OAC's Internal Audit Charter was approved by the Committee on Audit and Compliance of the Board of Trustees. The Charter has six key areas:
- Purpose and Mission
- Responsibilities
- Independence
- Scope of Authority
- Organization
- Professional Standards and Ethics
Purpose and Mission
Internal Audit is an independent, objective assurance and consulting resource to review, assess, and enhance the effectiveness of risk management, internal controls and business processes at the University. Internal Audit provides recommendations to assist University offices and departments to ensure:
- Responsible stewardship of University assets;
- Integrity of operational and financial information; and
- Compliance with external laws and regulations and University policies and procedures.
Responsibilities
Internal Audit’s scope of responsibilities is to:
- Examine and evaluate the adequacy and effectiveness of the University’s internal control structure.
- Assess business risk and provide assurance to management and the Board regarding stewardship of University assets, integrity of operational and financial information, and compliance with applicable laws, regulations, and University policies.
- Provide Internal Audit services to the Princeton Plasma Physics Laboratory (PPPL) in accordance with the requirements of the Department of Energy.
- Update the Committee on Audit and Compliance on the status of key financial, operational, and regulatory initiatives at the University.
- Review specific operations and/or conduct special investigations at the request of the Committee on Audit and Compliance or management, as appropriate.
- Collaborate with management in a consultative role to evaluate significant new or changing systems, services, operations, and processes.
- Manage out-sourced and co-sourced audit and compliance projects.
- Communicate with External Auditors to coordinate risk mitigation efforts.
- Keep the Committee on Audit and Compliance informed of key emerging trends and best practices in internal audit, risk management, and compliance matters.
In order to fulfill these responsibilities, the Office of Audit and Compliance will:
- Develop a flexible annual work plan based on a prioritization determined by using relevant risk factors, including any risks or control concerns identified by management, and submit the plan to the Committee on Audit and Compliance for approval.
- Implement the annual work plan, as approved, including any special projects or audits requested by management and/or the Committee on Audit and Compliance.
- Report to the Committee on Audit and Compliance and the Executive Compliance Committee the results of completed internal audits, consulting engagements, and compliance projects, and the extent to which prior recommendations have been implemented.
- Maintain the University Hotline and report to the Executive Compliance Committee inquiries received via the hotline.
- Annually, submit to the Committee on Audit and Compliance a summary of the accomplishments of the past fiscal year and goals and objectives for the following fiscal year.
- Maintain a professional staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
Independence
Internal Audit is a monitoring function and has no direct operational responsibility or authority over any of the activities reviewed. Therefore, an Internal Audit review does not relieve department heads/managers of their responsibility for the maintenance and improvement of controls in their respective areas. Further, Internal Audit shall not develop or install systems or procedures, prepare records, or engage in any other activity which would normally be audited.
Scope of Authority
Internal Audit has full, free, and unrestricted access to any and all University books, records, information systems, physical properties, and personnel relevant to any function under review, as required to satisfy its audit and compliance responsibilities. All employees are expected to assist Internal Audit in fulfilling its function.
Further, the Vice President & Chief Audit and Compliance Officer shall have authority to make specific reports directly to Princeton’s President and shall have direct access to the Board through the Chair of the Committee on Audit and Compliance.
Organization
The Vice President & Chief Audit and Compliance Officer shall report functionally to the Chair of the Committee on Audit and Compliance and report administratively to the Executive Vice-President.
Professional Standards and Ethics
Internal Audit activities shall be performed according to appropriate professional standards, including but not limited to generally accepted auditing standards as advocated by The Institute of Internal Auditors in the International Standards for the Professional Practice of Internal Auditing, and/or the American Institute of Certified Public Accountants in the Statement on Auditing Standards. Internal Audit staff has the responsibility to maintain exemplary ethics, including confidentiality of audit matters, and integrity and objectivity in the performance of their duties.