Home
FUTURE STUDENTS ask.UWindsor SUPPORT UWINDSOR

Internal Audit Charter

Internal Audit Charter

The Internal Audit Charter is a formal written document which defines Internal Audit's mandate, organizational position, reporting relationships, scope of work and types of services. The Charter has been approved by the Audit Committee of the Board of Governors.

The mandate of the University of Windsor (“UWindsor”) Internal Audit (“IA”) function is to assist the Audit Committee and Management in meeting its role with an independent, risk-based, and objective assurance and advisory body established to carry out activities that add value and improve UWindsor operations and systems of internal controls. IA assists UWindsor in accomplishing its objectives by bringing a systematic, collaborative, and disciplined approach to evaluate and improve the effectiveness of the UWindsor’s governance, risk management, and internal control processes as well as identifying opportunities for improvement.

IA will support UWindsor in proactively pursuing internal control compliance and improvement opportunities, enhancing corporate oversight, and ensuring the optimization of value and resources. The responsibilities of IA are established by the Audit Committee. It is the intent of Internal Audit to work collaboratively with UWindsor and to meet these objectives.

IA will adhere to the mandatory elements of The Institute of Internal Auditors’ (“IIA”) International Professional Practices Framework, which are the Global Internal Audit Standards and Topical Requirements, and the standards of any other professional designations they hold, as applicable. In addition, IA will adhere to UWindsor’s relevant policies and procedures. IA will report annually to the Audit Committee and Management regarding the IA function’s conformance with the Global Internal Audit Standards which will be assessed through a quality assurance and improvement program.

The IA function’s authority is created by its direct reporting relationship to the Audit Committee. Such authority allows for unrestricted access to the Audit Committee. IA is authorized by the Audit Committee to have full, free, and unrestricted access at all reasonable hours, subject to availability, to all the UWindsor paper and electronic records, physical properties, and personnel pertinent to carrying out any approved project. This includes access to all records, physical properties, and personnel from the UWindsor and by request from relevant agencies, Boards, and Commissions. All UWindsor employees are expected to assist the IA function in fulfilling its roles and responsibilities.

To facilitate IA activities, it is expected that UWindsor employees are:

  • Co-operative and professional in our dealings with each other;
  • Transparent in terms of providing accurate and complete information requested;
  • Open in our communications;
  • Collaborative in identifying and communicating areas of risk; and
  • Responsive to reasonable information requested and addressing issues.

Information, documents, and other relevant data given to IA throughout an engagement will be handled in the same prudent and confidential manner as by those employees normally accountable for them.

IA will have no direct operational responsibility or authority over any of the activities audited. IA does not in any way relieve other persons at the UWindsor of the responsibilities assigned to them. Accordingly, IA will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair IA’s judgment and objectivity.

IA acknowledges that they will be subject to, and comply with, all applicable requirements under the Freedom of Information and Protection of Privacy Act (FIPPA).

IA will report functionally to the UWindsor’s Audit Committee and administratively to the Vice President, Finance & Operations. This positioning provides the organizational authority and status to bring matters directly to Senior Administration and escalate matters to the Audit Committee, when necessary, without interference and supports the IA function’s ability to maintain objectivity. Further, this reporting structure enables IA to maintain independence and promote comprehensive audit objectivity.

IA will communicate and interact directly with the Audit Committee and the Vice President of Finance & Operations as appropriate. The responsibilities of the Audit Committee are to:

  • Approve the IA charter and ensure that IA has the appropriate authority, role, responsibilities, scope and services to effectively deliver on the mandate;
  • Approve the risk based internal audit plan and provide input into the IA plan and budget;
  • Approve the annual IA budget and expenses, if any;
  • Receive communications from the Vice President of Finance & Operations on the IA performance relative to its plan and other matters;
  • Receive final reports on audit findings, recommendations, and Management responses;
  • Approve decisions regarding the appointment and removal of the Internal Auditor;
  • Ensure IA has unrestricted access to and communicates directly with the Audit Committee, including in private meetings without Management. These discussions should enable the essential conditions that enable an effective IA function; and
  • Ensure that the IA function reports annually on their quality assurance and improvement program.

IA will also engage with Management in fulfilling its mandate. In particular, IA will:

  • Present the IA Universe and risk assessment to Management for review and feedback;
  • Review the draft annual risk-based IA Plan with Management to receive recommended priorities for IA each year;
  • Work with Management to plan and coordinate field work for approved IA engagements;
  • Review audit findings and recommendations with Management; and
  • Incorporate Management responses and action plans.

IA will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. IA will make a balanced assessment of all the relevant circumstances and not be unduly influenced by self-interests or by others in forming judgments.

IA will confirm to the Audit Committee annually in writing the organizational independence of the IA activity. Auditors will not be assigned to any projects which may result in impairments to independence and objectivity. Impairments to independence and objectivity may include, but are not limited to:

  • Having family members or persons within whom there exists or has recently existed a personal relationship as audit clients; and
  • Provided advisory services to areas being audited at any time within the 12 months preceding the assurance audit. IA must also confirm that the nature of the advisory services does not impair objectivity and assign resources such that individual objectivity is not impaired.

The IA function will disclose any interference internal auditors encounter related to the scope, performance, or communication of IA work and results. The disclosure will include communicating the implications of such interference on the IA function’s effectiveness and ability to fulfill its mandate.

The scope of IA encompasses, but is not limited to, the execution of the mandate.

