Office of Internal Auditing Charter
PURPOSE AND MISSION
The purpose of Clemson University’s Office of Internal Auditing is to provide independent, objective assurance and consulting services designed to add value and improve the University’s operations. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes. The mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. Internal Auditing supports the University’s ClemsonForward initiatives through its mission of institutional support by assisting with accountability, stewardship of resources, identifying opportunities for continuous improvement, and reporting to the Board of Trustees, University leaders, and the campus community.
STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING
Internal Auditing will govern itself by adherence to the mandatory elements of the Institute of Internal Auditors’ (IIA) International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing (Standards), and the Definition of Internal Auditing. The Director of Internal Auditing (Director) will report periodically to senior management and the Executive and Audit Committee of the Board of Trustees regarding the department’s conformance to the Code of Ethics and the Standards.
The Executive and Audit Committee was formed to assist the Board of Trustees in its oversight function. The Director reports functionally to the Executive and Audit Committee and administratively to the Executive Vice President for Finance and Operations. This reporting relationship allows the Director to communicate and interact directly with the Executive and Audit Committee, including in private meetings without management present.
The Director is authorized to direct a broad, comprehensive program of internal auditing that provides assurance and consulting services for Clemson University and its related organizations. The scope of internal audit assurance activities encompasses, but is not limited to, objective examinations of evidence for the purpose of providing independent assessments to the Executive and Audit Committee, management, and outside parties on the adequacy and effectiveness of governance, risk management, and control processes for the University. Consulting services may be provided where consistent with the mission of Internal Auditing. These advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve the University’s governance, risk management, and control processes without Internal Auditing assuming management responsibility.
Authorization is granted for full, free, and unrestricted access to all records, physical properties, and personnel relevant to the assurance or consulting engagement. Internal Auditing shall have the authority to review and appraise policies, plans, procedures, and records. Documents and information given to internal auditors during an engagement will be handled in the same prudent manner as by those employees normally accountable for such information.
INDEPENDENCE AND OBJECTIVITY
The Director will ensure that Internal Auditing remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of audit selection, scope, procedures, frequency, timing, and report content. If the Director determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to appropriate parties.
Internal auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively and in such a manner that they believe in their work product, that no quality compromises are made, and that they do not subordinate their judgment on audit matters to others.
Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, internal auditors will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment. Where the Director has, or is expected to have, roles and/or responsibilities that fall outside of internal auditing, safeguards will be established to limit impairments to independence or objectivity.
The Director will confirm to the Executive and Audit Committee, at least annually, the organizational independence of the Office of Internal Auditing.
The Office of Internal Auditing will:
- develop and submit to the Executive and Audit Committee for review and approval an annual risk-based audit plan that includes consideration of the University’s goals and objectives and the concerns of management and the Board,
- perform audits that evaluate policies and internal controls; assess the reliability of data; determine compliance with policies, laws, and regulations; evaluate efficiency and effectiveness of operations; and, examine the means of safeguarding assets,
- follow up on actions taken by management to determine adequacy, effectiveness, and timeliness,
- issue periodic reports to management and the Board summarizing the results of audit activities,
- investigate suspected fraudulent activities within the organization and notify management and the Board of the results,
- maintain professional internal audit resources with Internal Auditing staff and, where appropriate, other internal or external resources with sufficient knowledge, skills, experience, and professional certifications,
- ensure trends and emerging issues that could impact the University are considered and communicated to senior management and the Executive and Audit Committee,
- provide and manage a third-party hotline to assist the University community with reporting concerns.
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
Internal Auditing will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of Internal Auditing’s conformance with the Standards and an evaluation of whether internal auditors apply the IIA’s Code of Ethics. The program will also assess the efficiency and effectiveness of the internal audit activity and identify opportunities for improvement.
The Audit Director will communicate to senior management and the Executive and Audit Committee on the internal audit activity’s quality assurance and improvement program, including results of ongoing and periodic internal assessments and external assessments conducted at least once every five years by a qualified, independent assessor or assessment team from outside the University.
Approved by Clemson University Board of Trustees Executive and Audit Committee – February 7, 2020