The mission of Institutional Audit & Advisory Services (IAAS) is to provide independent, objective assurance and advisory services designed to add value and improve the operations of Montana State University. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
For purposes of this Charter, Montana State University (University) means all campuses, entities, agencies and affiliated organizations that report directly or indirectly to the President of Montana State University (President).
110.00 INDEPENDENCE AND ACCOUNTABILITY
To ensure for the independence of IAAS, the Director of IAAS (Director), in the discharge of his/her duties, shall be directly accountable to the President. IAAS staff report to the Director.
To further ensure for the independence of IAAS, the Director will provide a summary of activities and confirm organizational independence to the Commissioner of Higher Education (Commissioner) at least annually.
120.10 The Director and staff of IAAS have responsibility to:
- Develop a flexible, risk-based annual plan of work, considering the input of management, and submit that plan and significant interim changes to the President for review and approval.
- Implement the approved annual plan, including special projects requested by the President.
- Evaluate risk management, control and governance of the University consistent with this Charter and with the approved annual plan. This may include evaluating significant new or changing services, processes and operations coincident with their development, implementation and/or expansion.
- Provide advisory services regarding risk management, control and governance of the University as agreed upon with management.
- Communicate significant issues related to risk management, control and governance of the University, including potential improvements, to appropriate levels of management and provide information concerning such issues through resolution.
- Investigate and assist in the investigation of significant suspected fraudulent activities within the University and notify the President of the results.
- Maintain a professional audit staff with sufficient knowledge, skills and other competencies to meet the requirements of this Charter.
- Consider the scope of work of other internal and external parties, as appropriate, to help ensure proper coverage and minimize duplication of efforts.
- Coordinate with other control and monitoring functions (e.g., risk management, compliance, security, legal, ethics, environmental health & safety and external audit).
- Periodically provide information to the President on IAAS activities and results relative to the annual plan, as well as to the sufficiency of IAAS resources.
- Communicate to the President and Commissioner on the quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every five years.
120.20 These responsibilities may be in relation to all University objectives and processes, which include, but are not limited to:
- Monitoring and evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the organization.
- Monitoring that significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.
- Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Evaluating the effectiveness and efficiency with which resources are employed.
- Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
- Monitoring and evaluating the effectiveness of the organization's risk management processes.
- Monitoring and evaluating governance processes.
- Evaluating operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
- Monitoring that quality and continuous improvement are fostered in University operations.
130.10 The Director and staff of IAAS are authorized to:
- Have unrestricted access to all functions, data, records, property, technology and personnel.
- Have full and free access to the President.
- Allocate resources, set frequencies, select subjects, determine scopes of work and apply the techniques required to fulfill its mission and responsibilities.
- Obtain the necessary assistance of personnel in units/functions of the University where they provide services and obtain other specialized services from within or outside the University.
130.20 The Director and staff of IAAS are not authorized to:
- Perform any operational duties for the University external to IAAS.
- Make management decisions external to IAAS. University management is responsible for the University's risk management, control and governance processes.
- Initiate or approve fiscal transactions, implement internal controls, develop procedures, install systems, prepare records or engage in any other activity external to IAAS that may impair auditor independence.
- Direct the activities of any University employee not employed by IAAS, except to the extent such employees have been appropriately assigned to assist IAAS.
140.00 STANDARDS OF AUDIT PRACTICE
IAAS will act in accordance with the principles of integrity, objectivity, confidentiality and competency as required by The Institute of Internal Auditors' Code of Ethics and will adhere to the International Standards for the Professional Practice of Internal Auditing.
150.00 DIRECTOR PERSONNEL MATTERS
Action to demote, dismiss or not renew the contract of the Director requires the concurrence of the President and the Commissioner.
Revision approved by Commissioner Clayton Christian and President Waded Cruzado on October 13, 2013.