This includes:

  • Establishing the IA function within Uwindsor in coordination with the University Internal Auditor and ensure that the internal auditors:
    • Conform with the Global Internal Audit Standards, including the principles of Ethics and Professionalism: Integrity, objectivity, competency, due professional care, and confidentiality;
    • Understand, respect, meet and contribute to the legitimate and ethical expectations of the organization and be able to recognize conduct that is contrary to those expectations;
    • Encourage and promote an ethics-based culture in the organization; and
    • Report organizational behavior that is inconsistent with the organization’s ethical expectations, as described in UWindsor’s policies and procedures;
  • Ensure IA engagements are performed, documented, and communicated in accordance with the Global Internal Audit Standards and laws/regulations;
  • Providing feedback on the current Enterprise Risk Management Program in order to develop UWindsor’s risk-based audit plan;
  • Preparation, presentation, and implementation annually of a risk-based audit plan;
  • Review and adjust the IA plan as necessary and communicate to the Audit Committee and Management if there are significant changes to the IA plan;
  • Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information;
  • Evaluating the systems established to support compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the UWindsor;
  • Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets;
  • Evaluating the effectiveness and efficiency with which resources are employed;
  • Evaluating operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned;
  • Monitoring and evaluating governance processes;
  • Monitoring and evaluating the effectiveness of the UWindsor risk management processes;
  • Performing advisory services related to governance, risk management and internal controls as appropriate for the UWindsor;
  • Evaluating specific operations or processes at the request of the Audit Committee or Management, as appropriate;
  • Reporting significant risk exposures and internal control issues, including fraud risks, governance issues, and other matters as needed or requested by the Audit Committee and Management;
  • Investigating and reporting on known or suspected violations of policies and procedures, financial irregularities, fraud or misuse of UWindsor assets, both independently and/or in collaboration with the UWindsor Manager;
  • Reporting periodically on IA’s purpose, authority, responsibility, and performance relative to its plan;
  • Issuing audit reports to the Audit Committee and Management as applicable, summarizing the results of audit activities performed, including audit findings, related recommendations and agreed to management action plans;
  • Performing and reporting on follow-up activities for high and medium priority observations to determine the status of recommendations contained in previously issued audit reports;
  • Keeping the Audit Committee and UWindsor Management informed of emerging trends and successful practices in internal auditing;
  • Serving as an advisory resource for the review of policies and procedures, financial and administrative systems, organizational structures, integrated risk management, and other related governance, risk and control activities, as requested;
  • Maintaining professionalism with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter and to meet the minimum continuing professional education credit requirements;
  • Establishing and adhering to methodologies designed to guide the IA function;
  • Ensure adherence to UWindsor’s relevant policies as provided to the IA function and so long as they do not conflict with the IA Charter. Any such conflicts will be resolved or documented and communicated to the Audit Committee and the Vice President, Finance & Operations;
  • Coordinating with the external auditors to provide information on a timely basis that may affect their external audit activities and to receive information from them that could affect the IA assessment of management’s internal controls; and
  • Coordinating with system partners to provide information on a timely basis that may affect their activities and receive information from them that could affect the IA assessment of management internal controls.

IA will submit to the Audit Committee an agile risk-based IA plan, and annual IA plan updates for review and approval each year. The IA plan will be developed to operate within the approved budget and will consist of high- level project descriptions and budget/resource requirements for the next fiscal year. Additionally, the IA plan for the following fiscal year will be presented for information and will be subject to the approval process as outlined above.

The annual IA plan update will be developed based on a prioritization of the audit universe and inherent education delivery sector risks using a risk-based methodology, including input from senior leadership, and the Audit Committee. IA will review and adjust the plan, as necessary, in response to changes in the UWindsor business, risks, operations, programs, systems, and controls.

Any significant deviation from the approved annual IA plan will be communicated to the Audit Committee at their regularly scheduled meetings. Additionally, the Audit Committee Chair will be informed between the Audit Committee meetings, if more timely communication is deemed necessary.

A written report will be prepared and issued by IA following the conclusion of each IA engagement and will be distributed to Management, as appropriate, and the Audit Committee Chair. IA results will also be communicated to the Audit Committee in a report prepared for each Audit Committee meeting. Where applicable, recommendations for implementing industry best practices (effectiveness and efficiency) will be incorporated into the report.

Each IA report will include management’s response and corrective action taken or to be taken regarding the specific findings and recommendations. Management's response should include a timetable for anticipated completion of action to be taken or a clear acceptance of the risks identified.

The University Internal Auditor will be responsible for appropriate follow-up on high and medium priority project observations and recommendations. All high and medium priority observations will remain in an open status until validated by IA.

IA will periodically report to the Audit Committee on the IA’s purpose, authority, and responsibility, as well as performance relative to its plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the Audit Committee.

A copy of all final IA reports, or parts of reports, prepared for the Audit Committee will be provided to the UWindsor external auditors.

Closed Session reports are distributed on a separate agenda to the Audit Committee and relevant Management where appropriate. In reports where only a section of the report is classified as privileged and confidential, these sections should be reported separately and placed in a “Confidential” appendix to the report.

As an external service provider serving as IA activity, we will communicate with the Audit Committee on IA’s quality assurance and improvement program, including the results of internal assessments (ongoing monitoring and periodic self-assessments). Our review process is throughout the engagements and then annually as part of our internal quality practices at Deloitte. At Deloitte, we have formal reviews conducted on our outsourced IA engagements every three to five years.

The IA Charter shall be reviewed by the Audit Committee for required updates and approval annually.