Internal Audit & Advisory Services Charter

(As amended through September 15, 2020)

PURPOSE

The purpose of Internal Audit & Advisory Services is to assist Senior Management and the Audit Committee of the Board of Trustees in the effective discharge of their respective duties. The internal audit program is intended to assist the University in accomplishing its objectives by bringing a systematic, disciplined approach to increase the effectiveness and efficiency of risk management, control, and governance processes.

Internal Audit & Advisory Services provides Senior Management with analyses, appraisals, and recommendations concerning the activities reviewed to assist them in maintaining and improving the overall control and process environment within the operations under their direction, and assists Senior Management in monitoring the overall effectiveness of the system of internal control in achieving the broad objectives of the University. Additionally, the internal audit function provides the Audit Committee with counsel and information regarding the activities reviewed to assist them in fulfilling their responsibilities.

AUTHORITY

The Chief Audit Executive (CAE) of the University is authorized to direct a broad, comprehensive program of internal auditing and advisory services within the University and its related operations. In carrying out this program, the CAE and members of the audit and advisory staff are authorized to have full, free, and unrestricted access to all University functions, records, properties, manual and automated systems, and personnel. Documents and information given to Internal Audit & Advisory Services will be handled in the same prudent manner as by those employees normally accountable for them.

Subject to the oversight of the Board of Trustees (to which it reports regularly), the Audit Committee has the authority and responsibility to act on behalf of the Board in monitoring the accounting and financial reporting practices of Boston University, and overseeing both internal and external audit functions. The CAE reports to the Audit Committee on all Internal Audit & Advisory Services activities and attends Committee meetings to report on significant findings and recommendations, the operations of the internal audit and advisory function, and such other information as is requested by the Committee. Additionally, the CAE will have full and free access to the Audit Committee.

The CAE retains the authority and ability to allocate resources, set frequencies, select reviews, determine scope of work, and apply the techniques required to accomplish objectives. The CAE and Internal Audit & Advisory Services staff will have the appropriate assistance of University personnel where audits are performed as well as other specialized services from within and/or outside the University.

For purposes of administration, the CAE reports to an officer designated by the Committee. Currently, this officer is the Vice President for Financial Operations. In appropriate circumstances, the CAE is specifically authorized to communicate directly to the Senior Vice President, President, or the Chairman of the Audit Committee.

INDEPENDENCE AND OBJECTIVITY

In executing the internal audit and advisory program, the CAE and audit staff have no direct authority over, or responsibility for, any system, procedure, or activity which Internal Audit & Advisory Services would be responsible to review. Therefore, Internal Audit & Advisory Services may not develop or institute procedures, prepare records, make management decisions, or engage in any other activity which could reasonably be construed to compromise its objectivity or independence. Such tasks are the complete responsibility of operating management. Objectivity is not adversely affected by the recommendation of the standards of control to be applied in the development of systems and procedures under review. The CAE will ensure that all work done in an advisory capacity does not adversely affect audit objectivity or independence and that issues identified during advisory work are resolved.

Internal auditors and advisors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors and advisors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.

RESPONSIBILITY

The CAE and staff are responsible for:

  1. Establishing policies for internal Audit & Advisory Services activities and directing technical and administrative functions.
  2. Developing a flexible annual audit and advisory plan using a risk based methodology that incorporates findings from the Enterprise Risk Management process, the University’s strategic objectives, and input from the Office of Compliance Services. and submitting The plan to the will be presented to the Audit Committee of the Board of Trustees for review and approval.
  3. Reviewing the adequacy and effectiveness of management’s processes for risk management, internal control, safeguarding University assets, and governance, and compliance with local, state, federal, and international laws and regulations.
  4. Performing consulting and advisory services related to Advising in the design and development of new business, business processes, operational efficiency, expense management, and computer systems.
  5. Issuing a written report for each audit and reporting periodically on audit findings and the status of corrective actions to the Audit Committee. Appraising the adequacy of action taken by management to correct reported deficiencies.
  6. Coordinating activities with the University’s independent public accountants to avoid duplication of efforts, maximizing the benefits of the University’s total investment in audit activities, and providing the University with adequate audit services.
  7. Conducting special examinations and/or consulting services requested by management and communicating results. These are services explicitly requested by University management and outside the scope of the agreed upon annual audit plan.
  8. Ensuring that the work of the department is consistent with the International Standards for the Professional Practice of Internal Auditing and in accordance with the Institute of Internal Auditors’ (IIA) “Code of Ethics.”
  9. Advising management on the University’s Code of Ethical Conduct and the Conflict of Interest Policy, including participation in the University Compliance Committee and assisting with the review of reports filed through EthicsPoint.
  10. Supporting the University’s Enterprise Risk Management process by facilitating the identification, assessment, and reporting of key risks that may impair the achievement of the University’s strategic objectives.
  11. Collaborating with the Office of Compliance Services on the identification of gaps in compliance controls and validating the effectiveness of management compliance systems.
  12. Conducting an annual self-assessment of departmental objectives, procedures, performance, and metrics along with a periodic, external Quality Assessment Review in accordance with the IIA standards.