Internal Audit Charter

Purpose

The purpose of Internal Audit is to assist senior management and the Audit Committee of the Board of Trustees in the effective discharge of their respective duties. Internal Auditing at Boston University is an independent, objective assurance and consultative activity designed to add value to the organization. The internal audit program is intended to assist the University in accomplishing its objectives by bringing a systematic, disciplined approach to increase the effectiveness and efficiency of risk management, control, and governance processes.

Internal audit provides senior management with analyses, appraisals, and recommendations concerning the activities reviewed to assist them in maintaining and improving the overall control environment within the operations under their direction, and assists senior management in monitoring the overall effectiveness of the system of internal control in achieving the broad objectives of the University. Additionally, the internal audit function provides the Audit Committee with counsel and information regarding the activities reviewed to assist them in fulfilling their responsibilities.

Authority

The Associate Vice President for Internal Audit, the Chief Audit Executive (CAE) of the University, is authorized to direct a broad, comprehensive program of internal auditing within the University and its related operations. In carrying out this program, the CAE and members of the audit staff are authorized to have full, free and unrestricted access to all University functions, records, properties, manual and automated systems, and personnel. Documents and information given to Internal Audit will be handled in the same prudent manner as by those employees normally accountable for them.

Subject to the oversight of the Board of Trustees (to which it reports regularly), the Audit Committee has the authority and responsibility to act on behalf of the Board in monitoring the accounting and financial reporting practices of Boston University, and overseeing both internal and external audit functions. The CAE reports to the Audit Committee on all internal audit activities and attends Committee meetings to report on significant findings and recommendations, the operations of the internal audit function, and such other information as is requested by the Committee. Additionally, the CAE will have full and free access to the Audit Committee.

The CAE retains the authority and ability to allocate resources, set frequencies, select audits, determine scope of work and apply the techniques required to accomplish audit objectives. The CAE and Internal Audit staff will have the appropriate assistance of University personnel where audits are performed as well as other specialized services from within and/or outside the University.

For purposes of administration, the CAE reports to an officer designated by the Committee. Currently, this officer is the Senior Vice President, Chief Financial Officer and Treasurer. In appropriate circumstances, the CAE is specifically authorized to communicate directly to the Senior Vice President, President, or the Chairman of the Audit Committee.

In executing the internal audit program, the CAE and audit staff have no direct authority over, or responsibility for, any system, procedure, or activity which Internal Audit would be responsible to review. Therefore, Internal Audit may not develop or institute procedures, prepare records, make management decisions, or engage in any other activity which could reasonably be construed to compromise its objectivity or independence. Such tasks are the complete responsibility of operating management. Objectivity is not adversely affected by the recommendation of the standards of control to be applied in the development of systems and procedures under review.

Responsibility

The CAE is responsible for:

  1. Establishing policies for internal audit activity and directing its technical and administrative functions.
  2. Developing and submitting to the Audit Committee of the Board of Trustees detailed work plans for Internal Audit on an annual basis.
  3. Reviewing the adequacy and effectiveness of management’s processes for risk management, internal control, and governance.
  4. Ensuring that the annual internal audit plan is designed to assist with the University’s strategic objectives.
  5. Reviewing established systems, policies and procedures to determine if they are adequate to ensure that the University is in compliance with local, federal and international laws and regulations.
  6. Reviewing management controls designed to safeguard University assets and recommending improvements when appropriate.
  7. Advising in the design and development of new business and computer systems.
  8. Periodic reporting of audit findings and status of corrective actions to the Audit Committee.
  9. Appraising the adequacy of action taken by management to correct reported deficiencies.
  10. Coordinating activities with the University’s independent public accountants to avoid duplication of efforts, maximizing the benefits of the University’s total investment in audit activities, and providing the University with adequate audit services.
  11. Conducting special examinations and/or consulting services requested by management.  These are services explicitly requested by University management and outside the scope of the agreed upon annual audit plan.
  12. Ensuring that the work of the department is consistent with the International Standards for the Professional Practice of Internal Auditing and in accordance with the IIA’s “Code of Ethics”.
  13. Preparing and issuing a written report following the conclusion of each audit that will be distributed as appropriate.
  14. Communicating the results of special examinations as determined by the CAE, which may be verbal or written.
  15. Advising management on an as needed basis regarding the University’s Code of Ethical Conduct and the Conflict of Interest Policy, including participation in the University Compliance Committee and assisting with the review of reports filed through EthicsPoint.