Internal Audit Charter
The purpose of this charter is to define the authority and responsibilities of the Western Washington University Office of the Internal Auditor. This charter is approved by the University Board of Trustees of Western Washington University.
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The internal audit review and appraisal process does not in any way relieve other University personnel of the responsibilities assigned to them.
Western Washington University is committed to the professional practice of internal auditing. The Office of the Internal Auditor will uphold the principles of integrity, objectivity, confidentiality, and competency as defined in the Institute of Internal Auditors Code of Ethics and will adhere to the International Standards for the Professional Practice of Internal Auditing (Standards).
Organization and Authority
The Office of the Internal Auditor reports functionally to the Audit Committee of the Board of Trustees and administratively to the President’s Office to permit independent and unbiased judgments essential to the proper conduct of audits.
Internal Audit participates in Audit Committee meetings and has free and open communication with the Audit Committee of the Board of Trustees. Internal Audit presents an annual report of its operations to the Board of Trustees.
The Office of the Internal Auditor is authorized to have access to information including computer files, records, property and personnel of the University excluding individual user’s computer passwords. University units will submit information and records in a timely manner and in the form specified by the Office of the Internal Auditor.
Internal Audit management and staff will be independent of the activities that they review. In performing the audit function, the Office of the Internal Auditor has no direct responsibility for, or authority over, any of the activities reviewed. Independence requires that the Internal Auditor carry out work freely and objectively. The Internal Auditors are not to subordinate their judgment on audit matters to the opinions of others.
A biennial, risk based audit schedule is created each year which allows for contingencies that develop during the year. The audit schedule is developed with input from the Audit Committee, President, Provost, Vice Presidents, and other university management. The Audit Committee reviews and makes recommendations regarding the audit schedule and the Board of Trustees approves the audit schedule. Audit services are coordinated with external auditors to reduce duplication of efforts and increase audit coverage of the University.
The Office of the Internal Auditor performs internal operational, compliance, and financial related audits of programs, services, departments and accounts that come under the budget authority of the University. Internal Audit performs four types of audit services:
- Assurance Services: Assurance services are objective reviews of evidence for the purpose of providing an independent assessment. The scope and nature of assurance services includes reviewing and evaluating for: operational efficiencies and effectiveness; reliability of financial and operational systems; adequacy and clarity of policies and procedures; compliance with university policy and state and federal law; safeguarding of assets; and accomplishment of objectives and goals.
- Consulting Services: Consulting services are advisory and other service activities include counsel, advice, facilitation, process design and limited training. The objective of consulting services is to add value in the development or modification of processes, procedures, and controls to minimize risk and achieve objectives. The nature and scope of particular consulting services are agreed upon with management. Internal Audit will not assume management’s responsibilities in order to maintain appropriate objectivity and independence.
- Special Investigations: Investigations evaluate allegations of unethical business practices and financial and operational misconduct to determine if allegations are substantiated and to prevent future occurrences.
- Follow-up Engagements: Follow-up engagements evaluate plans and actions taken to correct reported conditions.
Prior to the creation of the draft audit report, the results of the audit engagement are communicated to the appropriate, designated members of management. The Office of the Internal Auditor creates written audit reports which are submitted in draft form first to the President and then to the Provost, Vice President, Dean and department under review, depending on the audit engagement. The Office of the Internal Auditor will meet with appropriate university personnel to discuss the draft report, make agreed upon changes and submit a final draft report to appropriate management requesting written responses that include corrective action plans directed toward addressing each of the recommendations. Management’s responses are incorporated into the final audit report. Copies of the final audit reports are distributed to the Audit Committee of the Board of Trustees, President and Provost, Vice President or Dean whose areas were reviewed. Persons receiving final audit reports from the Office of the Internal Auditor may distribute copies of the report to appropriate staff.
Original Charter Approval by President June 2002
Revised and Approved by Board of Trustees October 6, 2006
Revised and Approved by Board of Trustees April 16, 2010
Revised and Approved by Board of Trustees June 11, 2010