodies concerning the adequacy and effectiveness of established controls such as University policies and procedures and other regulatory requirements.
• Provide consulting and assurance auditing services with the goal of assisting University departments in fulfilling their objectives.

Professionalism

Internal Audit shall adhere to the mandatory guidance of the Institute of Internal Auditors including:

• The Definition of Internal Auditing
• The Code of Ethics
• The International Standards for the Professional Practice of Internal Auditing (Standards)
• The Core Principles for the Professional Practice of Internal Auditing

In addition, Internal Audit shall adhere to the University’s and the Utah Board of Higher Education’s policies and procedures.

Organization

The Director of Internal Audit reports directly to both the University President and to the Board of Trustees Audit Committee Chair. The hiring, evaluation, and termination of the Director of Internal Audit is subject to approval of the Board of Trustees Audit committee.

Independence and Objectivity

The Internal Audit department will remain free from interference by any element in the university, including matters regarding audit selection, scope, procedures, frequency, timing or report content to permit maintenance of a necessary independent and objective mental attitude.

Internal auditors will have no direct operational responsibility or authority over any of the activities audited.  Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair internal auditor’s judgment.

Internal auditors are expected to be objective in performing their responsibilities. Circumstances that may hinder objectivity must be disclosed and discussed with the director of Internal Audit. These include potential or actual conflicts of interest relating to family, community or business.

Internal Audit Plan

An audit plan shall be prepared by the Director of Internal Audit each year to establish the general scope of audit coverage and the cycle of the plan shall coincide with the fiscal year of the university. Further, the development of the audit plan should include a two-year plan for scheduling audits of university departments, systems and processes.

The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input of senior management and the Board of Trustee Audit Committee. The audit plan shall be implemented by the Director of Internal Audit upon approval by the audit committee.  The Director of Internal Audit will review and adjust the plan, as necessary, in response to changes in the university’s business, risks, operations, programs, systems, and controls.  Any significant deviation from the approved internal audit plan will be communicated to senior management and the Board as needed.

While the approved annual audit plan shall prescribe assignment priorities for the Director of Internal Audit, they shall be concerned with any phase of institutional activity where the internal audit function may provide a beneficial service to management. This management service involves going beyond the accounting and financial records to obtain a full understanding of the operations under review. 

The Director of Internal Audit may use external service providers to supplement existing in-house Internal Audit functions or provide expert knowledge to help execute certain areas of the audit plan. The Director of Internal Audit will retain oversight of all outsourced arrangements.

Reporting

The results of audits and reviews will be documented and communicated to the appropriate administrators.

Internal audit reports will include the observations, conclusions and recommendations derived from the completed audit work. In most instances, reports will include management responses and corrective actions that will be taken in regards to the findings and recommendations.

Internal Audit will allow management sufficient time to implement these corrective actions or plans before conducting a follow-up evaluation to assess satisfactory implementation of audit recommendations. Follow-ups are generally performed approximately six months after the issuance of the original audit report.

The Director of Internal Audit provides the Audit Committee and the University President with regular updates regarding internal audit activities. In addition, an annual report of internal audit activities is prepared for the Audit Committee chair to present to the Utah Board of Higher Education Audit Committee.