Central Internal Audit Office Charter

Introduction

Internal Auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of state agencies. It assists these agencies in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization's governance, risk management, and internal control.

Role

The Central Internal Audit Office is established by General Statute Chapter 143, Article 79. The Central Internal Audit Office's responsibilities are defined by these laws to include staffing the Council of Internal Auditing. The Council of Internal Auditing has authority to set policy and direct the work of the Central Internal Audit Office.

Professionalism

The Central Internal Audit Office will govern itself by adherence to The Institute of Internal Auditors' mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, the Core Principles, and the International Standards for the Professional Practice of Internal Auditing (Standards). This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the Central Internal Audit Office's performance.

The requirement within General Statute Chapter 143, Article 79 will also be adhered to as applicable to guide operations. In addition, the Central Internal Audit Office will adhere to the Office of State Budget and Management's relevant policies and procedures and the internal audit internal procedure manual.

Authority

The Central Internal Audit Office, with strict accountability for confidentiality and safeguarding records and information, is authorized full, free, and unrestricted access to any and all state agency’s records, physical properties, and personnel pertinent to carrying out any engagement. All employees are requested to assist the Central Internal Audit Office in fulfilling its roles and responsibilities.

Organization

The Central Internal Audit Director will report functionally to the Council of InternalAud iting (Council) and administratively to the State Budget Officer.

The functional oversight of the Council includes:

  • Approve the internal audit charter.
  • Approve the risk-based internal audit plan.
  • Receive communications from the Central Internal Audit Director on the Central Internal Audit Office's performance relative to its plan and other matters.
  • Make appropriate inquiries of the Central Internal Audit Director to determine whether there is inappropriate scope or resource limitations.

The Central Internal Audit Director will communicate and interact directly with the Council, including in executive sessions and between Council meetings as appropriate.

Central Internal Audit Director reports administratively to the State Budget Director. The OSBM management structure facilitates the day-to-day operations of Central Internal Audit Office. 

Administration reporting includes:

  • Budgeting and management accounting.
  • Human resource administration, including personnel evaluation and compensation.
  • Internal communications and information flows.
  • Administration of the Central Internal Audit Office’s policies and procedures.

Independence and Objectivity

The Central Internal Audit Office will remain free from interference by any element in the agencies, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.

Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair internal auditor's judgment.

Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.

The Central Internal Audit Director will confirm to the Council, at least annually, the organizational independence of the Central Internal Audit Office.

Responsibility

The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the organization's governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the organization's stated goals and objectives. This may include:

  • Evaluating risk exposure relating to achievement of the organization's strategic objectives.
  • Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
  • Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the organization.
  • Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
  • Evaluating the effectiveness and efficiency with which resources are employed.
  • Evaluating operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
  • Monitoring and evaluating governance processes.
  • Monitoring and evaluating the effectiveness of the organization's risk management processes.
  • Performing consulting and advisory services related to governance, risk management and control as appropriate for the organization.
  • Reporting periodically on the Central Internal Audit Office's purpose, authority, responsibility, and performance relative to its plan.
  • Evaluating specific operations at the request of the Council or management, as appropriate.

Additional responsibility includes administration of the Council programs. These duties include:

  • Administering and coordinating of the peer review program.
  • Identifying and providing training to state government internal auditors.
  • Staffing the Council meetings.
  • Developing and maintaining guideline and best practice manual.
  • Administering the Internal Auditor’s Award of Excellence program.
  • Drafting the annual accomplishment report.
  • Conducting staffing analysis for internal audit resources.
  • Maintain a repository of internal audit reports and plans.
  • Conduct special project at the request of the Council.

Internal Audit Plan

At least annually, the Central Internal Audit Director will submit to senior management and the Council a risk-based internal audit plan for review and approval. The Central Internal Audit Director will communicate the impact of resource limitations and significant interim changes to senior management and the Council.

The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input of senior management. The Central Internal Audit Director will review and adjust the plan, as necessary, in response to changes in the organization's business, risks, operations, programs, systems, and controls. Any significant deviation from the approved internal audit plan will be communicated to senior management and the Council.

Reporting and Monitoring

A written report will be prepared and issued by the Central Internal Audit Director or designee following the conclusion of each internal audit engagement and will be distributed as appropriate.

The internal audit report may include management's response and corrective action taken or to
be taken in regard to the specific findings and recommendations. Management's response,
whether included within the original audit report or provided thereafter (i.e. within thirty days) by management of the audited area should include a timetable for anticipated completion of action to be taken and an explanation for any corrective action that will not be implemented. The Central Internal Audit Office will be responsible for appropriate follow-up on engagement findings and recommendations. All significant findings will remain in an open issues file until cleared.

The Central Internal Audit Director will periodically report to senior management and the Council on the Central Internal Audit Office's purpose, authority, and responsibility, as well as performance relative to its plan.

Quality Assurance and Improvement Program

The Central Internal Audit Office will maintain a quality assurance and improvement program that covers all aspects of the Central Internal Audit Office. The program will include an evaluation of the Central Internal Audit Office's conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the Central Internal Audit Office and identifies opportunities for improvement.

The Central Internal Audit Director will communicate to senior management and the Council on the Central Internal Audit Office's quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every five years.

Internal Audit Charter was approved July 17, 2021

On