Internal Audit Charter

The Internal Audit evaluates whether District processes, designed and represented by management, are adequate and functioning in a manner to help ensure:

• Risks are appropriately identified and managed.
• Significant financial, managerial and operating information is accurate, reliable and timely.
• Employee’s actions are in compliance with policies, standards procedures and applicable laws and regulations.
• Resources are acquired and used in a reasonably economical and efficient manner, and are adequately safeguarded.
• Quality and continuous improvement are supported in the District’s control process.

The Internal Audit will govern itself by adherence to The Institute of Internal Auditors’ mandatory guidance including the definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing. This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the Internal Audit’s performance.

The Institute of Internal Auditors, Practice Advisories, Practice Guides, and Position Papers will also be adhered to as applicable to guide operations. In addition, the Internal Audit will adhere to District relevant policies and procedures as well as the Internal Audit procedures manual.

The manager and personnel of the Internal Audit, with strict accountability for confidentiality and safeguarding records and information shall, except as otherwise directed by the Board of Education or the FAC:

• Have full and unrestricted access to any and all of the District’s manual or electronic records, physical properties, and personnel pertinent to carrying out any engagement.
• Have full and free access to the FAC and the CFO.
• All employees are requested to assist the Internal Audit in fulfilling its roles and responsibilities.

All Internal Audit activities shall remain free of influence by any element in the district, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of an independent and objective mental attitude necessary in rendering reports.

Internal auditors shall have no direct operational responsibility or authority over any of the activities they review. Accordingly, the manager and personnel of the Internal Audit team are not authorized to:

• Perform any operational duties for DPS.
• Initiate or approve accounting transactions external to the Internal Audit team.
• Direct the activities of any district employee not employed by the Internal Audit, except to the extent such employees have been appropriately assigned to auditing teams or otherwise to assist the internal auditors.
• Develop nor install systems or procedures.
• Prepare records.
• Engage in any other activity which would normally be audited.
• Internal auditors must exhibit the highest level of professional responsibility objectivity in gathering, evaluating and communicating information about the activity or process being examined. Internal auditors must make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interest or by others in forming judgments.

The Internal Audit manager will confirm at least annually in writing to the FAC and the CFO.

To further provide for its independence and objectivity, Internal Audit personnel report to the Internal Audit manager, who reports functionally to the FAC and the CFO.

The FAC will approve all decisions regarding the performance evaluation, appointment, or removal of the Internal Audit manager, as well as the Internal Audit manager’s annual compensation and salary adjustment. The Internal Audit manager will communicate and interact directly with the FAC and the CFO as appropriate.

The scope of Internal Audit encompasses the examination and evaluation of the adequacy and effectiveness of the organization’s governance, risk management process, system of internal control structure, and the quality of performance in carrying out assigned responsibilities to achieve the district’s stated goals and objectives. The Internal Audit manager and personnel, in the discharge of their duties, shall be accountable to the FAC and management to:

• Keep the FAC and management informed of the Internal Audit policies, procedures and practices for conducting audits investigations and consulting activities.
• Maintain a professional audit staff with sufficient knowledge, skills experience, and professional certifications to meet the requirements of this charter, and provide information on the sufficiency of resources.
• Develop a flexible audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management and submit that plan to the FAC and the CFO for review.
• Implement the annual audit plan, including as deemed appropriate by the Internal Audit manager, any special tasks or projects suggested by management and/or the FAC.
• Periodically provide information summarizing the status and results of the annual audit plan.
• Evaluate the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
• Review the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports and whether the organization is in compliance.
• Review the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
• Review and appraise the economy and efficiency with which resources are employed.
• Review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
• Monitor and evaluate the effectiveness of the organization’s risk management system.
• Review the quality of performance of external auditors and the degree of coordination with internal audit.
• Assisting in the investigation of significant suspected fraudulent activities within the district.

Annually, the Internal Audit manager shall submit to senior management and the FAC a summary of the audit work schedule, staffing plan, and budget for the following fiscal year. The audit work schedule is to be developed based on a prioritization of the audit universe using a risk-based methodology. Any significant deviation from the formally approved work schedule shall be communicated to senior management and the FAC through periodic activity reports.

The Internal Audit may issue one of a number of formal or informal communications to assist District Management in identifying and mitigating risks and improving operations. The various forms of communication are:

• Audit Reports
  At the conclusion of each audit the Internal Audit will issue a written report which provides its independent opinion or conclusions regarding the process, system or other subject matter reviewed. Each audit report issued will include but not limited to the following:
  • Background
  • Audit Objectives
  • Statistics
  • Scope and Methodology
  • Conclusion
  • Summary of Findings
  • Findings
    Each finding will be developed using the following elements:
    • Criteria: What should be – The laws, regulations, contracts, grants agreements, standards, measures, expectations of what should exist, defined business practices, and benchmarks against which performance is compared or evaluated.
    • Condition: What is – Condition is the situation that exists.
    • Cause: Reason for the condition – Why the deviation from the criteria occurred.
    • Effect:  Consequences – What happened or could happen because the condition differed from the criteria.
    • Recommendation: What is needed to correct the condition and improve operations.

To ensure that the audit results are fairly presented, the audit report will include the auditee’s response and corrective action taken or to be taken in regard to the specific findings and recommendations. The auditee’s response should include a timetable for anticipated completion of action to be taken or an explanation for any recommendations not addressed. A copy of the completed audit report including the auditee’s responses will be distributed to the FAC, CFO, and other appropriate District personnel. Audit reports with issues that do not represent significant risk exposures and control issues that could adversely affect the District and its ability to achieve its strategic, financial reporting, operational, and compliance objectives will be included in the information section of the FAC meeting agenda and any questions related to the audit will be addressed at the FAC meeting. Audit reports with issues that represent significant issues that may carry unacceptable exposure to internal and external risks, including conditions related to control weaknesses, fraud, irregularities, illegal acts, errors, inefficiency, waste, ineffectiveness, conflicts of interest, and financial viability will be presented to senior management and the members of the FAC. The Internal Audit is responsible for appropriate follow-up on audit findings and recommendations. All significant findings will remain in an open issues file until cleared by the Internal Audit manager. Generally, Internal Audit will conduct a follow-up audit within 12-18 months from the date of the original audit report and report the status of the implementation of the audit recommendations to the original recipients of the audit report. In addition, the internal Audit manager will periodically report the status of the open issues file to the FAC and the CFO.

• Special Investigation Reports are issued at the conclusion of an investigation of misappropriation of District assets and generally distributed only to Safety and Security, Legal Department and Human Resources depending on which department requested the investigation.
• Informal Communications include emails, memorandum or verbal reports to communicate relatively low risks as well as advisory work.

The Internal Audit manager should periodically assess whether the purpose, authority, and responsibility, as defined in this charter, continue to be adequate to enable Internal Audit to accomplish its objectives. The result of this periodic assessment should be communicated to the FAC and the CFO.