Audit Charter

 

The Division of Audit (DoA, or The Division) provides independent, objective assurance and consulting services designed to add value and improve the University’s operations.  It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The Division serves as a proactive business partner with University management by evaluating business processes, controls, compliance mechanisms and technologies to ensure:

  • Business risks are appropriately identified and managed;
  • Assets and resources are properly controlled;
  • Operational, financial, and managerial information is accurate and reliable;
  • University actions are in compliance with policies, procedures, standards, and state and federal laws and regulations;
  • Effective coordination and cooperation is provided to external auditors to avoid duplication of effort;
  • Allegations of fraud, waste, and abuse, and complaints received from the Chief IG and Board of Governors are appropriately investigated; and
  • Quality and continuous improvement are fostered in the University’s control process.

 

View the Board of Trustees Audit and Compliance Committee Charter

 

FAMU DoA Audit Charter

Approved December 02, 2021

Internal auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of the University.  It assists the University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the University’s governance, risk management, and internal control processes.

To accomplish its mission, the University must maintain the confidence of its Board of Trustees (BOT), faculty, staff, students, alumni, the public, elected officials, and various other stakeholders. The Division provides valuable support in maintaining the public’s confidence by performing independent and objective reviews, risk management activities, and reporting to the Audit and Compliance Committee and responsible administrative and academic officers so that corrective actions, risk response plans, and enhancements can be initiated. The Division’s objective is to assist the BOT, President, and University management in the effective discharge of their responsibilities.

The Division of Audit (Division, or DoA) provides insight on the mitigation of business risk to assist the BOT and University management in the effective discharge of their responsibilities as they relate to the University policies, processes, programs, information systems, internal controls, and management reporting.  The Division of Audit is a point of coordination of and responsibility for activities that promote accountability, integrity, and efficiency in university operations.

 

The DoA's mission is to enhance and protect the value of FAMU and its stakeholders by providing excellence in risk-based and objective assurance, advice, and insight through the promotion of accountability, integrity, and efficiency.

Audit and consulting activities will conform to the International Professional Practices Framework published by the Institute of Internal Auditors, Inc. and/or the Information Systems Auditing Standards published by ISACA. The DoA shall uphold the principles of integrity, objectivity, confidentiality, and competency as defined in the Institute of lnternal Auditors' Code of Ethics. The DoA is to utilize the Committee of Sponsoring Organizations (COSO) as the model for evaluating the adequacy of internal controls. Additionally, the Division will adhere to the University's regulations, the Division's standard operating procedures manual, and Florida Board of Governors regulations and standards.

Investigation activities will conform to standards found in the Principles and Standards for Offices of Inspector General published by the Association of Inspectors General, and professional standards issued for the State University System of Florida entitled Standards for Complaint Handling and Investigations for the State University System of Florida.

The Division provides audit, investigative, and risk management services to all entities of Florida A&M University, including schools, colleges, administrative departments, auxiliary enterprises, and direct support organizations.  Accordingly, the Division is authorized to:

  • Have timely, unlimited, and unrestricted access to all data, books, records, files, property, information systems, and personnel of Florida A&M University as necessary to carry out the Division’s duties and responsibilities;
  • Allocate resources, establish schedules, select subjects, determine scopes of work, and apply the techniques required to accomplish objectives;
  • Obtain the essential assistance and cooperation of personnel in areas of the University where audits and investigations are performed, as well as other specialized services from within or outside the University;
  • Facilitate the university’s Enterprise Risk Management (ERM) by creating and maintaining the framework which ensures that risks are appropriately identified, assessed, managed, and considered in institutional decision making; and
  • Have free and unrestricted access to the BOT.

The Vice President of the Division of Audit serves as the University's Chief Audit Executive, as described in the International Standards for the Professional Practice of Internal Auditing, and as Inspector General as authorized in Section 112.3189(1), Florida Statutes. The Associate Vice President for Audit serves as the University's Chief Risk Officer. The Chief Audit Executive and/or the Chief Risk Officer shall notify the chair of the BOT's audit committee or the President, as appropriate, of any unresolved restriction or barrier imposed by any individual on the scope of an inquiry, or the failure to provide access to necessary information or people for the purposes of such inquiry. The Chief Audit Executive and/or Chief Risk Officer shall work with the BOT and university management to remedy scope or access limitations. If the university is not able to remedy such limitations, the Chief Audit Executive shall timely notify the Board of Governors, through the Office of Inspector General and Director of Compliance (OIGC), of any such restriction, barrier, or limitation.

