Baylor University Internal Audit Charter

Purpose and Mission

The purpose of Baylor University’s (Baylor) Office of Internal Audit and Management Analysis (Internal Audit) is to provide independent, objective assurance and consulting services designed to add value and improve Baylor’s operations. The mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. Internal Audit helps Baylor accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.

Standards for the Professional Practice of Internal Auditing

Internal Audit will govern itself, to the extent reasonable and necessary, by adherence to the mandatory elements of The Institute of Internal Auditors' International Professional Practices Framework, which are the Global Auditing Standards (Standards) and Topical Requirements. The Chief Audit Officer (CAO) will report periodically to Baylor’s President (President) and the Board of Regents Audit, Compliance, and Risk Management Committee (ACRM Committee) regarding Internal Audit’s conformance with the Standards, which will be assessed through a quality assurance and improvement program.

Authority

The CAO will report functionally to the ACRM Committee and administratively (i.e., day-to-day operations) to the Vice President and Chief Compliance and Risk Officer. To establish, maintain, and assure that Internal Audit has sufficient authority to fulfill its duties, the ACRM Committee will:

  • Approve the Internal Audit charter.
  • Approve the risk-based internal audit plan.
  • Review and approve the Internal Audit budget and resource plan as a joint effort with the Vice President and Chief Compliance and Risk Officer.
  • Receive communications from the CAO on Internal Audit’s performance relative to its plan and other matters.
  • Review and approve decisions regarding the performance, appointment and removal of the CAO as a joint effort with the Vice President and Chief Compliance and Risk Officer.
  • Review and approve the remuneration of the CAO as a joint effort with the Vice President and Chief Compliance and Risk Officer.
  • Make appropriate inquiries of management and the CAO to determine whether there is inappropriate scope or resource limitations.

The CAO will have unrestricted access to, and communicate and interact directly with, the ACRM Committee, including in private meetings without management present.

The ACRM Committee authorizes Internal Audit to:

  • Have full, free, and unrestricted access to all functions, records, property, and personnel pertinent to carrying out any engagement, subject to accountability for confidentiality and safeguarding of records and information.
  • Allocate resources, set frequencies, select subjects, determine scopes of work, apply techniques required to accomplish audit objectives, and issue reports.
  • Obtain assistance from the necessary Baylor personnel, as well as other specialized services from within or outside Baylor, in order to complete the engagement.

Independence and Objectivity

The CAO will ensure that Internal Audit remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of audit selection, scope, procedures, frequency, timing, and report content. If the CAO determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to appropriate parties.

Internal auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively and in such a manner that they believe in their work product, that no quality compromises are made, and that they do not subordinate their judgment on audit matters to others.

Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, internal auditors will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment, including:

  • Assessing specific operations for which they had responsibility within the previous year.
  • Performing any operational duties for Baylor or its affiliates.
  • Initiating or approving transactions external to Internal Audit.
  • Directing the activities of any Baylor employee not employed by Internal Audit, except to the extent that such employees have been appropriately assigned to auditing teams or to otherwise assist internal auditors.

Where the CAO has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards will be established to limit impairments to independence or objectivity.

Internal auditors will:

  • Disclose any impairment of independence or objectivity, in fact or appearance, to appropriate parties.
  • Exhibit professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.
  • Make balanced assessments of all available and relevant facts and circumstances.
  • Take necessary precautions to avoid being unduly influenced by their own interests or by others in forming judgments.

The CAO will confirm to the ACRM Committee, at least annually, the organizational independence of Internal Audit.

The CAO will disclose to the ACRM Committee any interference and related implications in determining the scope of internal auditing, performing work, and/or communicating results.

