Close Close

Internal Audit Charter

Approved by Audit and Legal Committee Oct. 16, 2025

Table of Contents

Mission

The purpose of the Office of Internal Audit (Internal Audit) is to strengthen Monmouth University’s (University) ability to create, protect, and sustain value by providing independent, risk-based, and objective assurance and advisory services. Conducted through a systematic and disciplined approach, the office evaluates and enhances the effectiveness of the institution’s risk management, controls and governance processes, supporting the University’s successful achievement of its objectives, reputation and credibility with its stakeholders.

Function

The Office of Internal Audit operates under a co-sourced model, combining the knowledge and presence of internal audit professionals with the specialized skills and resources of external service providers. This structure enables the audit activity to deliver comprehensive, flexible and high-quality assurance and advisory service to the University.

Responsibility and Authority

The Internal Audit function was established with the concurrence of the University’s Board of Trustees and derives its authority directly from the Audit and Legal Committee. The Internal Audit function is a division of the Office of the General Counsel and reports administratively to the Vice President and General Counsel and functionally to the Audit and Legal Committee. 

The Internal Audit staff along with the approved internal audit firm is authorized to conduct a comprehensive internal audit program and is responsible for keeping the Office of the General Counsel informed of unusual transactions or other matters of significance covered in an audit report. In accomplishing these activities, the Internal Audit staff is authorized to have free and unrestricted access to all University records (either manual or electronic), physical properties and personnel relevant to a review.

Independence and Objectivity

The Internal Audit function, including both internal staff and co-sourced external services, shall operate with independence and objectivity in accordance with The Institute of Internal Auditors’ (IIA) International Professional Practices Framework, which are the Global Internal Audit Standards and Topical Requirements.

The Internal Audit staff has no direct responsibility or any authority over the activities or operations that are subject to review, nor should Internal Audit develop and install procedures, prepare records, or engage in activities that would normally be subject to review. 

All Internal Audit staff must perform duties with honesty, diligence and impartiality and avoid any activity that may impair or appear to impair their unbiased judgment.

Confidentiality

All information obtained during an internal audit is deemed confidential unless otherwise instructed. It is understood that certain items are confidential in nature and special arrangements may be required when examining and reporting on such items. Internal Audit will handle all information obtained during a review in the same prudent manner as the custodian of such information. 

Audit reports are considered highly confidential. They are distributed to the respective area division head, the Vice President and General Counsel, the President of the University, and the Audit and Legal Committee. 

Standards

The Internal Audit staff, including both internal staff and co-sourced external services, shall carry out its duties and responsibilities in accordance with the IIA’s Global Internal Audit Standards and Code of Ethics.

Scope of Work

The Office of Internal Audit will submit a yearly risk-based audit plan to be approved by the Audit and Legal Committee.

All organizations and programs that are directly or indirectly managed by the University are subject to review by the Office of Internal Audit. Scope of work will encompass, but is not limited to, objective examinations of evidence to provide independent assurance and advisory services to the Audit and Legal Committee and management on the adequacy and effectiveness of governance, risk management, and control processes for the University. 

The nature and scope of advisory services may be agreed with the party requesting the service, provided the internal audit function does not assume management responsibility. Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during advisory engagements. These opportunities will be communicated to the appropriate level of management.

Internal audit engagements may include evaluating whether:

  • Risks relating to the achievement of the University’s strategic objectives are appropriately identified and managed.
  • The actions of the University’s officers, directors, management, employees, and contractors or other relevant parties comply with institutional policies and procedures, applicable laws, regulations, and governance standards.
  • The results of operations and programs are consistent with established goals and objectives.
  • Operations and programs are being carried out effectively and efficiently.
  • Established processes and systems enable compliance with the policies, procedures, laws, and regulations that could significantly impact the University.
  • The integrity of information and the means used to identify, measure, analyze, classify, and report such information is reliable.
  • Resources and assets are acquired economically, used efficiently and sustainably, and protected adequately.

Reporting and Monitoring

Internal Audit staff will maintain a structured process for reporting audit results and monitoring the implementation of corrective actions. The process is intended to support institutional accountability, continuous improvement and effective oversight of risks.

A written report of the Internal Audit will be prepared and issued to the area division head, the Vice President and General Counsel, the President of the University, and the Audit and Legal Committee. The Office of Internal Audit will be responsible for appropriate follow-up on engagement findings and recommendations. 

