University of Central Missouri Internal Audit Charter

Scope and Types of Internal Audit Services

The scope of internal audit services covers the entire breadth of the organization, including all the University’s activities, assets, and personnel. The fulfillment of this accountability includes, but is not limited to, evaluating whether:

• Risks are appropriately identified and managed.
• The actions of the University’s senior leaders, managers, faculty, staff, and contractors or other relevant parties comply with the University’s policies, procedures, and applicable laws, regulations, and governance standards.
• The results of operations and programs are consistent with established goals and objectives.
• Operations and programs are being carried out effectively and efficiently.
• Established processes and systems enable compliance with the policies, procedures, laws, and regulations that could significantly impact the University.
• The integrity of information and the means used to identify, measure, analyze, classify, and report such information is reliable.
• Resources and assets are acquired economically, used efficiently and sustainably, and protected adequately.

Internal Audit may also perform advisory services, the nature and scope of which may be agreed with the party requesting the service, provided that Internal Audit does not assume management responsibility.

Mandate

Authority

To establish, maintain, and assure that the University’s internal audit activity has sufficient authority to fulfill its duties, the Board authorizes the internal auditor to:

• Have full, free, and unrestricted access to all functions, records, property, and personnel pertinent to carrying out relevant and appropriate analyses, subject to accountability for confidentiality and safeguarding of documents and information.
• Obtain assistance from the necessary personnel of the University to complete internal audit services.
• Within the scope of the Internal Audit function, allocate available resources, set frequencies, select subjects, determine scopes of work, apply techniques, and issue communications to accomplish the function’s objectives consistent with the Board-approved duties and responsibilities.

The Internal Audit function has neither direct responsibility for, nor authority over, any activities, functions, or tasks it reviews. Accordingly, Internal Audit does not develop or write policies or procedures that it may later be called upon to evaluate. They may review draft materials created by the administration for propriety and/or completeness. However, ownership of, and responsibility for, these materials remain with the administration, not Internal Audit.

 

Independence, Organizational Position, and Reporting Relationships

To achieve the highest degree of independence, the Internal Auditor reports functionally to the Board through the Chair of the Finance and Administration Committee and administratively to the President for regular operational oversight. The reporting lines are intended to establish independence, allow unrestricted access to the Board, provide for accomplishment of responsibilities without interference from management, and give the organization authority necessary to maintain objectivity.

 

Changes to the Mandate and Charter

Circumstances may warrant a follow-up discussion among the Internal Auditor, the Board, and senior administration regarding the internal audit mandate or other aspects of the internal audit charter. Such circumstances may include, but are not limited to:

• A significant change in the Global Internal Audit Standards.
• A significant reorganization within the organization.
• Significant changes to the organization’s strategies, objectives, risk profile, or environment.
• New laws or regulations that may affect the nature and/or scope of internal audit services.

Role and Responsibility of the Internal Audit Function

Ethics and Professionalism

The internal auditor will:

• Conform with the Global Internal Audit Standards, including the principles of Ethics and Professionalism: integrity, objectivity, competency, due professional care, and confidentiality.
• Understand, respect, meet, and contribute to the legitimate and ethical expectations of the University and be able to recognize conduct that is contrary to those expectations.
• Encourage and promote an ethics-based culture in the organization.
• Report organizational behavior inconsistent with the organization’s ethical expectations, as described in applicable policies and procedures.

 

Objectivity

The internal auditor will:

• Ensure that the internal audit function remains free from all conditions threatening the auditor's ability to carry out responsibilities unbiasedly, including matters of engagement selection, scope, procedures, frequency, timing, and communication.
• Maintain an unbiased mental attitude to complete work objectively and in such a manner that no quality compromises are made and will not subordinate their judgment on audit matters to others, either in fact or appearance.
• Disclose impairments of independence or objectivity, in fact or appearance, to appropriate parties as soon as is practicable but not less than annually.
• Exhibit professional objectivity in gathering, evaluating, and communicating information.
• Make balanced assessments of all available and relevant facts and circumstances.
• Take necessary precautions to avoid conflicts of interest, bias, and undue influence.
• Have no direct operational responsibility or authority over any of the activities they review and will not implement internal controls, develop procedures, install systems, or engage in other activities that may impair their judgment, including:
  • Assessing specific operations for which they had responsibility within the previous year.
  • Performing operational duties for the University or its affiliates.
  • Initiating or approving transactions external to the internal audit function.
  • Directing the activities of any University employee not employed by the internal audit function, except to the extent that such employees have been appropriately assigned to assist the internal auditor.

Managing the Internal Audit Function

The internal auditor has the responsibility to:

• Develop a flexible risk-based annual audit plan, considering the input of the Board and senior management. The plan will be discussed with the President and submitted to the Finance and Administration Committee for review and approval.
• Communicate the impact of resource limitations on the internal audit plan to the Finance and Administration Committee Chair and the President, or if the audit plan undergoes significant interim changes.
• Review and adjust the internal audit plan, as necessary, in response to changes in University business, risks, operations, programs, systems, and controls.
• Ensure internal audit engagements are performed, documented, and communicated in accordance with the Global Internal Audit Standards, applicable laws, and/or regulations.
• Follow up on engagement findings, confirm the implementation of recommendations or action plans, and communicate the results of internal audit services to the Board and senior management periodically and for each engagement as appropriate.
• Ensure the internal audit function collectively possesses or obtains the knowledge, skills, and other competencies and qualifications needed to meet the Global Internal Audit Standards requirements and fulfill the internal audit mandate.
• Identify and consider trends and emerging issues that could impact the University and communicate to the Board and senior management as appropriate.
• Consider emerging trends and successful practices in internal auditing.
• Establish and ensure adherence to methodologies designed to guide the internal audit function.
• Ensure adherence to the University’s relevant policies and procedures unless such policies and procedures conflict with the internal audit charter or the Global Internal Audit Standards. Any such conflicts will be documented and communicated to the Board and senior management for resolution.

Communication with the Board and Senior Management

The internal auditor will report annually to the Board and on an ongoing basis with the President regarding:

• The internal audit function’s mandate.
• The internal audit plan and performance relative to its plan.
• Internal audit budget.
• Resource requirements.
• Significant revisions to the internal audit plan and budget.
• Potential impairments to independence, including relevant disclosures as applicable.
• Results from the quality assurance and improvement program include the internal audit function’s conformance with the IIA’s Global Internal Audit Standards and action plans to address the internal audit function’s deficiencies and opportunities for improvement.
• Significant risk exposures and control issues, including fraud risks, governance issues, and other focus areas for the Board that could interfere with achieving the University’s strategic objectives.
• Results of assurance and advisory services.
• Management’s responses to risks that the internal audit function determines may be unacceptable or the acceptance of a risk beyond the University’s risk appetite.

Quality Assurance and Improvement Program

The Internal Audit function will develop, implement, and maintain a quality assurance and improvement program that covers all aspects of the internal audit function. The program will include external and internal assessments of the Internal Audit function’s conformance with the Global Internal Audit Standards, performance measurement to assess its progress toward achieving its objectives, and promotion of continuous improvement.  The internal auditor will communicate to the President and the Chair of the Finance and Administration Committee on the Internal Audit department’s quality assurance and improvement program, including results of internal assessments (both ongoing and periodic) and external assessments conducted at least once every five years by a qualified, independent assessor or assessment team from outside the University.

 

 

Revision History:

Approved by the Board of Governors at its meeting on October 23, 2025.