The University of Arizona
   
     
 


 

  

 
Charter Modified December 2003

This charter defines the purpose, authority and responsibility of the Internal Audit Department.

Purpose

The University of Arizona supports the Internal Audit Department as an independent appraisal function to examine and evaluate University activities as a service to management personnel at all levels.  The objectives of the Internal Audit Department are to assist members of the University in the effective discharge of their responsibilities by furnishing them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed and by promoting effective internal control at reasonable cost.

Authority

Internal Audit is responsible to the University's President and to the Senior Vice President for Business Affairs.  The Chief Auditor reports to the Senior Vice President for Business Affairs.  Authorization is granted for internal auditors’ unrestricted access to the University’s functions, records (irrespective of medium), property and personnel relevant to a review.  Documents and information given to Internal Auditors during a review are handled in at least the same prudent manner as by those employees normally accountable for them.

The Chief Auditor shall confer with the Audit Committee of the Board of Regents at least annually, outside the presence of University officials, on any subject germane to Internal Audit’s area of responsibility.  In addition, if the circumstances ever warrant such action, the Chief Auditor may communicate directly with the Chair of the Audit Committee.

Independence and Objectivity

Objectivity and independence are essential to internal auditing; therefore, Internal Auditors shall be independent of the activities audited and shall assert no direct responsibility or authority over activities reviewed.  Internal Auditors do not relieve persons of any responsibilities assigned to them; and, as such, do not develop and install procedures, prepare records, or engage in activities which would normally be reviewed by Internal Auditors.  Recommendations on standards of control to apply to a specific activity may be included in the written report of audit findings and opinions, which is given to management for review and implementation.

Management is responsible for establishing and maintaining controls to discourage the perpetration of fraud.  Internal Auditors are responsible for examining and evaluating the adequacy and the effectiveness of actions taken by management to fulfill this obligation. Internal Auditors should have sufficient knowledge of fraud to be able to identify indicators that fraud might have been committed.  However, Internal Auditors are not expected to have the knowledge equivalent to a person whose primary responsibility is to detect and investigate fraud.  Audit procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected.  Further, it is recognized that the performance of audits and other reviews may include the assistance of other professionals with specific expertise.

All Internal Audit endeavors are to be conducted in compliance with University objectives and policies, the Code of Ethics and the Standards for the Professional Practice of Internal Auditing as promulgated by the Institute of Internal Auditors, and Generally Accepted Auditing Standards as promulgated by the American Institute of Certified Public Accountants.

Scope of Activities

Internal Audit will primarily perform financial, operational, and compliance audits, including related follow-up activities; secondarily may respond to a need for investigative activity and Senior Management requests.

  • Financial audits address questions of accounting and reporting of financial transactions, including commitments, authorizations, and receipt and disbursement of funds. Accounting controls are designed to safeguard assets and ensure the accuracy of financial records.
  • Operational audits review operating information and the means used to identify, measure, classify and report such information; review the means for safeguarding assets; provide analysis and evaluation of operational results with comparison to established University goals, objectives, plans, policies, directives, and procedures.
  • Compliance audits determine the degree of adherence to laws, policies, and procedures.
  • Follow-up audits are conducted for previously completed audits to ensure proper compliance and successful implementation of prior audit recommendations.
  • Investigative audits review reports of possible waste, fraud, or abuse.  They are specifically requested by a departmental or administrative unit, with Senior Management concurrence, as requiring immediate audit review.
  • Audits at the request of Senior Management are typically performed on a one-time basis.

General Responsibilities

The general responsibilities of the Internal Audit Department include, but are not limited to, conducting reviews of University departments and control systems at appropriate intervals to determine whether they are effectively carrying out their functions of administration, accounting, safeguarding of University assets, and control in a manner that is consistent with both University objectives and high standards of administrative practice.

These responsibilities include the following:

  1. Review the reliability and integrity of financial information and the means used to identify, measure, classify, and report such information.
  2. Review the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on operations, and reporting on whether the unit under review is in compliance.
  3. Review the means of safeguarding assets and, as appropriate, verify the existence of such assets.
  4. Review and appraise the economy and efficiency with which resources are employed.
  5. Review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
  6. Conduct special examinations at the request of Senior Management.
  7. Consult on internal controls for new and major system changes prior to implementation to ensure that adequate internal controls and documentation are provided.
  8. Promptly report in writing the results of examinations and recommendations, including the need for Policy as appropriate, to management personnel of sufficient authority to ensure appropriate action is taken with respect to any deficiency noted.
  9. Follow-up to determine whether appropriate action has been taken on significant audit findings and to evaluate any plans or actions taken to correct reported conditions for satisfactory disposition of audit findings.  If the disposition is considered unsatisfactory, see that further discussions are held to achieve a satisfactory disposition.
  10. Evaluate potential exposure or risk in various segments of the University's operations.
  11. Develop an annual audit plan and a long-range audit plan.
  12. Submit audit plans to the President and to the Senior Vice President for Business Affairs for approval.
  13. Coordinate audit efforts with those of the Arizona Board of Regents and the State Auditor General audit staffs so as to maximize use of available resources.