The Chief Audit Executive and Chief Risk Officer reports functionally to the Chair of the BOT and to the Chair of the BOT's Audit and Compliance Committee, and therefore communicates and interacts directly with the BOT, including at BOT meetings and between BOT meetings as appropriate. The Chief Audit Executive reports administratively to the President of the University. The Chief Risk Officer reports administratively to the Vice President of Audit but shall have free and unrestricted access to the President of the University.

The BOT will:

  • Approve the charter of the Division of Audit;
  • Approve the risk-based internal audit plan;
  • Receive communications from the Chief Audit Executive on the internal audit activity's performance relative to its plan and other matters;
  • Approve all decisions regarding the performance evaluation, appointment, removal, and annual compensation and salary adjustment of the Chief Audit Executive;
  • Approve ERM annual reports, institutional risk portfolio, risk appetite guidance, and reports on the status of risk response efforts; and
  • Make appropriate inquiries of management and the Chief Audit Executive to determine whether there is inappropriate scope or resource limitations.

The Chief Audit Executive shall report directly to the Chair of the BOT and Chair of the BOT's Audit and Compliance Committee any allegations about the University President. Any allegations related to the Chief Audit Executive shall be reported to the University President and Chair of the BOT's Audit and Compliance Committee. Any allegations against BOT members shall be reported to the Board of Governors. These allegations are not to be handled internally and are not to be investigated by the Division. 

The Division will remain free from interference by any element in the University, including matters of audit and investigation selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.

Division staff must have no personal and external impairments to their independence, and have no direct responsibility or authority over any of the activities audited.  Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment.

Division staff will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.  Division staff will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.

The Chief Audit Executive will confirm to the BOT, at least annually, the organizational independence of the internal audit activity.

Responsibility 

The scope of internal audit encompasses, but is not limited to, providing assurance to management by examining and evaluating of the adequacy and effectiveness of the university’s governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the University’s stated goals and objectives.

Chief Audit Executive

 The Chief Audit Executive is responsible for fulfillment of the following activities:

  • Provide direction for, supervise, and coordinate audits, investigations, and risk management activities which promote economy, efficiency, and effectiveness in the administration of university programs and operations including, but not limited to, auxiliary facilities and services, direct suppo1t organizations, and other component units;
  • Conduct, supervise, or coordinate activities for the purpose of preventing and detecting fraud and abuse within university programs and operations including, but not limited to, auxiliary facilities and services, direct support organizations, and other component units;
  • Maintaining a professional audit staff with sufficient knowledge, skills, abilities, experience, and professional certifications;
  • Perform consulting and advisory services related to governance, risk management and control as appropriate for the University. Such services include management requests, and participation in institutional committees;
  • Review statutory whistle-blower information and coordinate all activities of the university as required by the Florida Whistle-blower's Act;
  • Address significant and credible allegations relating to waste, fraud, or financial mismanagement as provided in Board of Governors Regulation 4.001;
  • Keep the President and BOT informed concerning significant and credible allegations and known occurrences of waste, fraud, mismanagement, abuses, and deficiencies relating to university progran1s and operations; recommend corrective actions; and report on the progress made in implementing corrective actions;
  • Promote, in collaboration with other appropriate university officials, effective coordination between the university and the Florida Auditor General, federal auditors, accrediting bodies, and other governmental or oversight Consider the scope of their work for the purpose of providing optimal audit coverage to the University at a reasonable overall cost;
  • Review and make recommendations, as appropriate, concerning policies and regulations related to the university's programs and operations including, but not limited to, auxiliary facilities and services, direct support organizations, and other component units;
  • Evaluate the systems established to ensure compliance with policies, plans, procedures, laws and regulations which could have a significant impact on the University;
  • Evaluate the reliability and integrity of information and the means used to identify, measure, classify, and report such information;
  • Evaluate risk exposures relating to achievement of the university's strategic objectives;
  • Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets;
  • Communicate to the president and the board of trustees, at least annually, the office's plans and resource requirements, including significant changes, and the impact of resource limitations;
  • Provide training and outreach, to the extent practicable, designed to promote accountability and address topics such as fraud awareness, risk management, controls, and other related subject matter;
  • Coordinate or request audit, financial- and fraud-related compliance, controls, and investigative information or assistance as may be necessary from any university, federal, state, or local government entity;
  • Develop and maintain a quality assurance and improvement program for the office of Chief Audit Executive. This program must include an external assessment conducted at least once every five (5) The external assessment report and any related improvement plans shall be presented to the BOT, with a copy provided to the Board of Governors;
  • Establish policies that articulate the steps for reporting and escalating matters of alleged misconduct, including criminal conduct, when there are reasonable grounds to believe such conduct has occurred;
  • Inform the BOT when contracting for specific instances of audit or investigative assistance; and
  • Report routinely to the BOT on matters including significant risk exposures, control issues, fraud risks, governance issues, and other matters requested by the President and the BOT.

