Internal Audit Charter

MISSION AND SCOPE OF WORK

The mission of Internal Audit at Rice University is to provide independent, objective, assurance and consulting services designed to add value and improve the University's operations. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The scope of work of the Internal Audit department is to determine whether the University's network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:

  • Risks are appropriately identified and managed.

  • Interaction with the various governance groups occurs as needed.

  • Significant financial, managerial, and operating information is accurate, reliable, and timely.

  • Employees' actions are in compliance with policies, standards, procedures, and applicable laws and regulations

  • Resources are acquired economically, used efficiently, and adequately protected.

  • Programs, plans, and objectives are achieved.

  • Quality and continuous improvement are fostered in the University's control process.

  • Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.

Opportunities for improving management control, process efficiency and effectiveness, and the University's image may be identified during audits. They will be communicated to the appropriate level of management.

ACCOUNTABILITY

The Director of Internal Audit, in the discharge of his/her duties, shall be accountable to management and the Audit Committee to:

  • Report significant issues related to the processes for controlling the activities of the University and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.

  • Periodically provide information on the status and results of the annual audit plan and the sufficiency of department resources.

  • Coordinate with and provide oversight of other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, and external audit).

INDEPENDENCE

To provide for the independence of the internal audit function, its personnel and all other external parties operating on behalf of and under the direction of the function, report to the Director of Internal Audit, who reports functionally to the Audit Committee and administratively to the Vice President for Finance. It will include, as part of its reports to the Audit Committee, a regular report on internal audit personnel as defined above.

The Internal Audit Director and the audit staff should sign an annual conflict of interest statement to allow the disclosure of any situation that may impair their objectivity and allow the reaffirmation of Rice's policies on conflicts of interest.

RESPONSIBILITY

The Director of Internal Audit and staff of the internal audit function as defined above have responsibility to:

  • Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the Audit Committee for review and approval as well as periodic updates.

  • Implement the annual audit plan, as approved, including any special tasks or projects as deemed appropriate and requested by management and the Audit Committee.

  • Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter.

  • Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation and/or expansion.

  • Issue periodic reports to the Audit Committee and management summarizing results of audit activities.

  • Keep the Audit Committee informed of emerging trends and successful practices in internal auditing.

  • Provide a list of significant goals to measure the performance of the internal audit function and report results to the Audit Committee.

  • Assist in the investigation of significant suspected fraudulent activities within the University and notify management and the Audit Committee of the results.

  • Consider the scope of work of the external auditor and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable cost.

Authority

The Director of Internal Audit and the staff of the internal audit function as defined above are authorized to:

  • Have unrestricted access to all functions, records, property, and personnel.

  • Have full and free access to the Audit Committee.

  • Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish the audit objectives.

  • Obtain the necessary assistance of personnel in units of the University where they perform audits, as well as other specialized services from within or outside the University.

The Director of Internal Audit and the staff of the internal audit function as defined above are not authorized to:

  • Perform any operational duties for the University or its affiliates.

  • Initiate or approve accounting transactions external to the internal audit function with the exception of monitoring executive expenses, as necessary.

  • Direct the activities of any organization employee not employed by the internal audit function, except to the extent that such employees have been appropriately assigned to audit teams or to otherwise assist the internal auditors.

Standards Of Audit Practice

The internal audit function will meet or exceed the Standards for the Professional Practice of Internal Auditing of the Institute ofInternal Auditors.