The scope of internal audit activities encompasses, but is not limited to, objective examinations of evidence for the purpose of providing independent assessments to the Audit Committee, management, and outside parties on the adequacy and effectiveness of governance, risk management, and control processes for the University. Internal audit assessments include evaluating whether:
- Risks relating to the achievement of the University’s strategic objectives are appropriately identified and managed.
- Established processes and systems enable compliance with the policies, procedures, laws, and regulations that could significantly impact the University.
- The actions of the University’s officers, directors, employees, and contractors are in compliance with the University’s policies, procedures, and applicable laws, regulations, and governance standards.
- Resources and assets are acquired economically, used efficiently, and protected adequately.
- Operations or programmes are being carried out effectively and efficiently.
- The results of operations or programmes are consistent with established goals and objectives.
- Information and the means used to identify, measure, analyse, classify, and report such information are reliable and have integrity.
The IAO coordinates activities, where possible, and considers relying upon the work of other internal and external assurance and consulting service providers as needed. The IAO may perform advisory and related client service activities, the nature and scope of which will be agreed with the client, provided the IAO does not assume management responsibility.
The Director of Internal Audit will report periodically to senior management and the Audit Committee regarding:
- The IAO’s plan and performance relative to its plan.
- Resource requirements.
- Results of audit engagements or other activities.
- Significant risk exposures and control issues, including fraud risks, governance issues, and other matters requiring the attention of, or requested by, the Audit Committee.
- Any response to risk by management that may be unacceptable to the University.
Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during engagements. These opportunities will be communicated to the appropriate level of management.