The Audit Services office is established by the University of Manitoba’s Board of Governors. Audit Services’ mission, authority, accountability and its responsibilities are outlined in this Charter, which is approved by the Board of Governors through the Audit and Risk Management Committee (ARMC).
PURPOSE AND MISSION
The purpose of the University of Manitoba's Audit Services office is to provide independent, objective assurance and consulting services designed to add value and improve University operations. The mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight. Audit Services assists the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
In accordance with the Terms of Reference for the ARMC, the Audit Services Director reports functionally to the ARMC, reporting directly to the ARMC at each meeting. The Director reports administratively to the Vice-President (Administration).
To support the organizational independence of Audit Services, the Director has full and free access to the Chair of the ARMC.
The ARMC authorizes the Audit Services Director and staff to:
STANDARDS OF AUDIT PRACTICE
- Have unrestricted access to all functions, records, property, and personnel of the University, relevant to the performance of audit engagements.
- Allocate resources, set frequencies, select subjects, determine the scope of work, and apply the professional techniques required to accomplish audit objectives.
- Obtain the necessary assistance of unit personnel where audits are performed, as well as other specialized services from within or outside the University.
Audit Services adheres to the mandatory elements of the Institute of Internal Auditors (IIA) International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing and the Definition of Internal Auditing.
SCOPE OF WORK
Audit Services’ scope includes the entire University of Manitoba operation under the portfolios of the President and Vice-Presidents.
NATURE OF WORK
Audit Services undertakes objective examinations of evidence for the purpose of providing independent assessments to the ARMC and senior management on the adequacy and effectiveness of risk management, and control and governance processes. This includes evaluating whether:
- Risks to the University, including the potential for fraud, are appropriately identified and managed.
- The University’s ethics and values objectives, programs and activities are appropriately promoted, designed, implemented and effective.
- Effective organizational performance management, policies, procedures and accountability processes are in place to ensure that strategic plans and objectives are achieved.
- Operations are being carried out effectively and efficiently.
- Financial, managerial and operating information is accurate, reliable and timely.
- Activities are in compliance with policies, procedures, standards, and applicable laws and regulations.
- Resources are acquired economically, used efficiently and adequately safeguarded.
Audit Services Organization
The Audit Services Director is responsible to:
- Ensure the internal audit staff collectively possesses or obtains sufficient knowledge, skills and other competencies needed to meet the requirements of this Charter.
- Establish a quality assurance program over the operations of Audit Services to ensure work is conducted with due professional care and in accordance with professional standards.
- Establish and ensure adherence to policies and procedures that guide Audit Services.
- Periodically review and assess whether the purpose, authority and responsibilities of Audit Services as set out in this Charter, continue to be appropriate, update as required, and obtain ARMC approval for any changes made.
The Audit Services Director is responsible to:
- Develop a flexible 3-year risk-based audit plan and to submit the plan annually to the ARMC for review and approval by the Board of Governors.
- In consultation with the Vice-President (Administration), approve any urgent consulting or assurance projects arising subsequent to the approval of the 3-year plan, and apprise the ARMC of all additional projects, why they were undertaken, and their impact on the approved 3-year audit plan.
- Coordinate audit work with the Office of the Auditor General and any other independent assurance providers as appropriate, to ensure that maximum audit coverage is achieved and duplication of audit effort is minimized.
Engagement Planning, Conducting, Reporting and Follow-Up
The Audit Services Director and staff are responsible to:
- Implement the approved audit plan, including, as appropriate, any special projects requested by senior management and/or the ARMC.
- Manage contracted resources, as necessary, to assist in the delivery of internal audit services.
- Issue audit reports at the conclusion of each engagement to operating management for review and implementation, with copies of such reports provided to the Vice-President (Administration) and other relevant senior management as appropriate.
- In cooperation with other University units (e.g. Human Resources, Financial Services, the Office of Fair Practices & Legal Affairs and Risk Management and Security) as appropriate, and with the approval of the Vice-President (Administration), participate in the investigation of suspected fraud and irregularities within the University and notify management and the ARMC of the results.
- Periodically follow-up on the status of recommendations previously issued.
Periodic Reporting to Senior Management and ARMC
The Audit Services Director is responsible to:
- Issue periodic reports to senior management and the ARMC summarizing results of audit activities, any significant risk exposures and control issues or any response to risk by management that may be unacceptable.
- Track progress with respect to the implementation of audit recommendations and report progress to the ARMC.
- Report results of the quality assurance program to the ARMC.
- Periodically confirm to the ARMC, the organizational independence of Audit Services and conformance to the IIA's Code of Ethics and Standards.
- Keep the ARMC informed of emerging trends and practices in internal auditing.
- Disclose to the ARMC instances of any difficulties encountered in the course of the work, including any restrictions on the scope of the audit work or access to required information.
INDEPENDENCE AND OBJECTIVITY
Audit Services has complete independence with respect to the University units and functions under audit and, consequently, is not subject to restriction in the scope of its work by senior management or operating unit staff and management. The Director will ensure that Audit Services remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of audit selection, scope, procedures, frequency, timing and report content. If the Director determines that independence or objectivity may be impaired in fact or appearance, the details of the impairment will be disclosed to the Vice-President (Administration) and the ARMC.
Internal auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively and in such a manner that they believe in their work product, that no quality compromises are made, and that they do not subordinate their judgement on audit matters to others.
Internal auditors will:
- Disclose any impairment of independence or objectivity, in fact or appearance, to the Vice-President (Administration) and the ARMC.
- Exhibit professional objectivity in gathering, evaluating and communicating information about the activity or process being examined.
- Make balanced assessments of all available and relevant facts and circumstances.
- Take necessary precautions to avoid being unduly influenced by their own interests or others informing judgements.
Internal auditors are not authorized to:
- Perform any operational duties for the University that may place staff in a conflict of interest and impair their independence.
- Initiate or approve accounting transactions external to Audit Services.
- Direct the activities of any University employees outside of Audit Services, except to the extent such employees have been assigned to assist Audit Services.
Where the Director has or is expected to have roles and responsibilities that fall outside of internal auditing, safeguards will be established to limit impairments to independence or objectivity.
CONFIDENTIALITY OF ENGAGEMENT RECORDS
The Audit Services Director will control access to engagement records and consult with the Vice-President (Administration) and the Director and General Counsel of the Office of Fair Practices and Legal Affairs prior to releasing engagement records to external parties.
The Office of the Auditor General is provided copies of all internal audit plans and final audit reports on request.
Approval of the Audit Services Charter: November 24, 2012
Periodic ARMC review dates:
- November 5, 2013
- March 3, 2015
- March 5, 2019