INTERNAL AUDIT DEPARTMENT CHARTER
(Adopted June 19, 1981) (Revised July 1, 1990)
(Amended August 1992)
(Reporting Responsibility - updated: September 8, 1998)
(Revised October 2013)
It is the policy of Georgetown University to provide an internal auditing function as a means of supplying the President and the Board of Directors with an independent review of University operations and the adequacy of the performance of management personnel at all levels in the risk management, control, and governance processes of the operations for which they are responsible.
In accordance with this policy, the Internal Audit Department has been established to perform assurance, consulting, and advisory services in review of internal controls, financial and compliance aspects, and operating procedures to the extent necessary to comply with this policy and adding value to improve the University’s operations.
MISSION OF INTERNAL AUDITING
The Internal Audit function is a continuous independent management control and appraisal activity established within the University to review accounting, financial and other operations to determine for the President and Board of Directors that:
(1) Assets are safeguarded and their use properly accounted for.
(2) Accurate financial and managerial controls exist and function properly.
(3) Recommendations are made for appropriate improvements in controls.
(4) Management plans, policies and procedures are carried out and executed efficiently and effectively.
INTERNAL AUDIT RESPONSIBILITY
In discharging the duties as set forth in this Charter, the department will adhere to the mandatory guidance as set forth by The Institute of Internal Auditors, Inc (IIA), including the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (Standards). The department will utilize, as applicable to guide operations, IIA and other appropriate professional body’s practice advisory/guides and position papers.
In addition, the internal audit activity will adhere to the University’s relevant policies and procedures and the internal audit department’s practices and procedures manual.
OBJECTIVE OF THE INTERNAL AUDIT DEPARTMENT
The objectives of the Internal Audit Department at Georgetown University include the following:
(1) To develop a comprehensive practical program of audit coverage of the University using a risk-based methodology, including input from senior management and the Audit Subcommittee of the Board of Directors.
(2) To conduct reviews of assigned organizational and financial activities of the University.
(3) To determine whether department units within the University are performing their planning, accounting, custodial or control activities in compliance with management instructions and applicable statements of policies and procedures in a manner consistent with University objectives.
(4) To evaluate the adequacy and effectiveness of the management control over these activities.
(5) To verify and analyze transactions of the departments under review and to prepare workpapers documenting the results of the audit procedures performed in accordance with the Standards.
(6) To report audit findings on the results of procedures performed and to make recommendations to management for the correction of unsatisfactory conditions; improvements in operations; reductions in costs; and to perform special reviews at the request of management.
(7) Report to the Chief Operating Officer and Audit Subcommittee of the Board of Directors regarding an assessment of enterprise risks. The assessment provides information regarding risk factors relative to the various operations and functions of the University. Also, the assessment facilitates the development of the annual audit plan.
(8) Conduct appropriate follow-up on findings and recommendations. All significant findings will remain open until management’s action plan clears the issue.
INDEPENDENCE AND OBJECTIVITY
The internal audit function will remain free from interference by any element in the University, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.
Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair internal auditor’s judgment.
Internal auditors must exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors must make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.
The Chief Audit Executive will confirm to the Board, at least annually, the organizational independence of the internal audit function.
APPOINTMENT AND POSITION OF INTERNAL AUDIT CHIEF AUDIT EXECUTIVE
The Chief Audit Executive (CAE) will be appointed or removed by the President upon the recommendation of the Chief Operating Officer and with the advice and consent of the Chairman of the Audit Subcommittee of the Board of Directors. The Audit Subcommittee of the Board of Directors will also review the CAE’s annual performance appraisal, compensation, and salary adjustment.
CHIEF AUDIT EXECUTIVE AUTHORITY
The Internal Audit function is organized and functions under the CAE. The CAE is authorized to conduct a broad, comprehensive program of assessment within the University which will include the examination and evaluation of the adequacy, efficiency and effectiveness of the systems of financial and management control of the University, and their compliance with University policies and plans. In accomplishing these activities, the CAE and the audit staff, with strict accountability for confidentiality, are authorized to have full, free and unrestricted access to all University functions, records, property, and personnel relevant to the subject under review.
REPORTING RESPONSIBILITY OF THE CHIEF AUDIT EXECUTIVE
In carrying out the foregoing duties and responsibilities, the CAE will issue reports to the Vice President concerned and to the Chief Operating Officer. Audits deemed worthy of the attention of the President of the University and the Chairman of the Audit Subcommittee of the Board of Directors shall be forwarded. The CAE will meet with the Board of Directors periodically at the Board's request to report the plans for audit activity, the results of audit activity and to provide any other information or assistance which the Board requires. In addition, the CAE has direct access to the President and the Board should matters of immediate significance arise which demand such attention.
ADMINISTRATIVE COORDINATION OF INTERNAL AUDIT ACTIVITY
To assure the adequacy of the management responses to audit reports issued by the CAE and to provide the everyday administrative support and supervision of Internal Audit, the Chief Operating Officer is assigned responsibility for the oversight of the internal audit activity and will assure that:
Organizations and functions within the University are reviewed at appropriate intervals to determine whether they are effectively carrying out their functions of planning, operations, accounting, custody and control in accordance with University instructions, policies and procedures in a manner that is consistent with University objectives and with high standards of good business practice.
PERIODIC QUALITY ASSESSMENT
The CAE will periodically report to senior management and the Board on the internal audit function’s purpose, authority, and responsibility, as well as performance relative to its plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the Board.
In addition, the CAE will communicate to senior management and the Board on the internal audit function’s quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every five years.