Internal Audit Charter
The purpose of this charter is to define the authority and responsibilities of the Western Washington University Office of the Internal Auditor. This charter is approved by the University Board of Trustees of Western Washington University.
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations in the efficient and effective discharge of their responsibilities. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The internal audit review and appraisal process does not in any way relieve other University personnel of the responsibilities assigned to them.
Western Washington University is committed to the professional practice of internal auditing. The Office of the Internal Auditor will uphold the principles of integrity, objectivity, confidentiality, and competency as defined in the Institute of Internal Auditors Code of Ethics and will adhere to the International Standards for the Professional Practice of Internal Auditing (Standards).
Organization and Authority
In order to permit independent and unbiased judgments essential to the proper conduct of audits, the Office of the Internal Auditor reports functionally to the Audit Committee of the Board of Trustees and administratively as deemed appropriate by the President with concurrence of the Audit Committee.
Internal Audit participates in Audit Committee meetings and has free and open communication with the Audit Committee of the Board of Trustees. Internal Audit presents an annual report of its operations to the Board of Trustees.
The Office of the Internal Auditor is authorized to have access to information including computer files, records, property and personnel of the University excluding individual user’s computer passwords. University units will submit information and records in a timely manner and in the form specified by the Office of the Internal Auditor.
Internal Audit management and staff will be independent of the activities that they review. In performing the audit function, the Office of the Internal Auditor has no direct responsibility for, or authority over, any of the activities reviewed. Independence requires that the Internal Auditor carry out work freely and objectively. The Internal Auditors are not to subordinate their judgment on audit matters to the opinions of others.
A biennial, risk based audit schedule is created each year which allows for contingencies that develop during the year. The audit schedule is developed with input from the Audit Committee, President, Provost, Vice Presidents, Risk and Compliance Services Group and other university management. The Audit Committee reviews and makes recommendations regarding the audit schedule and the Board of Trustees approves the audit schedule. Audit services are coordinated with external auditors to reduce duplication of efforts and increase audit coverage of the University.
The Director of Internal Audit is responsible for:
- maintaining an effective internal auditing program
- ensuring that audit results and actions taken are communicated to the Audit Committee and appropriate levels of university management
- keeping the Audit Committee informed of emerging trends, successful practices in internal auditing and communicating timeline deviations from audit schedule
- ensuring that audits are completed in a timely manner
University academic and administrative department heads are responsible for:
- allowing audit staff to have complete, free and unrestricted access to all university records and personnel necessary for the completion of audits and special projects
- providing responses (including action plans and completion dates) in accordance with this charter
- ensuring that action plans are completed in a timely manner
Vice presidents are responsible for approving action plans included in audit reports and have ultimate responsibility for implementation of the action plans.
Types of Audit Services
The Office of the Internal Auditor performs internal operational, compliance, and financial related audits of programs, services, departments and accounts that come under the budget authority of the University. Internal Audit performs four types of audit services:
- Assurance Services: Assurance services are objective reviews of evidence for the purpose of providing an independent assessment. The scope and nature of assurance services includes reviewing and evaluating for: operational efficiencies and effectiveness; reliability of financial and operational systems; adequacy and clarity of policies and procedures; compliance with university policy and state and federal law; safeguarding of assets; and accomplishment of objectives and goals.
- Consulting Services: Consulting services are advisory and other service activities include counsel, advice, facilitation, process design and limited training. The objective of consulting services is to add value in the development or modification of processes, procedures, and controls to minimize risk and achieve objectives. The nature and scope of particular consulting services are agreed upon with management. Internal Audit will not assume management’s responsibilities in order to maintain appropriate objectivity and independence. Consultation reports are not typically presented to the Audit and Finance committee unless there is a material finding.
- Special Investigations: Investigations evaluate allegations of unethical business practices and financial and operational misconduct to determine if allegations are substantiated and to prevent future occurrences.
- Follow-up Engagements: Follow-up engagements evaluate plans and actions taken to correct reported conditions.
Prior to the creation of the draft audit report, the results of the audit engagement are communicated to the appropriate, designated members of management. The Office of the Internal Auditor creates written audit reports which are submitted in draft form first to the President or designee, followed by the Provost, appropriate Vice President, and Dean and department under review, depending on the audit engagement. The Office of the Internal Auditor will meet with appropriate University personnel to discuss the draft report, make agreed upon changes, and submit a final draft report to appropriate management requesting written responses that include corrective action plans directed toward addressing each of the recommendations. Management’s responses are incorporated into the final audit report. Copies of the final audit reports are distributed to the Audit Committee of the Board of Trustees, President and Provost, and Vice President or Dean whose areas were reviewed. Persons receiving final audit reports from the Office of the Internal Auditor may distribute copies of the report to appropriate staff.
Original Charter Approval by President June 2002
Revised and Approved by Board of Trustees October 6, 2006
Revised and Approved by Board of Trustees April 16, 2010
Revised and Approved by Board of Trustees June 11, 2010
Revised and Approved by Board of Trustees June 10, 2016