Internal Audit Charter

Internal Auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of Dublin City University. It assists Dublin City University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the University's governance, risk management, corporate culture and internal control system.

The University recognises the significant contribution to good governance and effective internal control made by an efficient and effective Internal Audit function.

The University pledges its full support to the Internal Audit Service in discharging the authorities and responsibilities contained in this Charter and undertakes to provide adequate resources to Internal Audit to properly discharge its function.

Internal Audit derives its authority from the Governing Authority through the Audit Committee and the President, and its activities are defined by the Governing Authority as part of their oversight role. 

Internal Audit, with strict accountability for confidentiality and safeguarding records and information, has the right of access to all Dublin City Universities information, records, assets and personnel, which it considers necessary to fulfil its responsibilities.  Internal Audit shall be afforded the full co-operation of all employees and agents of the University in carrying out its professional duties.  The right of access includes subsidiary companies of the University.  Internal Audit may review other bodies or undertakings controlled or funded by the University as agreed by the Governing Authority.

Internal Audit reports functionally to the Audit Committee and administratively (i.e. day to day operations) to the Chief Operations Officer. The Head of Internal Audit has a direct reporting line to the President of the University as well as direct access to the Chairperson of the Governing Authority and the Chairperson of the Audit Committee. 

The Audit Committee will:

• Approve the Internal Audit Charter.
• Approve the risk based Internal Audit Plan.
• Approve the Internal Audit Budget and Resource plan.
• Receive communications from Internal Audit on internal audits performance relative to its plan and other matters.
• Address all other matters included in the Audit Committee Terms of Reference as deemed appropriate.

Internal Audit will maintain independence and objectivity in all activity, including matters of audit selection, scope, procedures, frequency, timing or report content to permit maintenance of a necessary independent attitude.

Internal Audit have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair the Internal Auditor’s judgement.

Internal Audit will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal Audit will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgements.

The scope of audit activities will be determined using appropriate risk assessment tools to ensure adequate coverage of risks and exposures, and will consider the special needs of management. Specifically, Internal Audit’s scope of activities is to ascertain that the processes for controlling operations, as they have been designed and represented by management, are adequate and functioning. 

Internal Audit has responsibility to:

• Develop and maintain a strategic Audit Plan using a risk based approach to appraise the effectiveness of the University’s system of internal control including financial, operational, compliance and risk management and submit that plan to the Audit Committee for approval.

• Develop Annual Audit Plans based on signification exposures identified in the Strategic Audit Plan and submit such annual plans to the Audit Committee for approval.

• Produce an annual report for the Audit Committee giving an opinion on the adequacy and effectiveness of the University’s internal control system.

• Consider the scope of work and liaise with external auditors and the Office of the Comptroller and Auditor General for the purpose of providing optimal audit coverage.

• Implement the audit plans as approved, including any value for money auditing and special projects assigned by the Audit Committee or requested by senior management.

• Disseminate Best Practice Guidelines.

• Report significant issues relating to the processes for controlling the activities of the University arising from the internal audit work undertaken.

• Issue reports to the Audit Committee addressing the results of audits conducted summarising observations and recommendations made.

• As part of the audit actions follow-up process, Internal Audit will monitor and report to management and the Audit Committee on progress towards the implementation of agreed audit recommendations.

• Evaluate and assess controls coincident with the introduction of major changes to systems.

• Provide technical assistance to management to assist in the investigation of suspected fraudulent activity within the University.

• Participate in periodic External Quality Assessments (3 – 5 yearly).

• Ensure Internal Audit Staff have appropriate skills, training and complete CPD requirements.

Other Responsibilities include:

The Head of Internal Audit is the Administrator to the Audit Committee, which involves:

• Scheduling meetings;

• Proposing agendas;

• Distributing papers;

• Drafting the Audit Committees Annual Work Plan; and

• Drafting the Audit Committee’s Annual Report to the GA. 

At least annually, Internal Audit will submit to the Audit Committee an Internal Audit Plan for review and approval. The Internal Audit Plan will consist of a work schedule as well as budget and resource requirements for the next calendar year accompanied by an outline plan to complete the programme of work.

The Internal Audit Plan will be developed based on a prioritisation of the audit universe using a risk-based methodology, including input of senior management and the Governing Authority. Internal Audit will review and adjust the plan, as necessary, in response to changes in the University’s business, risks, operations, programs, systems, and controls. Any significant deviation from the approved Internal Audit plan will be communicated to Senior Management and the Audit Committee through periodic reports.

A written report will be prepared and issued by Internal Audit following the conclusion of each Internal Audit engagement and will be distributed as appropriate. Internal audit results will also be communicated to the Audit Committee and the Senior Management team.

The Internal Audit report may include management’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. Management's response, whether included within the original audit report or provided thereafter by management of the audited area should include a timetable for anticipated completion of action to be taken and an explanation for any corrective action that will not be implemented.

Internal Audit will periodically report to Senior Management and the Audit Committee on Internal Audits purpose, authority, and responsibility, as well as performance relative to its Internal Audit Plan. Reporting will also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by Senior Management and the Governing Authority. The Governing Authority Risk Committee (GARC) invites the Head of Internal Audit to attend as an observer. Both the Audit Committee and GARC meet with the Head of Internal Audit once a year without management being present. The Head of Internal Audit also attends the DCU Educational Support Services Audit Committee, which are held twice a year.

Internal Audit will maintain a quality assurance and improvement programme that covers all aspects of the internal audit activity. The programme will include an evaluation of Internal Audits conformance with the IIA Standards and an evaluation of the IIA’s Code of Ethics. The programme will also assess the efficiency and effectiveness of the internal audit activity and identify opportunities for improvement.     

The Head of Internal Audit will communicate to Senior Management and the Audit Committee on Internal Audits quality assurance and improvement programme, including results of internal and external assessments. 

Internal Audit will govern itself by adherence to the mandatory elements of The Institute of Internal Auditor’s International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing and the Definition of Internal Auditing.  The Head of Internal Audit will report periodically to Senior Management and the Audit Committee regarding Internal Audits conformance to the Code of Ethics and Standards. Internal Audit will be fully committed to conducting its business within the framework of these applicable professional standards, laws, regulations and internal policies.