The authority and responsibilities of the Oregon State University Office of Audit Services (OAS) are defined in this charter, which is approved by the president and the Executive & Audit Committee of the OSU Board of Trustees.
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of the risk management, control, and governance processes.
The OAS shall uphold the principles of integrity, objectivity, confidentiality, and competency as defined in the Institute of Internal Auditors’ Code of Ethics and shall adhere to the International Standards for the Professional Practice of Internal Auditing (Standards). The OAS is to utilize the Committee of Sponsoring Organizations (COSO) as the model for evaluating the adequacy of internal controls within Oregon State University.
The chief audit executive of the OAS reports administratively to the president and functionally to the Executive & Audit Committee of the OSU Board of Trustees.
Authorization is granted for full and complete access to any of the organization’s records (either manual or electronic), physical properties, and personnel relevant to an audit engagement. Documents and information given to internal auditors during a periodic review will be handled in a confidential and prudent manner, as required by the Institute of Internal Auditors’ Code of Ethics.
University management is responsible for the risk management and internal control structure over the areas audited. Internal auditors have no direct responsibility or any authority over any of the activities or operations that they review. They should not develop and install procedures, prepare records, or engage in activities which would normally be reviewed by the OAS.
The OAS is responsible for developing and implementing an annual internal audit plan that outlines the engagements to be performed using an appropriate risk-based methodology. The annual plan is to include the consideration of any risks or control concerns identified by management, and is reviewed and approved by the president and the Executive & Audit Committee.
The OAS performs five types of engagements:
A written report will be prepared and issued by the chief audit executive following the conclusion of each engagement and will be distributed appropriately. University management shall respond in a timely manner. This response will indicate what actions were taken or are planned, and an anticipated completion date in regard to the specific recommendations. Copies of final reports will be distributed to the president as well as appropriate university personnel.
The chief audit executive will provide quarterly progress reports to the Executive & Audit Committee at each regular meeting, summarizing the results of engagement activities and reports. In addition, the chief audit executive will keep the president, campus executives, and the Executive & Audit Committee apprised of high-risk engagement issues.
Approved by the Executive & Audit Committee, OSU Board of Trustees, January 19, 2017