The International Standards for the Professional Practice of Internal Auditing (Standards) require that the purpose, authority, and responsibility of the internal audit activity be formally defined in an internal audit charter. The internal audit charter establishes the internal audit activity's position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities.
Purpose and Mission
The Internal Audit Department (IA) is an independent, objective, assurance and consulting service designed to add value and improve the operations of Dallas College (DC). IA helps DC accomplish its objectives by bringing a systematic, disciplined approach to evaluate and help to improve the effectiveness of risk management, control, and governance processes. While practicing stringent regard for safekeeping and confidentiality of information received, IA will furnish analysis, appraisal, recommendations, advice, and information concerning the activities reviewed. Internal Audit is concerned with any phase of DC activity where the department can be a service to the Audit Committee of the Board of Trustees (Audit Committee), the Chancellor, senior management, faculty, and staff.
Guided by a philosophy of adding value, the mission of the Internal Audit Department is to enhance and protect organizational value by providing high-quality, objective, risk-based assurance and consulting services, advice, and insight, while embodying the commitment of improvement and betterment of the college, its students, and the community.
Standards for the Professional Practice of Internal Auditing
The IA Department will govern itself by adherence to the mandatory elements of The Institute of Internal Auditors' International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards, and the Definition of Internal Auditing. The CAE will report periodically to the Audit Committee, the Chancellor, and senior management regarding the IA Department’s conformance to the Code of Ethics and the Standards.
An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples may include financial, performance, compliance, operational, and system security engagements (audits).
Code of Ethics
The Code of Ethics of The Institute of Internal Auditors (IIA) are Principles relevant to the profession and practice of internal auditing, and Rules of Conduct that describe behavior expected of internal auditors. The Code of Ethics applies to both individuals and entities that provide internal audit services. The purpose of the Code of Ethics is to promote an ethical culture in the global profession of internal auditing.
Advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation, and training.
Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.
Core Principles for the Professional Practice of Internal Auditing
The Core Principles for the Professional Practice of Internal Auditing are the foundation for the International Professional Practices Framework and support internal audit effectiveness.
The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.
The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.
Actions Internal Audit recommends be taken to correct the audit issue. The audit recommendation is designed to help the department achieve its goals and address the issue’s root cause.
The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.
The level of risk that an organization is willing to accept.
The Chief Internal Auditor (the Chief Audit Executive – CAE) will report functionally to the Audit Committee and administratively (i.e., day-to-day operations) to General Counsel. To establish, maintain, and assure that the IA Department has sufficient authority to fulfill its duties, the Audit Committee will:
- Approve the IA Department’s Charter.
- Approve the risk-based internal audit plan.
- Approve the IA Department’s budget and resource plan.
- Receive communications from the CAE on the IA Department’s performance relative to its plan and other matters.
- Considering recommendations from the Chancellor, approve decisions regarding the appointment and removal of the CAE.
- Approve the compensation of the CAE.
- Make appropriate inquiries of management and the CAE to determine whether there is inappropriate scope or resource limitations.
The CAE will have unrestricted access to, and communicate and interact directly with, the Audit Committee including in private meetings, as permitted by law, without management present.
The CAE shall remain independent and objective with the ability to report directly to the Audit Committee of the Board of Trustees, any situation where the auditor perceives a conflict of interest with, or on the part of, the Chancellor’s involvement with the subject of an audit. In addition, Internal Audit shall have the ability to report directly to outside legal counsel or an applicable state agency any situation where the auditor perceives a conflict of interest with, or on the part of, the Audit Committee of the Board of involvement with the subject of an audit.
The Audit Committee and Chancellor authorizes the IA Department to:
- Have full, free, and unrestricted access to all functions, records, property, and personnel pertinent to carrying out any engagement, subject to accountability for confidentiality and safeguarding of records and information.
- Allocate resources, set frequencies, select subjects, determine scopes of work, apply techniques required to accomplish audit objectives, and issue reports.
- Obtain assistance from the necessary personnel of DC, as well as other specialized services from within or outside DC, in order to complete the engagement.
Independencce and Objectivity
The CAE will ensure that the IA Department remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of audit selection, scope, procedures, frequency, timing, and report content. If the CAE determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to appropriate parties.
Internal auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively and in such a manner that they believe in their work product, that no quality compromises are made, and that they do not subordinate their judgment on audit matters to others. Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, internal auditors will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment, including:
- Assessing specific operations for which they had responsibility within the previous year.
- Performing any operational duties for DC or its affiliates.
- Initiating or approving transactions external to the IA Department. Directing the activities of any DC employee not employed by the IA Department, except to the extent that such employees have been appropriately assigned to auditing teams or to otherwise assist internal auditors.
Where the CAE has, may, or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards will be established to limit impairments to independence or objectivity.
Internal auditors will:
- Disclose any impairment of independence or objectivity, in fact or appearance, to appropriate parties.
- Exhibit professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.
