Charter

1. Mission

The mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

The Internal Audit Department aims to enhance organizational effectiveness by providing independent, objective assurance and advisory services. Key goals include improving risk management processes, ensuring regulatory compliance, and promoting a culture of accountability across all departments. The Department is responsible for communicating to management those areas requiring control enhancements and provides improvement recommendations, as well as helping Touro improve the effectiveness of its risk management and governance processes.  Specifically, IAD performs the following tasks:

  1. Evaluate operations and internal controls to help ensure that:
    • Assets are safeguarded;
    • Policies, standards, and procedures are followed; and
    • Resources are obtained economically, used efficiently, and protected adequately.
  2. Partner with Touro’s stakeholders to help ensure controls are:
    • Properly implemented in connection with any new projects or initiatives;
    • Established, adopted, and followed by existing businesses, and currently operating effectively.
  3. Assess and make appropriate recommendations for improving governance processes.
  4. Identify and evaluate significant risks.
  5. Interact with various governance groups, committees, and regulators as needed.
  6. Evaluate the operating effectiveness of controls by determining whether controls are operating as intended and designed.

2. Independence

The Department must maintain its independence in order to be effective.  Independence permits the Department to carry out its work freely and objectively, and to render impartial and unbiased judgment, which is essential to achieving its goals. IAD has unrestricted access to the Audit Committee of the Board of Trustees of Touro and to the President of Touro. 

The Department reports to the Audit Committee and the President of Touro. IAD staff has no direct responsibility or authority over any operating activities of its clients/stakeholders, nor are IAD personnel permitted to relieve others of their duties and business functions. Specifically, the College’s Management and the Board of Directors are responsible for Touro’s operations.

The Chief Internal Auditor and all audit staff must attest to an annual conflict of interest statement disclosing of any known situation that may have the appearance of impairing his or her objectivity. Copies of all annual attestations are maintained by the Department.

3. Authority

In coordination with the President or his designee, the Chief Internal Auditor and other designated IAD staff are authorized to:

  • Ensure execution of the four-quarter audit plan according to the Department’s methodology.
  • Have unrestricted access to all functions, records, property, and personnel, with the exception of those materials that may be confidential or privileged as determined by the Office of the General Counsel.
  • Have full and free access to the President and the Audit Committee.
  • Allocate resources, set audit budgets and review frequencies, determine audit scope and coverage, devise test plans, and apply techniques required to accomplish IAD objectives.
  • Request the necessary assistance of personnel in the various departments in which the audit is being performed, as well as other specialized services from within or outside Touro (such as outside legal services, for example).

IAD is not authorized to:

  • Perform any operational, day-to-day business functions or duties of Touro auditees/stakeholders, or its affiliates.
  • Initiate or approve accounting transactions.
  • Direct the activities of auditees/stakeholders, with the limited exception of the execution of closure verification testing to validate remediation of identified audit issues.
  • Violate any privilege or confidence by divulging or disclosing any proprietary Touro information.

4. Objectivity

The chief audit executive will ensure that the internal audit function remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of engagement selection, scope, procedures, frequency, timing, and communication. If the chief audit executive determines that objectivity may be impaired in fact or appearance, the details of the impairment will be disclosed to appropriate parties.

Internal auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively such that they believe in their work product, do not compromise quality, and do not subordinate their judgment on audit matters to others, either in fact or appearance.

Internal auditors will have no direct operational responsibility or authority over any of the activities they review. Accordingly, internal auditors will not implement internal controls, develop procedures, install systems, or engage in other activities that may impair their judgment, including:

  • Assessing specific operations for which they had responsibility within the previous year.
  • Performing operational duties for [name of organization] or its affiliates.
  • Initiating or approving transactions external to the internal audit function.
  • Directing the activities of any [name of organization] employee that is not employed by the internal audit function, except to the extent that such employees have been appropriately assigned to internal audit teams or to assist internal auditors.

Internal auditors will:

  • Disclose impairments of independence or objectivity, in fact or appearance, to appropriate parties and at least annually, such as the chief audit executive, board, management, or others.
  • Exhibit professional objectivity in gathering, evaluating, and communicating information.
  • Make balanced assessments of all available and relevant facts and circumstances.
  • Take necessary precautions to avoid conflicts of interest, bias, and undue influence.

