Audit Services Charter

UNIVERSITY OF MANITOBA

AUDIT SERVICES CHARTER

 

INTRODUCTION

The Audit Services office is established by the University of Manitoba’s Board of Governors.  Audit Services’ mission, authority, accountability and its responsibilities are outlined in this Charter, which is approved by the Board of Governors through the Audit and Risk Management Committee (ARMC).

 

MISSION

Audit Services provides independent, objective assurance and consulting services designed to add value and improve University operations.  Audit Services assists the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.  

 

SCOPE OF WORK

Audit Services’ scope includes the entire University of Manitoba operation under the portfolios of the President and Vice-Presidents. 

 

NATURE OF WORK

Audits are undertaken to add value through evaluating and contributing to the improvement of University processes, as designed and represented by management.  Audits are generally conducted to provide assurance in the following areas.  

Risk Management

  • Risks to the University, including the potential for fraud, are appropriately identified, managed and reported in accordance with University risk management processes.

Governance

  • The University’s ethics and values objectives, programs and activities are appropriately promoted, designed, implemented and effective.
  • Effective organizational performance management and accountability processes are in place to ensure that strategic plans and objectives are achieved.
  • Information technology governance supports the University’s strategies and objectives.

Control

  • Financial, managerial and operating information is accurate, reliable and timely.
  • Activities are in compliance with policies, procedures, standards, and applicable laws and regulations.
  • Resources are acquired economically, used efficiently and adequately safeguarded.
  • Quality performance and continuous improvement are fostered in control processes.

ACCOUNTABILITY

In accordance with the Terms of Reference for the ARMC, the Audit Services Director reports functionally to the ARMC, reporting directly to the Committee at each meeting.  The Director reports administratively to the VP Administration. 

To support the organizational independence of Audit Services, the Director has full and free access to the Chair of the ARMC.

 

RESPONSIBILITY

Audit Services Organization

The Audit Services Director is responsible to:

  • Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
  • Establish a quality assurance program over the operations of Audit Services to ensure work is conducted with due professional care and in accordance with professional standards.
  • Annually review and assess whether the purpose, authority and responsibilities of Audit Services as set out in this Charter, continue to be appropriate, update as required, and obtain Board approval for any changes made.

Annual Planning

The Audit Services Director is responsible to:

  • Develop a flexible 3-year audit plan and to submit the plan annually to the ARMC for review and approval by the Board of Governors.  The contents of the plan should be based on the results of the University’s enterprise risk management program assessments as well as Audit Services’ own assessment of risks.
  • In consultation with the VP Administration, approve any urgent consulting or assurance projects arising subsequent to the approval of the 3-year plan, and apprise the ARMC of all additional projects, why they were undertaken, and their impact on the approved 3-year audit plan.
  • Coordinate audit work with the Office of the Auditor General and any other independent assurance providers as appropriate, to ensure that maximum audit coverage is achieved and duplication of audit effort is minimized.

Engagement Planning, Conducting, Reporting and Follow-Up

The Audit Services Director and staff are responsible to:

  • Implement the approved audit plan, including, as appropriate, any special projects requested by senior management and/or the ARMC.
  • Manage contracted resources, as necessary, to assist in the delivery of internal audit services.
  • Issue audit reports at the conclusion of each engagement to operating management for review and implementation, with copies of such reports provided to the VP Administration and other relevant senior management as appropriate.
  • Perform consulting and advisory services related to governance, risk management, and control as appropriate for the University and with the approval of the ARMC and/or VP Administration.
  • In cooperation with other University units (e.g. the Office of Fair Practices & Legal Affairs and Risk Management and Security) as appropriate, and with the approval of the VP Administration, participate in the investigation of suspected fraud and irregularities within the University and notify management and the ARMC of the results.
  • Periodically follow-up on the status of recommendations previously issued.

Periodic Reporting to Senior Management and ARMC

The Audit Services Director is responsible to:

  • Issue periodic reports to senior management and the ARMC summarizing results of audit activities and any significant findings related to the University processes of risk management, control and governance as well as information on Audit Services’ office operations.
  • Track progress with respect to the implementation of audit recommendations and report progress to the ARMC.
  • Report results of the quality assurance program to the ARMC.
  • Keep the ARMC informed of emerging trends and practices in internal auditing.
  •  Disclose to the ARMC instances of any difficulties encountered in the course of the work, including any restrictions on the scope of the audit work or access to required information.

AUTHORITY AND INDEPENDENCE

Audit Services has complete independence with respect to the University units and functions under audit and, consequently, is not subject to restriction in the scope of its work by senior management or operating unit staff and management. 

The Audit Services Director and staff are authorized to:

  • Have unrestricted access to all functions, records, property, and personnel of the University, relevant to the performance of audit engagements.
  • Have access to meetings related to risk management, control, and governance processes.
  •  Allocate resources, determine the scope of work, and apply the professional techniques required to accomplish audit objectives.
  •  Obtain the necessary assistance of unit personnel where audits are performed, as well as other specialized services from within or outside the University.

Audit Services staff are not authorized to:

  • Perform any operational duties for the University that may place staff in a conflict of interest and impair their independence. 
  • Initiate or approve accounting transactions external to Audit Services.
  • Direct the activities of any University employees outside of Audit Services, except to the extent such employees have been assigned to assist Audit Services.

STANDARDS OF AUDIT PRACTICE

All internal audit activity is consistent with the Definition of Internal Auditing as provided by the Institute of Internal Auditors (IIA), and is conducted in accordance with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics of the IIA.

 

The Audit Services Director and staff are authorized to:

  • Have unrestricted access to all functions, records, property, and personnel of the University, relevant to the performance of audit engagements.
  • Have access to meetings related to risk management, control, and governance processes.
  • Allocate resources, determine the scope of work, and apply the professional techniques required to accomplish audit objectives.
  • Obtain the necessary assistance of unit personnel where audits are performed, as well as other specialized services from within or outside the University.

Audit Services staff are not authorized to:

  • Perform any operational duties for the University that may place staff in a conflict of interest and impair their independence. 
  • Initiate or approve accounting transactions external to Audit Services.
  • Direct the activities of any University employees outside of Audit Services, except to the extent such employees have been assigned to assist Audit Services.  

CONFIDENTIALITY OF ENGAGEMENT RECORDS

 

The Director of Audit Services will control access to engagement records and consult with the VP Administration and the Director and General Counsel of the Office of Fair Practices and Legal Affairs prior to releasing engagement records to external parties. 

The Office of the Auditor General is provided copies of all internal audit plans and final audit reports on request.   

RELATED DOCUMENTS

Approval of the Audit Services Charter provided by:

Ms. Patricia Bovey, Chair of the Audit and Risk Management Committee 

Dr. David Barnard, President  

November 24, 2012

Reviewed and updated November 5, 2013

Reviewed and updated March 3, 2015