Internal Audit Charter
The purpose of Western Washington University’s (WWU’s) Office of the Internal Auditor (OIA) is to provide independent, objective assurance and consulting services designed to add value and improve WWU’s operations. The mission of the OIA is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. The OIA helps WWU accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.
The Director of the OIA will ensure that the OIA collectively possesses or obtains the knowledge, skills and other competencies needed to meet the requirements of the Office of the Internal Auditor Charter.
The OIA will govern itself by adherence to the mandatory elements of The Institute of Internal Auditors’ (IIA) International Professional Practices Framework, including the Core Principles of the Professional Practice of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing, and the Definition of Internal Auditing.
The OIA will maintain a quality assurance and improvement program (QAIP) that will include evaluation of its conformance with the Standards and the IIA’s Code of Ethics. This program includes periodic internal self-assessments, and external assessments performed once every five years by an assessment team from outside the University. The Director of the OIA will communicate the results of these assessments to appropriate senior management and the Finance, Audit and Enterprise Risk Management Committee (Committee).
The Director of the OIA reports functionally to the Committee, which directs the planning, execution, and results of audit activities. The Director of the OIA reports administratively (e.g., oversight of payroll, budget, and space allocation) as deemed appropriate by the President with the concurrence of the Committee. To demonstrate this functional reporting relationship and to establish, maintain, and assure that the OIA has sufficient authority to fulfill its duties the Committee has established and implemented internal audit program oversight duties specifically identified in the Committee Charter.
The Director of the OIA participates in Committee meetings and has unrestricted access to, and communicates and interacts directly with the Committee, including in private meetings without management present.
The OIA is authorized to:
- Have full, free and unrestricted access to all University functions, records, property, and personnel pertinent to carrying out any engagement, subject to accountability for confidentiality and safeguarding of records and information.
- Maintain and allocate OIA’s resources, including, but not limited to, establishing audit frequencies, selecting audit subjects, determining the scope of work, and applying techniques required to accomplish audit objectives and issue reports within the framework of the Committee’s functional oversight.
- Obtain assistance from the necessary personnel of WWU, as well as other specialized services from within or outside WWU, in order to complete the engagement.
Independence and Objectivity
In order to permit independent and unbiased judgments essential to the proper conduct of audits, the Office of the Internal Auditor reports functionally to the Audit Committee of the Board of Trustees and administratively as deemed appropriate by the President with concurrence of the Audit Committee. The Director of the OIA will ensure that the OIA remains free from all conditions that threaten the ability of the OIA internal auditors to carry out their responsibilities in an unbiased manner, including matters regarding audit selection, scope, procedures, frequency, timing, and report. If the Director determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to appropriate parties.
OIA Internal Auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively and in such a manner that they believe in their work products, that no quality compromises are made, and that they do not subordinate their judgment on audit matters to others.
OIA Internal Auditors will have no direct operational responsibility or authority over any of the operations or activities reviewed. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment, including:
- Performing any operational duties for the University.
- Initiating or approving transactions external to the OIA.
- Directing the activities of any University employee not employed by the OIA, except to the extent that such employees have been appropriately assigned to an audit team or to otherwise assist the OIA.
Where the OIA is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards will be established to limit impairments to independence or objectivity.
WWU’s Internal Auditors will:
- Disclose any impairment of independence or objectivity, in fact, or appearance to appropriate parties.
- Exhibit professional objectivity and due professional care in gathering, evaluating, and communicating information about the activity or process being examined.
- Make balanced assessments of available and relevant facts and circumstances.
- Take necessary precautions to avoid being unduly influenced by their own interests or by others in forming judgments.
The Director of the OIA will confirm to the Committee, at least annually, the organizational independence of the OIA.
The Director of OIA is responsible for submitting, at least annually, to appropriate senior management and the Committee a risk-based annual internal audit plan (Plan) for review and recommendation to the full Board of Trustees for approval. The plan will be developed using an appropriate risk-based methodology that considers the input of appropriate senior management and the Committee. The Director is responsible for implementing the approved Plan, subject to adjustments, made as necessary, in response to changes in the University’s risks, operations, programs, systems, and controls. Audit services are coordinated with external assurance and consulting service providers to reduce duplication of efforts and increase audit coverage of the University.
The Plan will include provisions for the four types of OIA’s audit services:
- Assurance Services: The scope and nature of assurance services encompasses, but is not limited to, objective examinations of evidence for the purpose of providing independent assessments to the Committee, management and outside parties on the adequacy and effectiveness of governance, risk management and control process for WWU. Assurance services include evaluating whether:
- Operations or programs are being carried out effectively and efficiently.
- Established practices, processes and systems enable compliance with policies, procedures and applicable laws, and regulations that could significantly impact WWU.
- Information and the means used to identify, measure, analyze, classify, and report such information are reliable and have integrity.
- Resources and assets are acquired economically, used efficiently, and protected adequately.
- Risks related to the achievement of WWU’s strategic objectives are appropriately identified and managed.
- The actions of WWU’s officers, directors, employees, and contractors are in compliance with WWU’s policies, procedures, and applicable laws, regulations, and governance standards.
- The results of operations or programs are consistent with established goals and objectives.
- Consulting Services: Advisory and related client service activities, the nature, and scope of which are agreed upon with the client, and are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation, and training.
- Investigative Engagements: Investigations evaluate allegations of financial and operational misconduct to determine whether allegations are substantiated and to prevent future occurrences.
- Follow-up Engagements: Follow-up engagements evaluate plans and actions taken to correct reported conditions.
A written report will be prepared and issued by the Director of the OIA following the conclusion of each engagement and will be distributed appropriately. University management shall respond in a timely manner. The response will indicate what actions were taken or are planned, and an anticipated completion date regarding the specific recommendations. Copies of final reports will be distributed to the Committee Members, the President as well as appropriate University personnel.
The Director of the OIA will report periodically to appropriate senior management and the Committee regarding:
- The OIA’s purpose, authority, and responsibility (i.e., Office of the Internal Auditor Charter).
- The OIA’s risk-based annual audit plan and performance relative to its plan, interim changes to the plan, and other matters including the results of engagements or other activities.
- Sufficiency of OIA’s budget and resources.
- Any interference or unwarranted restrictions on OIA’s authorized access and activities.
- The OIA’s organizational independence and OIA Internal Auditor’s objectivity.
- The results of QAIP internal and external assessments.
- The OIA’s conformance with State Administrative & Accounting Manual (SAAM) Chapter 22 Internal Auditing and Revised Code of Washington (RCW) 43.88.160.
- Significant risk exposures and control issues, including fraud risks, governance issues and other matters requiring the attention of, or requested by, the Committee.
- Whether appropriate actions have been taken on significant OIA findings and/or any response to risk by management that may be unacceptable to WWU.
Approved by the WWU Board of Trustees on April 13, 2018