Internal Audit Policy
Date
July 22, 1986
Revision Date
July 21, 2005
Number
AD 3.10
Revision No.
A
To define the purpose, authority and responsibilities of the Internal Audit Office and establish the principles and framework that govern it.
2. Objectives and Scope
The Internal Auditor1 is responsible for conducting reviews and providing advice on University operations and management activities. By employing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, controls, performance measurement and governance processes, the Internal Auditor assists the University in accomplishing its goals and objectives.
Internal audits may include financial, performance, operational and compliance audits.
The role of the Internal Auditor is to assist the Board of Governors and management in the effective discharge of their fiduciary and administrative responsibilities. This is achieved by providing information, analysis, appraisals, counsel and recommendations concerning activities reviewed, and by promoting effective controls for the recording and reporting of operational activities including the safeguarding of assets.
All University units and operations fall within the mandate of the Internal Audit Office.
This policy should be read in conjunction with the Terms of Reference for the Audit Committee of the Board of Governors. (See Appendix A for details regarding the relationship between the Audit Committee and the Internal Audit Office.)
3. Policy
- The Director, Internal Audit is generally responsible for the administration of this policy and for directing internal audit activities throughout the University.
- The specific objectives of the Internal Auditor are:
- to provide an objective and independent evaluation of the adequacy, efficiency, and effectiveness of management controls over the University's financial, human and physical resources. This includes reviewing and appraising the economy, effectiveness, and efficiency with which resources are employed;
- to monitor and evaluate risk management procedures and internal controls, and to ensure financial and operational risks are understood and appropriately managed;
- to advise stakeholders of findings and recommendations regarding significant risks, performance and governance issues. Also, to identify business, finance and internal control/business system risks to key decision-makers;
- to determine the extent to which University assets are accounted for and safeguarded from losses of all kinds and to verify the existence of assets;
- to monitor whether organizational units are operating in compliance with University policies and procedures, provincial and federal laws and regulations, contractual obligations and sound business practices;
- to review operations or programs to ascertain whether results are consistent with established objectives and goals and are being carried out as planned;
- to review the reliability, integrity and adequacy of financial and operating information and the means in use to identify, measure, classify and report information;
- to execute audits of specific areas or functions in accordance with generally accepted auditing standards as required from time to time;
- to enhance the transparency and accountability of the University's fiscal operations by making available the work of the Internal Auditor to external auditors in their examination of the Universitys financial records and the annual financial statements.
- to provide an objective and independent evaluation of the adequacy, efficiency, and effectiveness of management controls over the University's financial, human and physical resources. This includes reviewing and appraising the economy, effectiveness, and efficiency with which resources are employed;
4. Principles and Objectives
- Independence, objectivity, and integrity are the foundation of an effective internal audit and assurance system. To achieve the highest degree of independence, the internal audit function reports to the Board of Governors through the Chair of the Audit, Risk and Compliance Committee.
- The Director, Internal Audit reports administratively to the University Secretary, whose authority provides appropriate administrative distance from the University's financial operations, but will ensure there is adequate consideration of effective action on internal audit findings and recommendations.
- Objectivity is essential to auditing. The Internal Auditor should not develop and implement procedures or internal controls, prepare records, or engage in any other activities which he or she would normally review or appraise and which could reasonably be construed to compromise his or her independence. The objectivity of the Internal Auditor need not be adversely affected, however, by his or her determination and recommendation of the standards of control to be applied in the development of systems and procedures under his or her review. Concerning independence, internal audit staff should have an impartial, unbiased frame of mind and avoid conflicts of interest and be independent in fact and appearance.
5. Authority
- While the internal audit role is an integral part of the University's administration and functions in accordance with established policies, it is essential for the Internal Auditor to be independent of the activities audited. The Internal Auditor shall assert no direct responsibility or authority over University activities reviewed. Therefore, the review and appraisal of activities by the Internal Auditor does not relieve other individuals in the department or area under audit of any administrative, supervisory, control or other responsibilities related to that department or area.
- All members of the University academic and administrative departments are responsible for providing the Internal Auditor with free and unrestricted access to personnel, physical property, records and any other documentation in any form whatsoever of the University and its related entities, and for ensuring that appropriate actions are taken to address audit recommendations. Information obtained in the course of an internal audit is to be used strictly for the purpose of providing the internal audit duties outlined in the Policy.
6. Professional Standards
The members of the Internal Audit department will conduct their activities in accordance with:
- The Institute of Internal Auditors' Standards for the Professional Practice of Internal Auditing;
- The Institute of Internal Auditors' (IIA) Code of Ethics; and
- The Canadian Institute of Chartered Accountants Auditing Standards.
Members of the Internal Audit department will undertake continuing professional development, and maintain sufficient knowledge, skills, experience, and professional certifications to meet the requirements of their position.
7. Audit Committee of the Board of Governors
- The Director, Internal Audit shall prepare a report at least annually to be distributed to the Chair of the Board of Governors, the Audit, Risk and Compliance Committee of the Board of Governors, and the President for their information and consideration. This report will also include the annual audit plan.
- The Audit, Risk and Compliance Committee of the Board of Governors will review any key changes to the internal audit function, personnel, or budget. The Audit, Risk and Compliance Committee must approve any change to the appointment of the Director, Internal Audit.
- The Director, Internal Audit will meet with the Audit, Risk and Compliance Committee in a confidential session at least once a year. Additional meetings may be held at the request of either the Director or the Committee.
APPENDIX A
Audit Committee - Terms of Reference
Click here to visit the Board of Governors' website - and the Audit, Risk and Compliance Committee's Terms of Reference.