Internal Audit Charter

Applies to: All Departments and Units of the University
  1. Purpose

    The purpose of Audit Services is to assist the Board of Regents, President and University Leadership in the discharge of their oversight, management, and operating responsibilities by providing objective assurance, advisory, and investigatory services to the University community. Audit Services adds value by evaluating the adequacy and effectiveness of internal controls and policies, identifying areas of potential risks, engaging in special investigations and providing informed advice.

  2. Authority

    Audit Services was established to fulfill the charge of the Board of Regents’ Bylaw 3.01(2). Under the direction of the Finance, Audit and Investment Committee of the Board of Regents and University President, Audit Services is authorized to:

    1. Have full, free, and unrestricted access to all functions, records, property, and personnel pertinent to fulfilling its duties, subject to accountability for confidentiality, and safeguarding of records and information.
    2. Allocate resources, set frequencies, select subjects, determine scopes of work, apply techniques required to accomplish audit objectives, hire external subject matter experts (as necessary), and issue reports  

    University units must make available, in a timely manner, all appropriate information related to internal audits as requested. In performing its responsibilities, University Audits has no direct responsibility for or authority over any of the operations it reviews.

  3. Scope

    The scope of Audit Services activities encompasses:

    1. Assurance Services - Objective examinations of evidence for the purpose of providing management with objective assessments. This includes assessing and reporting on the adequacy and effectiveness of the internal controls and the quality of performance in carrying out assigned responsibilities. The scope includes reviewing and evaluating:

      1. Internal controls established to comply with applicable policies, plans, procedures, laws, regulations, and contracts;
      2. The means by which assets are effectively safeguarded;
      3. The reliability and integrity of financial and operating information;
      4. Information Technology systems to determine if they are adequately managed, controlled, and safeguarded.  

      Assurance services are guided by a comprehensive annual risk assessment, which included input from university leadership, and is reviewed and approved by the Finance, Audit and Investment Committee of the Board of Regents. Follow up reviews are conducted to assess the adequacy and sustainability of corrective actions taken by management to address audit observations.

    2. Advisory Services - Advisory services and related client service activities, the nature and scope of which are agreed upon with the client, are intended to add value and improve governance, risk management, and control processes without the internal auditor assuming management responsibility.
    3. Special Investigations - Evaluations of allegations of unethical business practices and/or financial and operational misconduct to determine  the factual merit of allegations and to prevent future occurrences.  Such work will be coordinated  with the Office of the General Counsel and Department of Public Safety and Security as appropriate.  
  4. Professional Standards

    Audit Services will govern itself by adherence to The Institute of Internal Auditors’ mandatory guidance, as practical, which includes the Core Principles for the Professional Practice of Internal Auditing, Code of Ethics, Definition of Internal Auditing, and the International Standards for the Professional Practice of Internal Auditing.

    Audit Services will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of Audit Service’s conformance with the IIA Standards and an evaluation of whether the internal auditors apply The IIA’s Code of Ethics. The program will also assess the efficiency and effectiveness of Audit Services and identify opportunities for improvement. In accordance with the IIA Standards, a qualified, independent assessor or assessment team from outside the university will conduct an external quality assurance review at least once every five years. The results of the assessment will be timely shared with appropriate university leadership and the Board of Regents.

    For additional information about Audit Services, please visit http://audits.umich.edu.

SPG Number
Date Issued
Last Updated
Next Review Date
Applies To
All Departments and Units of the University
Finance, Audit and Investment Committee of the Board of Regents
Primary Contact
Audit Services