Scope of Internal Audit Activities

The scope of internal audit activities encompasses, but is not limited to, objective examinations of evidence for the purpose of providing independent assessments to the ACRM Committee, management, and outside parties on the adequacy and effectiveness of Baylor’s governance, risk management, and control processes. Internal audit assessments could include evaluating whether:

  • Risks relating to the achievement of Baylor’s strategic objectives are appropriately identified and managed.
  • The actions of Baylor’s officers, directors, employees, and contractors are in compliance with Baylor’s policies, procedures, and applicable laws, regulations, and governance standards.
  • The results of operations or programs are consistent with established goals and objectives.
  • Operations or programs are being carried out effectively and efficiently.
  • Established processes and systems enable compliance with the policies, procedures, laws, and regulations that could significantly impact Baylor.
  • Information and the means used to identify, measure, analyze, classify, and report such information are reliable and have integrity.
  • Resources and assets are acquired economically, used efficiently, and protected adequately.

The CAO will report periodically to the President and the ACRM Committee regarding:

  • Internal Audit’s purpose, authority, and responsibility.
  • Internal Audit’s plan and performance relative to its plan.
  • Internal Audit’s conformance with the Standards, and action plans to address any significant conformance issues.
  • Significant risk exposures and control issues, including fraud risks, governance issues, and other matters requiring the attention of, or requested by, the ACRM Committee.
  • Results of audit engagements or other activities.
  • Resource requirements.
  • Any response to risk by management that may be unacceptable to Baylor.

The CAO also coordinates activities, where possible, and considers relying upon the work of other internal and external assurance and consulting service providers as needed. Internal Audit may perform advisory and related client service activities, the nature and scope of which will be agreed with the client, provided Internal Audit does not assume management responsibility.

Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during engagements. These opportunities will be communicated to the appropriate level of management.

Responsibility

The CAO has the responsibility to:

  • Submit, at least annually, to the President and the Audit Committee a risk-based internal audit plan for review and approval.
  • Communicate to the President and the ACRM Committee the impact of resource limitations on the internal audit plan.
  • Review and adjust the internal audit plan, as necessary, in response to changes in Baylor’s business, risks, operations, programs, systems, and controls.
  • Communicate to the President and the ACRM Committee any significant interim changes to the internal audit plan.
  • Ensure each engagement of the internal audit plan is executed, including the establishment of objectives and scope, the assignment of appropriate and adequately supervised resources, the documentation of work programs and testing results, and the communication of engagement results with applicable conclusions and recommendations to appropriate parties.
  • Follow up on engagement findings and corrective actions, and report periodically to the President and the ACRM Committee any corrective actions not effectively implemented.
  • Ensure the principles of integrity, objectivity, confidentiality, and competency are applied and upheld.
  • Ensure Internal Audit collectively possesses or obtains the knowledge, skills, and other competencies needed to meet the requirements of the internal audit charter.
  • Ensure trends and emerging issues that could impact Baylor are considered and communicated to the President and the ACRM Committee as appropriate.
  • Ensure emerging trends and successful practices in internal auditing are considered.
  • Establish and ensure adherence to policies and procedures designed to guide Internal Audit.
  • Ensure adherence to Baylor’s relevant policies and procedures, unless such policies and procedures conflict with the internal audit charter. Any such conflicts will be resolved or otherwise communicated to the President and the ACRM Committee.
  • Ensure Internal Audit’s conformance with the Standards, with the following qualifications:
    • If Internal Audit is prohibited by law or regulation from conformance with certain parts of the Standards, the CAO will ensure appropriate disclosures and will ensure conformance with all other parts of the Standards.
    • If the Standards are used in conjunction with requirements issued by other authoritative bodies, the CAO will ensure that Internal Audit conforms with the Standards, even if Internal Audit also conforms with the more restrictive requirements of other authoritative bodies.

Quality Assurance and Improvement Program

Internal Audit will maintain a quality assurance and improvement program that covers all aspects of Internal Audit. The program will include an evaluation of Internal Audit’s conformance with the Standards and an evaluation of whether internal auditors apply the IIA’s Code of Ethics. The program will also assess the efficiency and effectiveness of Internal Audit and identify opportunities for improvement.

The CAO will communicate to the President and the ACRM Committee on Internal Audit’s quality assurance and improvement program, including results of internal assessments (both ongoing and periodic) and external assessments conducted by a qualified, independent assessor or assessment team from outside Baylor.

 
Copyright © Baylor® University. All rights reserved.
Baylor University • Waco, Texas 76798 • 1-800-229-5678