Charter

Introduction

The Internal Audit Department (Internal Audit) shall provide Michigan State University administrators and Trustees with an independent and objective evaluation of the effectiveness, efficiency, and application of the accounting, financial, and other internal controls necessary to accomplish University objectives in compliance with University policies and procedures, regulatory requirements, and sound business practices.

(Performance Standards 2130: Control and 2110: Governance)

Purpose

Internal Audit conducts reviews of University records and operations and reports the results of these reviews to management, including the President, and to the Audit Committee of the Board of Trustees. In fulfilling its responsibility to assist the President, Audit Committee, and University administrators in the effective discharge of their responsibilities, Internal Audit is committed to providing independent, objective, and timely service to its customers, as well as responding to their requests for consulting and other services, and to adding value to and improving the University’s operations. Internal Audit helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit conducts its projects in accordance with the Standards for the Professional Practice of Internal Auditing and Code of Ethics issued by The Institute of Internal Auditors. In addition, Internal Audit adheres to University policies and procedures. 

(Attribute Standard 1111: Direct Interaction with the Board; Performance Standard 2100: Nature of Work).

Authority

The Director of Internal Audit and the Internal Audit staff are authorized to:

  • Have full and unrestricted access to any and all University records, physical properties, and personnel relevant to any function under review or audit.
  • Request the assistance of all University employees in fulfilling Internal Audit’s function.
  • Maintain the independence necessary to render objective reports by assuring all audit activities (including audit scope, procedures, frequency, timing, and report content) are free from influence by auditee. (Attribute Standard 1110.A1: Organizational Independence).
  • Have free and unrestricted access to the President and access to the Audit Committee. (Attribute Standard 1110:  Organizational Independence).

The Director of Internal Audit and the Internal Audit staff are not authorized to:

  • Perform any operational duties for the University or its affiliates.
  • Initiate or approve accounting transactions external to Internal Audit.
  • Assume direct operational responsibility or authority over any of the activities under review or audit.
  • Develop or install systems or procedures, prepare records, or engage in any other activity that would normally be audited.

Independence

To provide for the independence of the Internal Audit Department, Internal Audit staff report to the Director of Internal Audit, who shall report administratively and functionally to the President with a dotted line to the Audit Committee.
(Attribute Standard 1110.A1:  Organizational Independence)

Responsibility

The Director of Internal Audit and the Internal Audit staff have a responsibility to:

  • Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the President for review and approval, with a copy to the Audit Committee. Significant changes to the approved plan shall be communicated to the President and to the Audit Committee.
  • Implement the approved annual audit plan and any special tasks or projects requested by the President, the Audit Committee, or University management.
  • Maintain sufficient knowledge, skills, expertise, and professional certifications to meet the requirements of this Charter.  (Attribute Standard 1200, 1210.A1, 1210.A2, and 1210.A3: Proficiency).
  • Apply the care and skill expected of a reasonably prudent and competent internal auditor.
  • Safeguard the documents and information given to Internal Audit during a periodic review or audit in the same prudent manner employed by those employees normally accountable for the documents and information.
  • Evaluate and assess new or changing services, processes, and operations coincident with their development, implementation, and/or expansion. 
  • Issue periodic reports to the President, Audit Committee, and management summarizing results of audit activities.
  • Keep the President, Audit Committee, and management informed of emerging trends and successful practices in internal auditing.
  • Assist in the investigation of significant suspected fraudulent activities within the University and notify the President, Audit Committee, and management of the results.
  • Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.

Audit Scope

The scope of Internal Audit encompasses the examination and evaluation of the adequacy and effectiveness of the University’s systems of internal control to achieve the stated goals and objectives of Michigan State University. The scope includes:

  • Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information. (Performance Standard 2120.A2: Risk Management; 2130.A1: Control)
  • Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a material impact on operations and reports. (Performance Standard 2120.A2: Risk Management; 2130.A1: Control)
  • Reviewing established systems of internal control to ascertain whether they are functioning as designed.
  • Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets. (Performance Standard 2120.A2: Risk Management; 2130.A1: Control)
  • Reviewing specific operations at the request of the Audit Committee, the President, or other managers, as appropriate.

Special Investigations

Individual University staff members are urged to contact Internal Audit directly or use the Misconduct Hotline (800-763-0764) or submit a report online to report financial or operating irregularities, compliance issues, or areas of doubt and concern. The identity of any employee making such contact will be kept confidential if so requested by the employee. Fiscal Misconduct Reporting Guidelines are located at http://www.ctlr.msu.edu/COMBP/FiscalMisconduct.aspx.

Reporting

A written report will be prepared and issued by the Director of Internal Audit or designee following the conclusion of each audit. A copy of each audit report will be forwarded to the President and to other affected parties. The Director of Internal Audit will prepare quarterly reports that include a summary of significant findings, which will be forwarded to the Audit Committee after review by the President.

The Director of Internal Audit or designee will include in the audit report the auditee’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management’s response should include a timetable for anticipated completion of the corrective action to be taken and an explanation for any recommendations not addressed by corrective action.  Internal Audit shall be responsible for appropriate follow-up on audit findings and recommendations.

Audit Standards and Ethics

Audit work of Internal Audit shall be performed in accordance with Generally Accepted Auditing Standards endorsed by the Institute of Internal Auditors in Standards for the Professional Practice of Internal Auditing. (Attribute Standard 1200:  Proficiency and Due Professional Care)

Members of Internal Audit are responsible to maintain the high standards of conduct, independence, and character necessary to provide proper and meaningful internal auditing for the University.

Approved September 6, 2012, by Lou Anna K. Simon, President, George Perles, Audit Committee Chair and Thomas N. Luccock, Director of Internal Audit

(Attribute Standard 1000, 1000.A1: Purpose, Authority, and Responsibility; 1010: Recognition of the Definition of Internal Auditing, the Code of Ethics, and the Standards in the Internal Audit Charter)