5. Responsibility

Internal Audit is an independent function of Touro that assists management by providing findings and recommendations on the operations and the controls established within Touro.  The Internal Auditor works for and in conjunction with management to accomplish the objectives of the organization.

The Department is responsible for reviewing activities within the organization and reporting its findings, conclusions, and recommendations to the audited parties, Senior Management, and the Audit Committee.  The Department also assists Touro in reaching its goals by determining whether internal and operational controls exist and are functioning properly.  The Department ensures, within reason, the orderly and efficient operation of the various entities.  Further, the Department helps ensure the safeguarding of assets, the reliability of accounting records, and the timely preparation of reliable financial information.

The Department is responsible for:

  • Developing a risk-based annual audit plan including any risks or control concerns identified by Touro management. The plan is submitted to the Audit Committee for review, approval, and periodic updates.
  • Conduct risk assessments for the Touro audit entity universe to help drive the development of a risk-based audit plan.
  • Implementing the annual audit plan as approved by the Audit Committee, including any special tasks or projects as deemed appropriate and requested by the President and/or the Audit Committee.
  • Executing audits from initiation to completion including executing and documenting detailed walkthroughs of key processes to identify internal controls, developing, executing and overseeing substantive testing of control and related procedures, and ultimately reporting identified issues. Involvement in scope determination, development of audit planning memorandums, developing testing plans, review of staff fieldwork, issue identification and discussions with clients and report writing.
  • Reporting significant risk-related issues pertaining to the processes for controlling the activities of Touro and its affiliates, suggesting potential improvements to those processes, and providing information concerning such issues throughout the resolution effort.
  • Maintaining on-going communication with management to follow-up on previously identified audit issues, as well as execution of closure verification testing to validate remediation of previously identified audit issues.
  • Reporting at least quarterly to the President and the Audit Committee to provide information on the status and results of audit activities.
  • Assisting in the investigation of significant suspected fraudulent activities[1] within
    Touro and notifying the President and the Audit Committee of the results.
  • Considering the scope of work of the external auditor and regulators, as
    appropriate, for the purpose of providing optimal audit coverage to Touro at a reasonable cost.
  • Seeking approval of the Touro’s internal audit charter from the Audit Committee on an annual basis.
  • Maintaining a professional audit staff with sufficient knowledge, skills, experience, and professional development to meet the requirements of the charter.

6. Standards of Audit Practice

The Internal Audit Department adheres to the Institute of Internal Auditors’ Global Internal Auditing Standards. In addition, the Department obtains guidance from the generally accepted authoritative auditing standards of other professional auditing organizations, such as:

  • Institute of Internal Auditors,
  • The Association of Certified Fraud Examiners; and
  • The Information Systems Audit and Control Association

7. Changes to the Mandate and Charter

Circumstances may justify a follow-up discussion between the chief audit executive, board, and senior management on the internal audit mandate or other aspects of the internal audit charter. Such circumstances may include but are not limited to:

  • A significant change in the Global Internal Audit Standards.
  • A significant acquisition or reorganization within the organization.
  • Significant changes in the chief audit executive, board, and/or senior management.
  • Significant changes to the organization’s strategies, objectives, risk profile, or the environment in which the organization operates.
  • New laws or regulations that may affect the nature and/or scope of internal audit services.

8. Response to Illegal or Discreditable Behavior

The Internal Audit function is committed to upholding the highest standards of integrity and compliance. Allegations or evidence of illegal, unethical, or discreditable behavior by internal auditors will be promptly investigated in accordance with established organizational policies and relevant professional standards (e.g., Global Internal Audit Standards). Confirmed violations may result in disciplinary action, up to and including termination, and will be reported to appropriate regulatory or legal authorities if warranted.

Similarly, when the Internal Audit function identifies potential legal or regulatory violations by individuals within the organization during the course of audit activities, such matters will be escalated to senior management, the Legal Department, or the Audit Committee as appropriate. All such investigations will be conducted with due diligence, confidentiality, and impartiality to ensure fair and lawful resolution.

 

[1] Touro’s management is responsible for establishing and maintaining internal controls, including controls to discourage perpetuation of fraud. The Department is responsible for examining and evaluating the adequacy and effectiveness of those controls. Audit procedures alone are not designed to guarantee the detection of fraud.