Charter
The Internal Audit Charter describes the authority of the University of Kansas Office of Internal Audit.
Introduction
The Office of Internal Audit provides independent, objective assurance and advisory services designed to add value and improve the operations of the University of Kansas. Internal Audit helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Professional Standards
Internal Audit will serve the University in a manner consistent with the International Professional Practices Framework promulgated by the Institute of Internal Auditors (IIA). Internal Audit staff shall govern themselves by adherence to the IIA’s Code of Ethics. The IIA’s International Standards for the Professional Practice of Internal Auditing shall constitute the Office’s operating procedures. Additionally, Internal Audit will obtain resources, tools, and guidance through the Association of College and University Auditors and the Committee of Sponsoring Organizations.
Authority
Internal Audit shall have full and free access to any and all University and University-controlled affiliate corporation records, physical properties, and personnel relevant to an audit.
Organization
The Internal Audit director shall report directly to the Chancellor on all audit matters. The director shall report directly to the Kansas Board of Regents’ Fiscal Affairs and Audit Committee any situation wherein the director perceives a conflict of interest with or on the part of the Chancellor’s involvement with the subject of an audit.
Independence
Internal Audit staff shall have no direct operational responsibility or authority over any of the activities they review. Accordingly, they shall not develop nor install systems or procedures, prepare records, or engage in any other activity which normally would be audited.
Audit Scope
The scope of Internal Audit shall be unrestricted and encompass the examination and evaluation of the adequacy and effectiveness of the University's governance, risk management process, system of internal control structure, and the quality of performance in carrying out assigned responsibilities to achieve stated goals and objectives. It includes:
- Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
- Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports and whether the University is in compliance.
- Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Reviewing and appraising the economy and efficiency with which resources are employed.
- Reviewing operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
- Reviewing specific operations at the request of University senior administrators, as appropriate.
- Monitoring and evaluating the effectiveness of the University's risk management system.
- Facilitating the University’s response to audits by the Kansas Legislative Division of Post Audit and other external entities.
- Reviewing University-controlled affiliated corporations, including a review of the IRS form 990 for each such corporation, with a focus on potential conflicts of interest and transactions between the university and university controlled affiliated corporations.
Audit Planning
The Internal Audit director shall report annually to the Kansas Board of Regents’ Fiscal Affairs and Audit Committee, summarizing the prior year’s activities and the internal audit plan for the coming year. The internal audit plan is to be developed based on a prioritization of the audit universe using a risk-based methodology. Internal Audit will assess on a regular basis the internal controls for the University’s highest risk units, based on public funds exposure. Internal Audit staff and any individuals or firms contracted by the University to provide internal audit services will handle documents and information received during the course of their duties in the same prudent and confidential manner as by those employees normally accountable for the information.
Reporting
The Internal Audit director or designee shall prepare and issue a written report following the conclusion of each audit and will distribute as appropriate. The University shall submit each completed internal audit report identifying material financial weaknesses or fraud to the Kansas Board of Regents President and Chief Executive Officer who shall be responsible for recommending to the Fiscal Affairs and Audit Committee any specific audit findings that should be reviewed further by the Committee.
The Internal Audit director or designee may include in the audit report the auditee's response and corrective action to be taken in regard to the specific findings and recommendations. Management's response should include a timetable for implementing corrective actions and an explanation for any recommendations not addressed.
Internal Audit shall be responsible for appropriate follow-up on audit findings and recommendations. All significant findings will remain in an open issues file until cleared by the Internal Audit director.
Consequences
Employees who do not provide access to records, property, and/or personnel necessary to conduct an audit, as required by this Policy, may be subject to appropriate disciplinary action, up to and including termination of employment, in accordance with applicable personnel policies for faculty and staff. In addition, consistent with Board of Regents and University Policy and the law, the University may take appropriate remedial measures, including but not limited to disciplinary action against an employee, to address any audit findings.