Chief Risk Officer

 The Chief Risk Officer is responsible for fulfillment of the following activities:

  • Primary responsibility for facilitating the design and implementation of Enterprise Risk Management consistent with COSO's Enterprise Risk Management: Integrated with Strategy and Performance in collaboration with university leadership;
  • Responsible and accountable for overseeing the development, implementation, and fostering of a collaborative, can1pus-wide approach to ERM at the University;
  • Promote the consistent use of risk management and ownership of risk at all levels of the institution;
  • Build a risk-aware culture, including appropriate education and training;
  • Lead the institution's processes for identifying, analyzing, evaluating, responding to and controlling, monitoring, and reporting on key risks;
  • Submit risk information for review on a regular basis to the Board of Trustees Audit and Compliance Committee and the full Board;
  • Charge, appoint, and oversee the work of an ERM Advisory Committee (ERMAC);
  • Submit high-level recommendations to the President for keeping identified risks within tolerance levels; and
  • Annually submit a Risk Appetite Statement to the BOT for review.

View the signed Audit Charter

 

Vision

We will be championed by our customers, benchmarked by our peers (counterparts), and dedicated to excellence in our products and services.

 

Mission

The Division's mission is to enhance and protect the value of FAMU and its stakeholders by providing excellence in risk-based and objective assurance, advice, and insight through the promotion of accountability, integrity, and efficiency.

 

Values, Principles, and Priorities

Accountability - Accountability is an obligation or willingness to accept responsibility or to account for one's actions

Inclusion - Inclusion is the act of including; the state of being included; the act or practice of including and accommodating people who have historically been excluded (as because of their race, gender, sexuality, or ability)

Innovation - Innovation is a new idea, method, or device.

Integrity - Firm adherence to a code of especially moral or artistic values; incorruptibility; an unimpaired condition : soundness; the quality or state of being complete or undivided; completeness

Responsibility equals accountability equals ownership.  And a sense of ownership is the most powerful weapon a team or organization can have.  – Pat Summitt

Diversity is having a seat at the table, Inclusion is having a voice, and Belonging is having a voice be heard.  – Liz Fosslien

Innovation is the ability to see change as an opportunity – not a threat. – Steve Jobs

If you have integrity, nothing else matters.  If you don’t have integrity, nothing else matters.  – Alan Simpson

 

Efficiency - the quality or degree of being efficient; capable of producing desired results with little or no waste (as of time or materials)

Objectivity - the quality or character of being objective; lack of favoritism toward one side or another; freedom from bias

Confidentiality - the state of keeping or being kept secret or private

Competency - possession of sufficient knowledge or skill

Efficiency is the foundation for survival.  Effectiveness is the foundation for success.  – John C. Maxwell

Dispassionate objectivity is itself a passion, for the real and for the truth.  – Abraham Maslow

Privacy [confidentiality] is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.  – Bruce Schneier

Competence goes beyond words.  It’s the leader’s ability to say it, plan it, and do it in such a way that others know that you know how – and know that they want to follow you.  – John C. Maxwell