Internal Audit Charter (NMSU Policy 2.11)
Approved by the Board of Regents on July 23, 2007
A. Purpose. This policy establishes and authorizes the Office of Audit Services as the administrative unit tasked with performing internal audit functions, and reporting to the various NMSU components, the Audit Subcommittee of the Board of Regents, and the University President and/or Board of Regents.
B. Mission and Internal Audit Function. The Office of Audit Services provides university-wide, independent, objective assurance and consulting services designed to add value to, and improve university operations. It helps the university community accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The Office of Audit Services assists members of management in effectively carrying out their respective responsibilities by determining whether the organization’s network of risk management, control and governance processes are adequate to ensure that:
- Risks are appropriately identified and managed.
- University policies and procedures, and external laws and regulations are followed.
- Resources are acquired economically, used efficiently, and are adequately protected.
- Significant financial, managerial and operational information is accurate and reliable.
- Program objectives are achieved and are consistent with University objectives.
C. Authority. The internal audit staff is authorized full, free and unrestricted access to all university records in any form; to all facilities and real estate; and to all personnel relevant to an audit. With approval from the NMSU affiliated organization, internal audit staff may review records of affiliated organizations in conjunction with a specific university audit. Internal audit staff is correspondingly responsible for handling documents and information obtained in a prudent and ethical manner.
D. Neutrality. Internal auditors will avoid participating in activities that might reasonably appear to compromise their independence or objectivity. They will have no direct responsibility or authority over any of the operating activities examined, and their review does not relieve operating personnel of their responsibilities.
E. Internal Audit Duties. The Chief Audit Executive and staff of the Office of Audit Services have responsibility to:
- Develop a flexible annual audit plan using appropriate risk-based methodology, including concerns identified by management, and submit the plan to the audit committee for review and approval.
- Operate in accordance with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics of the Institute of Internal Auditors.
- Provide audit reports and memoranda that contain reasonable and cost-effective recommendations for control issues identified, and facilitate the resolution of audit issues with appropriate managers.
- Suggest the need for policies and procedures where appropriate, or changes to existing policies and procedures.
- Perform appropriate assurance and consulting services to assist management in meeting its objectives.
- Assist in the investigation of significant suspected fraudulent activities within the university.
- The chief audit executive serves as an ex officio member of the Administrative Council [1.05.50].
F. Reporting Structure. In order to maintain independence, the staff of the Office of Audit Services report to the chief audit executive (CAE), who reports administratively to the university president and functionally to the Board of Regents. The CAE shall meet with the Board’s Audit Subcommittee periodically, as outlined in the Audit Subcommittee Charter and will present an annual report on the activities and operations of the department.
G. Scheduling Audit Projects and Reporting Results. With the exception of emergency audits and those requiring an element of surprise, audit clients will receive advance notice of planned audits and the Office of Audit Services staff will make reasonable efforts to accommodate client needs in terms of scheduling.
- Audits involving suspected fraudulent activities are processed differently from other internal audits, so as not to compromise a police investigation or personnel action.
- At the conclusion of an audit project, the Chief Audit Executive will issue a formal report or audit memorandum to the audit client and appropriate members of senior management.
- On an annual basis or as time permits, the Office of Audit Services staff will perform a follow-up on formal recommendations included in audit reports and memoranda. Follow-up reports will summarize the status of audit issues and any actions taken by management to resolve the issues. Any items not resolved at the conclusion of a second follow-up, will be referred to the university president and to the Budget and Audit Subcommittee for resolution.
Results of audit work are shared with Budget and Audit Subcommittee members and with the Board of Regents on an annual basis, or more often if appropriate. [2.11 rev]