Internal Audit Charter

Policy Owner
Internal Audit Office
Document Type
Charter
Document Approval Date
Version
2.0

Internal Auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of Dublin City University. It assists Dublin City University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the University's governance, risk management and internal control.

The University recognises the significant contribution to good governance and effective internal control made by an efficient and effective Internal Audit function.

The University pledges its full support to the Internal Audit Service in discharging the authorities and responsibilities contained in this Charter and undertakes to provide adequate resources to Internal Audit to properly discharge its function.

Internal Audit derives its authority from the Governing Authority through the Audit Committee and the President and its activities are defined by the Governing Authority as part of their oversight role. 

Internal Audit, with strict accountability for confidentiality and safeguarding records and information, has the right of access to all Dublin City Universities information, records, assets and personnel which is considers necessary to fulfil its responsibilities.  Internal Audit shall be afforded the full co-operation of all employees and agents of the University in carrying out its professional duties.  The right of access includes subsidiary companies of the University.  Internal Audit may review other bodies or undertakings controlled or funded by the University as agreed by the Governing Authority.

Internal Audit reports functionally to the Audit Committee and administratively (i.e. day to day operations) to the Chief Operations Officer.  Internal Audit has direct access to the Chairperson of the Governing Authority and the Chairperson of the Audit Committee.

The Audit Committee will:

  • Approve the Internal Audit Charter.
  • Approve the risk based Internal Audit Plan.
  • Approve the Internal Audit Budget and Resource plan.
  • Receive communications from Internal Audit on internal audits performance relative to its plan and other matters.
  • Address all other matters included in the Audit Committee Terms of Reference as deemed appropriate.

Internal Audit will maintain independence and objectivity in all activity, including matters of audit selection, scope, procedures, frequency, timing or report content to permit maintenance of a necessary independent attitude.

The Internal Auditor will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair the Internal Auditor’s judgement.

Internal Audit will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal Audit will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgements.

The scope of audit activities will be determined using appropriate risk assessment tools to ensure adequate coverage of risks and exposures, and will consider the special needs of management. Specifically, Internal Audit’s scope of activities is to ascertain that the processes for controlling operations, as they have been designed and represented by management, are adequate and functioning.

Internal Audit has responsibility to:

  • Develop and maintain a strategic Audit Plan covering a 3 Year period using a risk based approach to appraise the effectiveness of the University’s system of internal control including financial, operational, compliance and risk management and submit that plan to the Audit Committee for approval.
  • Develop Annual Audit Plans based on signification exposures identified in the Strategic Audit Plan and submit such annual plans to the Audit Committee for approval.
  • Consider the scope of work and liaise with external auditors and the Comptroller and Auditor General (C&AG) for the purpose of providing optimal audit coverage.
  • Implement the audit plans as approved, including any value for money auditing and special projects assigned by the Audit Committee or requested by senior management.
  • Disseminate Best Practice Guidelines.
  • Report significant issues relating to the processes for controlling the activities of the University arising from the internal audit work undertaken.
  • Issue reports to the Audit Committee addressing the results of audits conducted summarising observations and recommendations made.
  • As part of findings follow-up reviews, Internal Audit will monitor and report to management and the Audit Committee on progress towards the implementation of agreed audit recommendations.
  • Evaluate and assess controls coincident with the introduction of major changes to systems.
  • Provide technical assistance to management to assist in the investigation of suspected fraudulent activity within the University.
  • Participate in periodic External Quality Assessments (3 – 5 yearly).
  • Ensure Internal Audit Staff have appropriate skills, training and complete CPD requirements.

At least annually, Internal Audit will submit to the Audit Committee an Internal Audit Plan for review and approval. The Internal Audit Plan will consist of a work schedule as well as budget and resource requirements for the next calendar year accompanied by an outline plan for the subsequent three years.

The Internal Audit Plan will be developed based on a prioritisation of the audit universe using a risk-based methodology, including input of senior management and the Governing Authority. Internal Audit will review and adjust the plan, as necessary, in response to changes in the University’s business, risks, operations, programs, systems, and controls. Any significant deviation from the approved Internal Audit plan will be communicated to Senior Management and the Audit Committee through periodic reports.

A written report will be prepared and issued by Internal Audit following the conclusion of each Internal Audit engagement and will be distributed as appropriate. Internal audit results will also be communicated to the Audit Committee and the Senior Management team.

The Internal Audit report may include management’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management's response, whether included within the original audit report or provided thereafter by management of the audited area should include a timetable for anticipated completion of action to be taken and an explanation for any corrective action that will not be implemented.

Internal Audit will periodically report to Senior Management and the Audit Committee on Internal Audits purpose, authority, and responsibility, as well as performance relative to its Internal Audit Plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by Senior Management and the Governing Authority.

Internal Audit will maintain a quality assurance and improvement programme that covers all aspects of the internal audit activity. The programme will include an evaluation of Internal Audits conformance with the IIA Standards and an evaluation of the IIA’s Code of Ethics. The programme will also assess the efficiency and effectiveness of the internal audit activity and identify opportunities for improvement.    

The Head of Internal Audit will communicate to Senior Management and the Audit Committee on Internal Audits quality assurance and improvement programme, including results of internal and external assessments. 

Internal Audit will be fully committed to quality and conduct its business within the framework of applicable professional standards, laws, regulations and internal policies. It recognises that these standards, laws, regulations and policies cannot govern all types of behaviour. As a result, it has its own Code of Conduct which applies to all of its people and all of its work.  

In performing its work Internal Audit takes into account the following standards:

  • The Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing (Standards); and

  • Applicable International Auditing Standards and the supporting Institute of Chartered Accountants Ireland (ICAI) bulletins.

Internal Audit Activity Charter

Approved this 17th day of June, 2020

______________________________                                     

Chair of the Audit Committee

Approved this 10th day of September,2020

______________________________

Chair of the Governing Authority

Reference:

Internal Audit Charter  - Version 2.0/2021

Author:

Alison Byrne, Head of Internal Audit

Issue Date:

17th June 2020

Review Date:

24th November 2021

Reviewed  By:

 Audit Committee 24th November 2021

Approved By:

 Audit Committee 24th November 2021 (no updates made)

Distribution:

Governing Authority, Internal Audit Team, Audit Committee, Senior Management team 

Last Reviewed / Updated:

24th November 2021

Last approval date by Audit Committee:

17th June 2020

Last Approval Date by Governing Authority:

10th September 2020