Audit Charter

Audit Charter – Introduction

Audit & Advisory Services’ primary role is to serve Northeastern University’s Board of Trustees and management in the identification, evaluation, and mitigation of risk. To serve this role, Audit & Advisory Services assists management in identifying risks and controls in financial, operational, and information technology areas; develop internal audit plans and conducts control testing in specific areas of risk; and identifies process improvement opportunities. Audit & Advisory Services is an independent, objective assurance and consulting activity designed to add value and improve the University’s operations. Audit & Advisory Services helps the University to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal controls, and governance processes....

Audit & Advisory Services supports the University’s strategic objectives by ensuring that resources are used effectively and efficiently and comply with established policies and procedures. The extent of Audit & Advisory Services efforts is to examine, evaluate, and recommend improvements to the internal control system established throughout the University. Internal controls encompass the policies, procedures, people, activities, and information systems through which colleges, schools, centers and departments ensure:

  • accuracy, authorization, completeness, and timeliness of information;
  • security and privacy of data;
  • the integrity of data;
  • safeguarding of assets;
  • compliance with federal and state laws and regulations; and
  • adherence to University policies and procedures.

To promote an ethical culture in the profession of internal auditing, Northeastern University’s Audit & Advisory Services department follows the Institute of Internal Audit’s Code of Ethics. The Code of Ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about risk management, control, and governance. By upholding high ethical standards and promoting good business conduct, Audit & Advisory Services is a valuable resource to management by ensuring that financial, operational, and system controls are adequate and effective.

Scope of Work
To assess the University’s control environment, Audit & Advisory Services performs:

financial reviews to provide an assessment of internal controls over financial reporting including controls over revenue and expenditure processes;

compliance reviews to ensure University departments and operations adhere to applicable regulations, and to determine that University policies exist to support compliance with regulations;

operational reviews to provide an assessment of processes, systems, operations and strategies to ensure adherence to internal controls, and to determine that adequate policies and procedures exist to support operations; and

information technology reviews to provide an assessment of the University’s information technology organization including controls over program development, change control, applications, system security, databases, logical security, and physical security as they relate to the University’s business activities.

                                                                               

Accountability
The Vice President of Audit & Advisory Services shall be accountable to management and the Audit Committee to:

    • Provide a continuous assessment of the adequacy and effectiveness of processes for controlling activities and managing risks in the areas set forth in the charter and scope of work.
    • Report issues related to internal control weaknesses identified in organizational processes, including potential improvements to those processes, and provide information concerning such issues through resolution.
    • Provide information periodically on the status and results of the annual audit plan and the sufficiency of department resources.

Independence
The scope of audit coverage is enterprise-wide and no function, activity, or unit of the University is exempt from audit and review. To provide for the independence of Audit & Advisory Services, the department has a dual reporting relationship. The Vice President of Audit & Advisory Services reports administratively to a member of the Senior Leadership Team and reports to the Chair of the Audit Committee.

Authority
The Audit & Advisory Services department is authorized to:

    • Have unrestricted access to all activities, documents, records, systems, facilities, and personnel as necessary to fulfill its objectives. Information will be maintained with appropriate confidentiality.
    • Have full and free access to the audit committee.
    • Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
    • Obtain the necessary assistance of personnel in units of the organization where they perform audits, as well as other specialized services from within or outside the organization.

Consulting
From time to time, Audit & Advisory Services is asked to participate in management committees or project teams. Audit & Advisory Services is not a management decision-making function. Decisions to adopt or implement recommendations made as a result of an internal audit or an advisory service should be made by management. Therefore, Audit & Advisory Services objectivity should not be impaired by the decisions made by management.

Audit & Advisory Services may also be requested to facilitate consulting engagements as requested by the board or management. Consulting engagements may produce a formal report for management. The formal report may include analytical details, and recommendations to management and/or the board. Management is not required to implement Audit & Advisory Services’ recommendations. If control risks are identified during a consulting engagement, Audit & Advisory Services is responsible to report the issues to management and the board.