Boston College Internal Audit Department Charter
Mission and Scope of Work
The mission of Internal Audit is to provide independent assessment, objective assurance and consulting designed to add value and improve Boston College operations. Internal Audit helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The scope of work of Internal Audit is to determine whether the Boston College network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure that:
- Operations are transacted in accordance with sufficient internal controls, good business judgment, and high ethical standards.
- Assets are safeguarded.
- Accounting and administrative controls are effective and efficient.
- Risks are appropriately identified and managed.
- Significant financial, managerial, and operating information is accurate, reliable, and timely.
- Employee actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
- Quality and continuous improvement are fostered in conjunction with control processes.
- Significant legislative or regulatory issues impacting the University are recognized and addressed properly.
Opportunities for improving management control, profitability, and the University image may be identified during audits. They will be communicated to the appropriate level of management.
The Director of Internal Audit shall be accountable to management and the audit committee to:
- Provide annually an assessment on the adequacy and effectiveness of processes for controlling activities and managing risks in the areas set forth under the mission and scope of work.
- Report significant issues related to the processes for controlling the organizational activities, including potential improvements to those processes, and provide information concerning such issues through resolution.
- Provide information periodically on the status and results of the annual audit plan and the sufficiency of department resources.
The scope of audit coverage is enterprise-wide and no function, activity, or unit of the University is exempt from audit and review. To provide for the independence of the internal auditing department, its staff report to the Director of Internal Audit, who reports administratively to the Financial Vice President and functionally to the board and audit committee in a manner outlined in the above section on accountability.
The CAE and staff of the internal auditing department have responsibility to:
- Appraise the adequacy of internal controls.
- Verify the existence of University assets and ensure that proper safeguards are maintained to protect them from loss.
- Evaluate whether existing policies, procedures and practices are functional and effective.
- Provide guidance on control aspects of new systems and procedures.
- Assess the integrity of University information systems and recommend security improvements.
- Perform special studies or investigations requested by management.
- Develop a flexible annual audit plan using appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the audit committee for review and approval.
- Implement the annual audit plan, as approved, including, and as appropriate, any special tasks or projects requested by management and the audit committee.
- Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter.
- Establish a quality assurance program by which the CAE assures the operation of internal auditing activities.
- Perform consulting services, beyond Internal Audit assurance services, to assist management in meeting its objectives. Examples may include facilitation, process design, training, and advisory services.
- Issue periodic reports to the audit committee and management summarizing results of audit activities.
- Keep the audit committee informed of emerging trends and successful practices in internal auditing.
- Provide a list of significant measurement goals and results to the audit committee.
- Assist in the investigation of significant suspected fraudulent activities within the organization and notify management and the audit committee of the results.
- Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the organization at a reasonable overall cost.
The scope of audit coverage is enterprise-wide and no function, activity, or unit of the University is exempt from audit and review. The CAE and staff of the internal auditing department are authorized to:
- Have unrestricted access to all functions, records, property, and personnel.
- Have full and free access to the audit committee.
- Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
- Obtain the necessary assistance of personnel in units of the organization where they perform audits, as well as other specialized services from within or outside the organization.
The CAE and staff of the internal auditing department are not authorized to:
- Perform any operational duties for the organization or its affiliates.
- Initiate or approve accounting transactions external to the internal auditing department.
- Direct the activities of any organization employee not employed by the internal auditing department, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.
From time to time, Internal Audit is asked to participate in management committees or project teams, analyze controls built into development systems, or analyze security products. Internal Audit is not a management decision-making function. Decisions to adopt or implement recommendations made as a result of an internal audit advisory service should be made by management. Therefore, internal audit objectivity should not be impaired by the decisions made by management.
Standards of Audit Practice
The internal auditing department strives to comply with the International Standards for the Professional Practice of Internal Auditing of The Institute of Internal Auditors.