LIBERTY UNIVERSITY
INTERNAL AUDIT DEPARTMENT CHARTER
INTRODUCTION:
The Internal Audit Department Charter defines the purpose, authority, and responsibility of the Internal Audit
Department (Internal Audit) at Liberty University (University) and management’s commitment to the professional
practice of internal auditing. It grants Internal Audit the authority to carry out its mission as directed by the Audit
Committee of the Board of Trustees (Committee).
MISSION:
Internal Audit is an independent and objective assurance and consulting activity guided by a philosophy of adding
value and improving the University’s operations. Internal Audit assists the University in accomplishing its strategic
objectives by bringing a systematic and disciplined approach to examining and evaluating the adequacy and
effectiveness of its governance, risk management, and internal control processes.
AUTHORITY:
Internal Audit has full authority to perform examinations, audits, and investigations of all operations, activities,
affairs, and financial records of the University. Internal Audit, with strict accountability for confidentiality and
safeguarding of records and information, is authorized complete and unrestricted access to all University records,
reports, activities, physical properties, and personnel pertinent to carrying out any engagement. Internal Audit
will also have complete and unrestricted access to the Committee.
PROFESSIONALISM:
Internal Audit is governed by the Institute of Internal Auditors’ Definition of Internal Auditing, Code of Ethics, and
International Standards for the Professional Practice of Internal Auditing (Standards). This mandatory guidance
constitutes principles of the fundamental requirements for the professional practice of internal auditing and for
evaluating the effectiveness of Internal Audit’s performance. In addition, Internal Audit will adhere to its standard
operating procedures manual, the University’s policies and procedures, and applicable laws and regulations.
Internal Audit personnel will maintain sufficient knowledge, skills, experience, and other competencies necessary
to perform its responsibilities through continuing education activities.
ORGANIZATION:
The University’s Manager of Internal Audit (Manager) serves as the “Chief Audit Executive” as defined by the
Standards. The Manager reports functionally to the Committee and administratively to the Chief Financial Officer.
This reporting relationship ensures Internal Audit is independent and free of influence from any element in the
University.
The Committee will:
• Approve the Internal Audit charter and risk-based annual audit plan.
• Approve the Internal Audit budget and resource plan.
• Receive reports on Internal Audit’s performance relative to the audit plan as well as any other activities
and matters.
• Make inquiries of management and Internal Audit to determine whether there are inappropriate scope or
resource limitations.
LIBERTY UNIVERSITY
INTERNAL AUDIT DEPARTMENT CHARTER
The Manager will communicate and interact directly with the Committee including executive sessions and
between Committee meetings as appropriate.
INDEPENDENCE AND OBJECTIVITY:
Internal Audit will remain free from interference by any element in the University regarding matters of audit
selection, scope, procedures, frequency, timing, or report content to maintain the independence and objectivity
required in both fact and appearance. The Manager will confirm to the Committee, at least annually, the
organizational independence of Internal Audit.
Internal Audit will have no direct operational responsibility or authority over any of the activities audited.
Accordingly, Internal Audit will not implement internal controls, develop procedures, install systems, prepare
records, or engage in any other activity that may impair judgment.
Internal Audit will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating
information about the activity or process being examined. Internal auditors will make a balanced assessment of
all the relevant circumstances and not be unduly influenced by their own interests or by others in forming
judgments.
RESPONSIBILITY:
The scope of Internal Audit encompasses but is not limited to:
• Evaluating the risk exposure related to achievement of the University’s strategic goals and objectives.
• Evaluating the reliability and integrity of financial and operating information and the means used to
identify, measure, classify, and report such information.
• Evaluating new and established systems and modifications to ensure adequate internal controls and
compliance with University policies and procedures, laws, and regulations.
• Evaluating the means of safeguarding assets and verifying the existence of such assets.
• Evaluating the effectiveness and efficiency with which resources are employed.
• Evaluating the efficiency and quality of University operations including identifying opportunities to
improve operating performance.
• Monitoring and evaluating governance processes and the effectiveness of the University’s risk
management processes.
• Evaluating the performance of external auditors and the degree of coordination with Internal Audit.
• Performing consulting and advisory services related to governance, risk management, and controls as
appropriate for the University.
• Reporting periodically on Internal Audit’s purpose, authority, responsibility, and performance relative to
its plan.
• Reporting significant risk exposures and control issues including fraud risks, governance issues, and other
matters needed or requested by the Committee.
• Evaluating specific operations at the request of the Committee, Board, or management.
LIBERTY UNIVERSITY
INTERNAL AUDIT DEPARTMENT CHARTER
INTERNAL AUDIT PLAN:
Annually, the Manager will submit an internal audit plan to the Committee for review and approval. The plan will
consist of a work schedule as well as budget and resource requirements for the next fiscal year. The Manager will
communicate the impact of any resource limitations to the Committee.
The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based
methodology, including input of senior management and the Committee. The Manager will review and adjust the
plan in response to changes in the University’s business, risks, operations, programs, systems, and controls. Any
significant deviation from the approved internal audit plan will be communicated to the Committee through
periodic activity reports.
The Manager will communicate with the external auditors to foster a cooperative working relationship and reduce
duplication of effort while ensuring appropriate sharing of information and coordination of overall audit effort.
REPORTING AND MONITORING:
A written report will be prepared and issued by Internal Audit following the conclusion of each engagement and
will be distributed to senior management and the Committee. The report will include management’s responses
and corrective action plans regarding the specific findings and recommendations. Management’s responses will
include a timetable for anticipated completion of action plans and explanation for any corrective action not
implemented.
Internal Audit will be responsible for appropriate follow-up on engagement findings and recommendations. All
significant findings will be shared with the Committee and remain open until cleared.
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM:
Internal Audit will maintain a quality assurance and improvement program covering all aspects of Internal Audit.
The program will include an evaluation of Internal Audit’s conformance with the Definition of Internal Auditing
and the Standards, and an evaluation of whether the internal auditors apply the Code of Ethics. The program also
assesses the efficiency and effectiveness of Internal Audit and identifies opportunities for improvement.
The Manager will communicate to senior management and the Committee on Internal Audit’s quality assurance
and improvement program, including results of internal and external assessments.
Approved by the Audit Committee
November 6, 2014