Charter

The Department's charter, as approved by the University of San Diego Audit Committee of the Board of Trustees, follows:

Mission

The mission of Internal Audit (IA) is to provide independent, objective assurance and consulting services designed to add value and improve the operations of the University of San Diego. It assists the University of San Diego in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Scope

The scope of work of IA is to determine whether the university’s network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning effectively to ensure:

  • Risks are appropriately identified and managed.
  • Interaction with the various governance groups occurs as needed.
  • Significant financial, managerial, and operating information is accurate, reliable, and timely.
  • Employees’ actions are in compliance with applicable laws, regulations, contract/grant provisions, and internal policies, plans, and procedures.
  • Resources are acquired economically, used efficiently, accounted for accurately, and protected adequately.
  • Programs, plans, and objectives are achieved.
  • Quality and continuous improvement are fostered in the university’s control processes.
  • Significant legislative or regulatory issues impacting the university are recognized and addressed properly.
  • Information Technology is adequate, reliable and secure.

Accountability

The University Auditor shall be accountable to management and the Audit Committee of the Board of Trustees to:

  • Provide annually an assessment on the adequacy and effectiveness of the University’s processes for controlling its activities and managing its risks in the areas set forth under the Mission and Scope of Work and based on the internal audit plan.
  • Report significant issues related to the processes for controlling the activities of the university, including potential improvements to those processes, and provide information concerning such issues through resolution.
  • Provide information periodically on the status and results of the annual internal audit plan and the sufficiency of department resources.
  • Coordinate with other control and monitoring functions.

Independence

To provide for the independence of IA, the University Auditor will report functionally to the university’s President with a dotted line to the Audit Committee of the Board of Trustees and administratively (i.e., day to day operations) to the Vice President of Finance & Chief Financial Officer (CFO).

In addition, the University Auditor shall have direct access at all times to the President and the Audit Committee of the Board of Trustees should matters of immediate significance arise which require their attention. 

Authority

IA is authorized to:

  • Have unrestricted access to all functions, records, property, and personnel that relate to the performance of the IA function to the maximum extent permitted by applicable federal and state laws. Documents and other information provided to IA will be handled in the same prudent and confidential manner as by the employees normally accountable for them.
  • Make specific reports directly to the President and Provost.
  • Have full and free access to the Audit Committee of the Board of Trustees.
  • Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
  • Obtain the necessary assistance of personnel in units of the university where audits are performed, as well as other specialized services from within or outside the university.

IA is not authorized to:

  • Perform any operational duties for the university or its affiliates (if any).
  • Initiate or approve accounting transactions external to IA.
  • Direct the activities of any university employee not employed within IA, except to the extent such employees have been appropriately assigned to an auditing team or to otherwise assist the University Auditor.

Responsibilities

IA conducts financial, operational, and information technology audits in accordance with approved plans and its established policies and procedures.  In addition, IA conforms with the Code of Ethics and the International Standards for the Professional Practice of Internal Auditing promulgated by The Institute of Internal Auditors, as well as other professional auditing standards which may be applicable to the performance of work assignments.

Audit services may include, but are not limited to:

  • Developing and implementing a flexible annual audit plan using appropriate risk-based methodology, including risks or control concerns identified by management. These plans are submitted to the Audit Committee of the Board of Trustees for review and approval.
  • Considering the scope of work of external auditors, for the purpose of providing optimal audit coverage to the university at a reasonable overall cost.
  • Examining and evaluating the adequacy and effectiveness of the systems of internal controls.
  • Evaluating and assessing significant new or changing services, processes, operations, and controls coincident with their development and implementation.
  • Identifying opportunities for reducing costs, improving processes, or enhancing the organization’s reputation.
  • Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
  • In conjunction with the Office of General Counsel, assessing compliance with laws, regulations, contract/grant provisions, and internal policies, plans, and procedures.
  • Verifying that resources are acquired economically, used efficiently, accounted for accurately, and protected adequately.
  • Reviewing operations or programs to ascertain whether results are consistent with established objectives.
  • Conducting investigations of suspected fraudulent activities in conjunction with other university resources and notifying management and the Audit Committee of the Board of Trustees of the results.
  • Performing consulting services, beyond IA’s assurance services, to assist management in meeting its objectives. Examples may include facilitation, process design, training, and advisory services.
  • Facilitating and coordinating external audits.
  • Evaluating emerging audit trends and implementing best practices.

Reporting

A written report will be prepared and issued by the University Auditor following the conclusion of each internal audit engagement and will be distributed as appropriate. A copy of each audit report will be forwarded to the President and other appropriate parties.

IA reports generally include management’s response and corrective action taken or to be taken in regard to the specific findings. Management’s response should include a timetable for anticipated completion of action to be taken and an explanation for any corrective action that will not be implemented.

The Internal Audit Department will be responsible for appropriate follow-up on engagement findings. All significant findings will remain in an open issues file until cleared.

Approved by the Audit Committee of the Board of Trustee
September 25, 2015