- Make balanced assessments of all available and relevant facts and circumstances.
- Take necessary precautions to avoid being unduly influenced by their own interests or by others in forming judgments.
The CAE will confirm to the Audit Committee, at least annually, the organizational independence of the IA Department. The CAE will disclose to the Audit Committee any interference and related implications in determining the scope of internal auditing, performing work, and/or communicating results.
Scope of Internal Audit Activities and Responsibilities
The scope of internal audit activities encompasses, but is not limited to, objective examinations of evidence for the purpose of providing independent assessments to the Audit Committee, Chancellor, and senior management, and outside parties on the adequacy and effectiveness of governance, risk management, and internal control processes and structures for DC. Internal audit assessments include evaluating:
- Risks relating to the achievement of DC’s strategic objectives are appropriately identified and managed.
- The adequacy and effectiveness of the DC’s internal control structure.
- The actions of DC’s officers, directors, employees, and contractors are in compliance with DC’s policies, procedures, and applicable laws, regulations, and governance standards.
- The results of operations or programs are consistent with established goals and objectives.
- Operations or programs are being carried out effectively and efficiently.
- Established processes and systems enable compliance with the policies, procedures, laws, and regulations that could significantly impact DC.
- Information and the means used to identify, measure, analyze, classify, and report such information are reliable and have integrity.
- Effective business processes to achieve internal control at a reasonable cost.
The CAE will report periodically to the Audit Committee, the Chancellor, and senior management regarding:
- The IA Department’s purpose, authority, and responsibility.
- The IA Department’s plan and performance relative to its plan.
- The IA Department’s conformance with The IIA’s Code of Ethics and Standards, and action plans to address any significant conformance issues.
- Significant risk exposures and control issues, including fraud risks, governance issues, and other matters requiring the attention of, or requested by, the Audit Committee, Chancellor, or senior management.
- Results of audit engagements or other activities.
- Resource requirements.
- Any response to risk by management that may be unacceptable to DC.
The CAE also coordinates activities, where possible, and considers relying upon the work of other internal and external assurance and consulting service providers as needed. The IA Department may perform advisory and related client service activities, the nature and scope of which will be agreed with the client, provided the IA Department does not assume management responsibility. Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during engagements. These opportunities will be communicated to the appropriate level of management.
The CAE has the responsibility to:
- Submit, at least annually, to the Audit Committee and the Chancellor a risk-based internal audit plan for review and approval.
- Communicate to the Audit Committee, the Chancellor, and senior management any impact of resource limitations on the internal audit plan.
- Review and adjust the internal audit plan, as necessary, in response to changes in DC’s business, risks, operations, programs, systems, and controls.
- Communicate to the Audit Committee, the Chancellor, and senior management any significant interim changes to the internal audit plan.
- Ensure each engagement of the internal audit plan is executed if applicable, including the establishment of objectives and scope, the assignment of appropriate and adequately supervised resources, the documentation of work programs and testing results, and the communication of engagement results with applicable conclusions and recommendations to appropriate parties.
- Follow up on engagement findings and corrective actions, and report periodically to the Audit Committee, the Chancellor, and senior management (as necessary and applicable) any corrective actions not effectively implemented.
- Ensure the principles of integrity, objectivity, confidentiality, and competency are applied and upheld.
- Ensure the IA Department collectively possesses or obtains the knowledge, skills, and other competencies needed to meet the requirements of the internal audit charter.
- Ensure trends and emerging issues that could impact on DC are considered and communicated to the Audit Committee, the Chancellor, and senior management as appropriate.
- Ensure emerging trends and successful practices in internal auditing are considered.
- Establish and ensure adherence to policies and procedures designed to guide the IA Department.
- Ensure adherence to DC’s relevant policies and procedures, unless such policies and procedures conflict with the internal audit charter. Any such conflicts will be resolved or otherwise communicated to the Audit Committee, the Chancellor, and senior management as applicable.
- Ensure conformance of the IA Department with the Standards, unless the IA Department is prohibited by law or regulation from conformance with certain parts of the Standards, the CAE will ensure appropriate disclosures and will ensure conformance with all other parts of the Standards.
If the Standards are used in conjunction with requirements issued by other authoritative bodies, the CAE will ensure that the IA Department conforms with the Standards, even if the IA Department also conforms with the more restrictive requirements of the other authoritative bodies.
Quality Assurance and Improvement Program
The IA Department will maintain a quality assurance and improvement program that covers all aspects of the IA Department. The program will include an evaluation of the IA Department’s conformance with the Standards and an evaluation of whether internal auditors apply The IIA’s Code of Ethics. The program will also assess the efficiency and effectiveness of the IA Department and identify opportunities for improvement. The CAE will communicate to the Audit Committee, the Chancellor, and senior management (as applicable) regarding the IA Department’s quality assurance and improvement program, including results of internal assessments (both ongoing and periodic) and external assessments conducted at least once every five years by a qualified, independent assessor or assessment team from outside DC.