MISSION AND SCOPE OF WORK
The mission of the internal auditing department is to provide independent, objective assurance and consulting services designed to add value and improve the organization’s operations. It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The scope of work of the internal auditing department is to determine whether the organization’s network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:
- Risks are appropriately identified and managed.
- Interaction with the various governance groups occurs as needed.
- Significant financial, managerial, and operating information is accurate, reliable, and timely.
- Employee’s actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
- Resources are acquired economically, used efficiently, and adequately protected.
- Programs, plans, and objectives are achieved.
- Quality and continuous improvement are fostered in the organization’s control process.
- Significant legislative or regulatory issues impacting the organization are recognized and addressed properly.
Opportunities for improving management control, profitability, and the organization’s image may be identified during audits. They will be communicated to the appropriate level of management.
The chief audit executive (CAE), in the discharge of his/her duties, shall be accountable to management and the audit committee to:
- Provide annually an assessment on the adequacy and effectiveness of the organization’s processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.
- Report significant issues related to the processes for controlling the activities of the organization and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.
- Provide information periodically on the status and results of the annual audit plan and the sufficiency of department resources.
- Coordinate with and provide oversight of other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, external audit).
To provide for the independence of the internal auditing department, its personnel report to the CAE, who reports administratively to the chief executive officer and functionally to the board and audit committee in a manner outlined in the above section on Accountability. It will include as part of its reports to the audit committee a regular report on internal audit personnel.
The CAE and staff of the internal auditing department have responsibility to:
- Develop a flexible annual audit plan using appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the audit committee for review and approval.
- Implement the annual audit plan, as approved, including, and as appropriate, any special tasks or projects requested by management and the audit committee.
- Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
- Establish a quality assurance program by which the CAE assures the operation of internal auditing activities.
- Perform consulting services, beyond internal auditing’s assurance services, to assist management in meeting its objectives. Examples may include facilitation, process design, training, and advisory services.
- Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
- Issue periodic reports to the audit committee and management summarizing results of audit activities.
- Keep the audit committee informed of emerging trends and successful practices in internal auditing.
- Provide a list of significant measurement goals and results to the audit committee.
- Assist in the investigation of significant suspected fraudulent activities within the organization and notify management and the audit committee of the results.
- Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the organization at a reasonable overall cost.
The CAE and staff of the internal auditing department are authorized to:
- Have unrestricted access to all functions, records, property, and personnel.
- Have full and free access to the audit committee.
- Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
- Obtain the necessary assistance of personnel in units of the organization where they perform audits, as well as other specialized services from within or outside the organization.
The CAE and staff of the internal auditing department are not authorized to:
- Perform any operational duties for the organization or its affiliates.
- Initiate or approve accounting transactions external to the internal auditing department.
- Direct the activities of any organization employee not employed by the internal auditing department, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.
STANDARDS OF AUDIT PRACTICE
The internal auditing department will meet or exceed the International Standards for the Professional Practice of Internal Auditing of The Institute of Internal Auditors.
Chief Audit Executive
Chief Executive Officer
Audit Committee Chair