OAC's Internal Audit Charter was approved by the Committee on Audit and Compliance of the Board of Trustees.  The Charter has six key areas:

Purpose and Mission

Internal Audit is an independent and objective resource to review, assess, and enhance the internal control environment at the University and to assist the University community in upgrading business processes and mitigating business risk.  Internal Audit provides recommendations to assist University offices and departments to ensure:

  • Good stewardship of University assets;
  • Integrity of operational and financial information; and
  • Compliance with external laws and regulations and University policies and procedures.

Responsibilities

Internal Audit’s scope of responsibilities is to:
  • Examine and evaluate the adequacy and effectiveness of the University’s internal control structure.
  • Assess business risk and provide assurance to management and the Board regarding stewardship of University assets, integrity of operational and financial information, and compliance with applicable laws, regulations, and University policies.
  • Provide Internal Audit services to the Princeton Plasma Physics Laboratory (PPPL) in accordance with the Cooperative Audit Strategy requirements of the Department of Energy.
  • Update the Committee on Audit and Compliance on the status of key financial, operational, and regulatory initiatives at the University.
  • Review specific operations and/or conduct special investigations at the request of the Committee on Audit and Compliance or management, as appropriate.
  • Collaborate with management in a consultative role to evaluate significant new or changing systems, services, operations, and processes.
  • Manage out-sourced and co-sourced audit and compliance projects.
  • Communicate with External Auditors to coordinate risk mitigation efforts.
  • Keep the Committee on Audit and Compliance informed of key emerging trends and best practices in Internal Audit, risk management, and compliance matters.
In order to fulfill these responsibilities, Internal Audit will:
  • Develop a flexible annual Internal Audit work plan based on a prioritization determined by using relevant risk factors, including any risks or control concerns identified by management, and submit the plan to the Committee on Audit and Compliance for approval.
  • Implement the annual Internal Audit work plan, as approved, including any special projects or audits requested by management and/or the Committee on Audit and Compliance.
  • Report to the Committee on Audit and Compliance and the Executive Compliance Committee the results of completed internal audits, and the extent to which prior recommendations have been implemented.
  • Maintain the University’s compliance hotline and report to the Executive Compliance Committee inquiries received via the hotline.
  • Annually, submit to the Committee on Audit and Compliance a summary of the accomplishments of the past fiscal year and goals and objectives for the following fiscal year.
  • Maintain a professional Internal Audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.

Independence

Internal Audit is a monitoring function and has no direct operational responsibility or authority over any of the activities reviewed.  Therefore, an Internal Audit review does not relieve department heads/managers of their responsibility for the maintenance and improvement of controls in their respective areas.  Further, Internal Audit shall not develop or install systems or procedures, prepare records, or engage in any other activity which would normally be audited.

Scope of Authority

Internal Audit has full, free, and unrestricted access to any and all University books, records, information systems, physical properties, and personnel relevant to any function under review, as required to satisfy its audit and compliance responsibilities.  All employees are expected to assist Internal Audit in fulfilling its function. Further, the Chief Audit and Compliance Officer shall have authority to make specific reports directly to Princeton’s President and shall have direct access to the Board through the Chair of the Committee on Audit and Compliance. 

Organization

The Chief Audit and Compliance Officer shall report functionally to the Chair of the Committee on Audit and Compliance and report administratively to the Executive Vice-President. 

Professional Standards and Ethics

Internal Audit activities shall be performed according to appropriate professional standards, including but not limited to generally accepted auditing standards as advocated by The Institute of Internal Auditors in the International Standards for the Professional Practice of Internal Auditing, and the American Institute of Certified Public Accountants in the Statement on Auditing Standards.  Internal Audit staff has the responsibility to maintain exemplary ethics, including confidentiality of audit matters, and integrity and objectivity in the performance of their duties.