To establish, maintain, and ensure that the University’s internal audit function has sufficient authority to fulfill its duties, the Audit and Legal Committee will:

  • Discuss with the Director of Internal Audit and Enterprise Risk (Chief Audit Executive) and senior management the appropriate authority, role, responsibilities, scope, and services (assurance and/or advisory) of the internal audit function.
  • Ensure the Chief Audit Executive has unrestricted access to and communicates and interacts directly with the Audit and Legal Committee, including in private meetings without senior management present.
  • Discuss with the Chief Audit Executive and senior management other topics that should be included in the internal audit charter.
  • Participate in discussions with the Chief Audit Executive and senior management about the “essential conditions,” described in the Global Internal Audit Standards, which establish the foundation that enables an effective internal audit function.
  • Approve the internal audit function’s charter, which includes the internal audit mandate and the scope and types of internal audit services.
  • Review the internal audit charter with the Chief Audit Executive to consider changes affecting the organization, such as the employment of a new internal auditor or changes in the type, severity, and interdependencies of risks to the organization; and approve the internal audit charter annually.
  • Approve the risk-based internal audit plan.
  • Collaborate with senior management to determine the qualifications and competencies the organization expects in a Chief Audit Executive, as described in the Global Internal Audit Standards.
  • Authorize the appointment and removal of the Chief Audit Executive and the co-sourced internal audit provider.
  • Approve the remuneration of the Chief Audit Executive.
  • Review the Chief Audit Executive’s performance.
  • Receive communications from the Chief Audit Executive about the internal audit function including its performance relative to its plan.
  • Ensure a quality assurance and improvement program has been established and review the results annually.
  • Make appropriate inquiries of senior management and the Chief Audit Executive to determine whether scope or resource limitations are inappropriate.

Chief Audit Executive Roles and Responsibilities

The Chief Audit Executive will ensure that its internal auditors:

  • Conform with the Global Internal Audit Standards, including the principles of Ethics and Professionalism: integrity, objectivity, competency, due professional care, and confidentiality.
  • Understand, respect, meet, and contribute to the legitimate and ethical expectations of the organization and be able to recognize conduct that is contrary to those expectations.
  • Encourage and promote an ethics-based culture in the organization.
  • Report organizational behavior that is inconsistent with the organization’s ethical expectations, as described in applicable policies and procedures.

Internal Auditors will:

  • Disclose impairments of independence or objectivity, in fact or appearance, to appropriate parties and at least annually, such as the Chief Audit Executive, Audit and Legal Committee, management, or others.
  • Exhibit professional objectivity in gathering, evaluating, and communicating information.
  • Make balanced assessments of all available and relevant facts and circumstances.
  • Take necessary precautions to avoid conflicts of interest, bias, and undue influence.

The Chief Audit Executive has the responsibility to:

  • At least annually, develop a risk-based internal audit plan that considers the input of the Audit and Legal Committee and senior management. Discuss the plan with the Audit and Legal Committee and senior management and submit the plan to the Audit and Legal Committee for review and approval.
  • Review and adjust the internal audit plan, as necessary, in response to changes in the University’s business, risks, operations, programs, systems, and controls.
  • Communicate with the Audit and Legal Committee and senior management if there are significant interim changes to the internal audit plan.
  • Ensure internal audit engagements are performed, documented, and communicated in accordance with the Global Internal Audit Standards.
  • Follow up on engagement findings and confirm the implementation of recommendations or action plans and communicate the results of internal audit services to the Audit and Legal Committee and senior management for each engagement, as appropriate.
  • Ensure the internal audit function collectively possesses or obtains the knowledge, skills, and other competencies and qualifications needed to meet the requirements of the Global Internal Audit Standards and fulfill the internal audit mandate.
  • Identify and consider trends and emerging issues that could impact the University and communicate to the Audit and Legal Committee and senior management as appropriate.
  • Consider emerging trends and successful practices in internal auditing.
  • Establish and ensure adherence to methodologies designed to guide the internal audit function.
  • Confirm adherence to the University’s relevant policies and procedures unless such policies and procedures conflict with the internal audit charter or the Global Internal Audit Standards. Any such conflicts will be resolved or documented and communicated to the Audit and Legal Committee and senior management.

The Chief Audit Executive will report periodically to the Audit and Legal Committee and senior management regarding:

  • The internal audit function’s mandate.
  • The internal audit plan and performance relative to its plan.
  • Significant revisions to the internal audit plan and budget.
  • Potential impairments to independence, including relevant disclosures as applicable.
  • Results from the quality assurance and improvement program, which include the internal audit function’s conformance with The IIA’s Global Internal Audit Standards and action plans to address the internal audit function’s deficiencies and opportunities for improvement.
  • Significant risk exposures and control issues, including fraud risks, governance issues, and other areas of focus for the Audit and Legal Committee.
  • Results of assurance and advisory services.
  • Resource requirements.
  • Management’s responses to risk that the internal audit function determines may be unacceptable or acceptance of a risk that is beyond the University’s risk appetite.

The Chief Audit Executive will develop, implement, and maintain a quality assurance and improvement program that covers all aspects of the internal audit function. The program will include external and internal assessments of the internal audit function’s conformance with the Global Internal Audit Standards, as well as performance measurement to assess the internal audit function’s progress toward the achievement of its objectives and promotion of continuous improvement. The program also will assess, if applicable, compliance with laws and/or regulations relevant to internal auditing. Also, if applicable, the assessment will include plans to address the internal audit function’s deficiencies and opportunities for improvement.

Annually, the Chief Audit Executive will communicate with the Audit and Legal Committee and senior management about the internal audit function’s quality assurance and improvement program, including the results of internal assessments (ongoing monitoring and periodic self-assessments) and external assessments. External assessments will be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the University; qualifications must include at least one assessor holding an active Certified Internal Auditor® credential.