Penn State University rock wall sign

Internal Audit Charter

Internal Audit Charter

Introduction

Internal auditing is an independent objective assurance and consulting activity designed to add value and improve the University’s operations.  It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.  The objectives of internal auditing are to assist members of the University community in the effective discharge of their responsibilities by furnishing them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed and by promoting effective control at reasonable cost.

Role of the Internal Audit Department

The Internal Audit department is an established department within Finance & Business, and its responsibilities are defined in this charter which is approved by the Committee on Audit and Risk of the Board of Trustees.  The Internal Audit Director reports administratively to the Senior Vice President for Finance & Business/Treasurer and reports functionally to the Chair of the Committee on Audit and Risk of the Board of Trustees.  In addition, the Director has direct and full access to the President of the University, as necessary.

Authorization

Authorization is granted for full and complete access to any of the University's records (either manual or electronic), physical properties, and personnel relevant to an audit engagement.  Also, authorization is given to allocate resources, set audit scope and apply techniques required to accomplish internal audit objectives.  Documents and information given to internal auditors during a periodic review will be handled in the same prudent manner as by those employees normally accountable for them.

Internal auditors have no direct responsibility or any authority over any of the activities or operations that they review. They should not develop procedures and install or assist in installing systems, prepare records, or engage in activities that would normally be reviewed by internal auditors.

Recommendations on standards of control applicable to a specific activity may be included in the written report of opinions and audit issues that are given to operating management for review and implementation.

Internal Audit will conduct its responsibilities in accordance with the International Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors and University policies and procedures.

Responsibilities

The responsibilities of internal auditing encompass the following:

  • Review the adequacy and effectiveness of internal control systems, both manual and electronic.
  • Review established systems, policies and procedures to ensure the University is in compliance with laws and regulations.
  • Receive reports from the University’s Ethics and Compliance Hotline as assigned by the Office of Ethics and Compliance.  For reports received, determine and transmit the appropriate response.
  • Conduct investigations of allegations of financial and operational misconduct.
  • Review means of safeguarding assets.
  • Determine if resources are used efficiently and effectively.
  • Evaluate University operations to identify process improvement and cost-saving opportunities.
  • Assist in determining and then provide the needed amount of internal audit effort in connection with the performance of the annual financial audit conducted by the external independent accountants.
  • Consult in the review of the design/development of new business and computer systems.
  • Determine if significant financial, managerial and operating information is accurate, reliable and timely.
  • Review the University’s compliance guidelines for ethical business conduct.
  • Evaluate plans and actions taken to correct Internal Audit report issues.
  • Provide adequate follow-up to ensure corrective action is taken and evaluate its effectiveness.
  • Submit annual audit plans and status to the Senior Vice President for Finance & Business/Treasurer and the Committee on Audit and Risk.
  • Maintain a professional audit staff with appropriate skills, knowledge, experience and certifications to meet the requirements of this Charter.
  • Keep Senior Management and members of the Committee on Audit and Risk informed with respect to emerging trends and successful practices in the internal audit profession.

Reporting Accountabilities

A written report will be prepared and issued by the Internal Audit Director following the conclusion of each audit and will be distributed as appropriate in accordance with University policy.  The report will be issued to Senior Management of the area under audit, as well as their immediate supervisor.  Senior Management of the activity or department receiving the internal audit report will incorporate a written response to each audit issue and recommendation within the audit report.  This response will indicate what actions were taken or are planned in regard to the specific issues and recommendations in the internal audit report.  If appropriate, a timetable for the anticipated completion of these actions will be included.     

In addition, a written summary of all reporting activity, including a status report of audit findings and corrective action will be provided to the Senior Vice President for Finance & Business/Treasurer and presented to the Committee on Audit and Risk at its meetings.