Approved by the Joint Audit & Compliance Committee on March 1, 2018.
Whereas it is a primary function of the University of Connecticut Board of Trustees and University of Connecticut Health Center Board of Directors (hereinafter referred to collectively as the “Board”) to promote effective control of the administration and operations of the University of Connecticut and University of Connecticut Health Center (hereinafter referred to collectively as the “University”), the Joint Audit and Compliance Committee (JACC) of the Board of Trustees mandates the establishment of the Office of Audit and Management Advisory Services (AMAS), which shall report functionally to the Chair of the JACC and administratively to the President.
The functions of AMAS are prerogatives of the Chief Audit Executive, which may not be infringed upon nor otherwise compromised. AMAS shall be organized at the discretion of the Chief Audit Executive (CAE) for optimum effectiveness.
AMAS will have uninhibited access to all functions, records, property, and personnel pertinent to carrying out any engagement, subject to accountability for confidentiality and safeguarding of records and information (except as may be restricted by law).
Purpose and Mission
The purpose of AMAS is to assist the Board, the President and Senior University Administration in the effective discharge of their responsibilities by providing independent, objective, assurance and consulting services designed to add value and improve the University’s operations.
The mission of AMAS is to enhance and protect organizational value by providing risk-based assessments, advice and insight. AMAS helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management and control processes.
Standards and Independence
AMAS will operate within the guidelines of the Institute of Internal Auditors’ (IIA) International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing and the Definition of Internal Auditing and other professional guidance as the CAE determines appropriate.
AMAS staff will be members of appropriate professional associations and will participate in continuing education to remain current with best practices and emerging trends in internal auditing.
AMAS staff will be independent in fact and appearance by upholding the principles of integrity, objectivity, confidentiality and competency. Staff will be independent of the activities or operations they review, they will not engage in any activity, which would impair their independence of judgment, and they shall be independent of any other influence or control of any kind. If the CAE determines that independence or objectivity may be impaired in fact or appearance, the details of the impairment will be disclosed to the appropriate parties.
Scope and Responsibility
In consultation with the JACC, the CAE shall plan, implement, report upon, supervise and be responsible for all internal audit activities, consulting services, and associated personnel within the framework of this Charter.
AMAS will fulfill its responsibility to the Board and the President by:
• Maintaining audit activity plans based on an on-going risk analysis which includes consideration of the University’s goals and objectives and the concerns of management and the Board
• Providing audit coverage that consistently meets the needs and expectations of management
• Incorporating the establishment of objectives and scope; assignment of appropriate and adequately supervised resources; and documentation of work programs and testing results in the planning and execution of each audit engagement culminating in the communication of engagement results with applicable conclusions and recommendations to appropriate parties.
• Following up on identified weaknesses, findings and recommendations from previous audit work
• Participating in a program of quality assurance designed to promote the increasing professionalism of AMAS personnel and the work performed
• Performing consulting services including advisory and related service activities, the nature and scope of which are agreed upon and which are intended to add value and improve the University’s governance, risk management, and control processes without assuming management responsibility, examples of which include counsel, advice, facilitation, training, and committee service
• Acting as a liaison with the State Auditors of Public Accounts and other external auditors
The scope of audit activities will include all controls, reports and operations of the University. AMAS may examine and evaluate the following:
• The reliability and integrity of financial and operating information and the means used to identify, measure, classify and report information
• The systems established to ensure compliance with policies, plans, procedures, laws and regulations that could have a significant impact on the University
• The means of safeguarding assets and verifying their existence
• The economy and the efficiency with which resources are employed
• The extent to which the risks related to the achievement of the University’s strategic objectives are appropriately identified and managed
• The extent to which the operations and programs of the University are consistent with its objectives and goals
• The extent to which information technology governance sustains and supports the University’s strategies and objectives
• The ethics objectives and activities of the University
• The potential for fraud and the management of fraud risk
The CAE will report periodically to senior management and the JACC regarding:
- AMAS’s purpose, authority, independence, scope and responsibility
- AMAS’s activity plan and performance relative to its plan
- AMAS’s conformance with IIA’s Code of Ethics and Standards and actions plans to address significant conformance issues
- Significant risk exposures and control issues, including fraud risks, governance issues and other matters requiring the attention of or requested by the JACC
- Results of audit engagements and other activities
- Status of management’s corrective actions on reported deficient conditions and the ineffective implementation of significant agreed upon corrective actions
- Resource requirements and the impact of resource limitations
- Any response to risk by management that may be unacceptable to the University