Internal Audit Charter

Jacksonville State University Internal Audit Charter

I. Introduction

This Charter contains the policies and standards by which the Internal Audit function of Jacksonville State University (“JSU”) will be governed.

II. Mission, Scope, and Nature of Work

A. The mission of Internal Audit is to provide independent, objective assurance and consulting services designed to add value and improve JSU’s operations. Internal Audit helps JSU accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

B. The scope and nature of work of the Internal Audit department is to determine whether JSU’s risk management, control, and governance processes, as designed and represented by senior administrators (defined as Vice Presidents and other direct reports to the President), are adequate and functioning in a manner to ensure:

1. Risks are appropriately identified and managed,
2. Significant financial, managerial, and operating information are accurate, reliable, and timely,
3. Employee’s actions are in compliance with policies, standards, procedures, and applicable laws and regulations,
4. Resources are acquired economically, used efficiently, and adequately protected,
5. Programs, plans, and objectives are achieved,
6. Quality and continuous improvement are fostered in the control processes, and
7. Significant legislative or regulatory issues impacting JSU are recognized and addressed properly.

III. Authority

The chief internal auditor (“internal auditor”) is authorized to:

A. Have unrestricted access to all functions, records, property, and personnel,
B. Have full and free access to the Audit, Risk & Compliance Committee of the Board of Trustees,
C. Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives, and
D. Obtain the necessary assistance of personnel in units where they perform audits, as well as other specialized services from within or outside JSU.

The internal auditor is NOT authorized to:

A. Perform any operational duties for JSU,
B. Initiate or approve accounting transactions external to the Internal Audit department, or
C. Direct the activities of any JSU employee not employed by the Internal Audit department, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist during an audit.

IV. Accountability

The internal auditor shall report administratively to the President and functionally to the Audit, Risk & Compliance Committee. In the discharge of his/her duties, the internal auditor shall:

A. Report significant issues related to the processes for controlling the activities of JSU, including potential improvements to those processes, and
B. Provide information periodically on the status and results of the annual audit plan and the sufficiency of department resources.

V. Chief Audit Executive Responsibilities

The internal auditor will carry out the following responsibilities:

A. Develop a flexible annual audit plan using appropriate risk-based methodology (including, as appropriate, any risks or control concerns identified by senior administrators) and submit the plan to the President and the Audit, Risk & Compliance Committee for review and approval,
B. Implement the approved annual audit plan, including, as appropriate, any special tasks or projects requested by senior administrators, the President and/or the Audit. Risk & Compliance Committee,
C. Create a culture of support, collaboration and accessibility with senior administrators, faculty, staff and students,
D. Assist senior administrators in meeting objectives by performing consulting services in addition to assurance services,
E. Issue periodic reports to the Audit, Risk & Compliance Committee, the President and senior administrators summarizing results of audit activities,
F. Serve as a liaison between JSU and the external auditor,
G. Investigate suspected fraudulent activities within JSU,
H. Consider the scope of work of external auditors and regulatory agencies, as appropriate, for the purpose of providing optimal audit coverage to JSU, and
I. Coordinate with other control and monitoring functions (risk management, security, legal, and safety), as appropriate.

VI. Senior Administrator Responsibilities

Senior Administrators will carry out the following responsibilities:

A. Participate with Internal Audit to formulate the annual audit plan,
B. Meet routinely with Internal Audit to review the status of audit work,
C. Communicate to Internal Audit any unanticipated audit needs as they arise,
D. Review with Internal Audit all audit reports and ensure all corrective action plans are completed, and
E. Participate with the internal auditor in presenting the audit results to the Audit, Risk & Compliance Committee of the Board of Trustees, when necessary.

VII. Acceptance of Risks

When a difference of opinion exists between Internal Audit and senior administrators, the internal auditor will execute the following process until the difference is resolved:

A. The internal auditor, the responsible senior administrator and the President will meet to discuss and resolve the matter,
B. In the event the internal auditor believes an unacceptable level of risk has been assumed by JSU, the internal auditor will elevate the concern to the Audit, Risk & Compliance Committee of the Board of Trustees.

VIII. Standards of Audit Practice

Internal Audit will operate under the International Standards for the Professional Practice of Internal Auditing of The Institute of Internal Auditors and will disclose areas of noncompliance to the Audit, Risk & Compliance Committee. On occasion, other standards such as the Government Auditing Standards may apply. Internal auditors will uphold the principles of integrity, objectivity, confidentiality, and competency as defined in The Institute of Internal Auditors Code of Ethics.