1.0 Reason for Policy

The purpose of this policy is to define the responsibility, authority and accountability of the University of Manitoba Audit Services Office and the responsibility and accountability of management and staff of the Unit that are subject to the audit ("auditee management and staff").

2.0 Policy Statement

2.1 Key Responsibilities

The Audit Services Office plays an integral role in supporting effective administration of the University operations. The key responsibility of the Audit Services Office is to proveide the Board of Governors and the Office of the President with independent, objective assurance and consulting services through the delivery of a comprehensive, risk-based Annual Assurance Plan.

2.2 Compliance with Professional Standards

The Audit Services Office is responsible for complying with the Standards of the Professional Practice of Internal Auditing established by the Institute of Internal Auditors (IIA). University auditors will also comply with the IIA Code of Ethics and will maintain independence and objectivity from those activities audited.

2.2.1 The Audit Services Office has adopted the IIA definition of Internal Auditing as follows:

"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes." - June 1999

Assurance work will be designed to meet the fiduciary needs of the Audit Committee and the Office of the President by obtaining specific information to establish a level of comfort regarding the University's risk management, governance, and internal control system.

Consulting services will focus on problem solving activities designed to add value to operating management.

This definition of internal auditing makes a reference to "governance processes". According to IIA Standard 2130: "The internal audit activity should contribute to the organization's governance process by evaluating and improving the process through which (1) values and goals are established and communicated, (2) the accomplishment of goals is monitored, (3) accountability is ensured, and (4) values are preserved." Standard 2130.A1 clarifies that: "Internal auditors should review operations and programs to ensure consistency with organizational values."

2.3 Reporting Functions

On behalf of the Audit Services Office, the Director reports functionally to the Audit Committee of the Board of Governors.

2.3.1 The Director, Audit Services, has the right to attend Audit Committee meetings and submit appropriate planning and accountability reports:

a) Annually, by March 31, an Annual Assurance Plan for approval.    

b) Annually, by June 30, an Annual Report addressing outcomes associated with the Annual Assurance Plan implementation and operational results of services rendered for the previous fiscal year for information; and  

c) At each regularly scheduled Audit Committee meeting during the year a Progress Report on the status of the Annual Assurance Plan for information.  

d) Periodically, as considered necessary, provide:

(i) A detailed Audit Services' report to the Audit Committee so they can understand the methodology and quality of reporting;

(ii) Presentations for education purposes related to risk management, internal control land regulatory compliance or on topics as requested by the Audit Committee; and

(iii) A report on significant risks that the University faces and significant issues relating to the University's system of internal control.

2.4 Scope of Audit ServicesAudit Services' scope includes the entire University of Manitoba operation under the portfolios of the President and Vice-Presidents. The Director, Audit Services, in consultation with the Office of the President and the Audit Committee of the Board of Governors, establishes Audit Services' scope of activities. Audit Services' scope will be reviewed annually as part of the Annual Assurance Plan process.

2.5 Audit Objectives

The audit objectives of Audit Services' work may include assessment of:

2.5.1 Governance: The effectiveness of risk management, control and governance processes; 

2.5.2 Effectiveness: Progress towards objectives and goals; 

2.5.3 Efficiency: The accomplishment of objectives with the minimum amount of University resources and the maximum amount of output;

2.5.4 Accountability: The integrity and reliability of financial and operating information and the means used to identify, measure, control, classify and report such information; 

2.5.5 Conformance: with those policies, plans, procedures, laws and regulations which have a significant implact on University operations; and

2.5.6 Asset Safeguards: The means of protecting assets, including information and, as appropriate, verify the existence of such assets. This may include investigations of fraud allegations.

2.6 Relationship with External Auditors

Audit Services' activities will be coordinated with the University's external auditors to insure than information is exchanged, maximum audit coverage is obtained, and duplication of effort and expense on routine phases of audit work is minimized.

2.7 Access to Information

In fulfilling its mandate, the Audit Services Office is granted full, free and unrestricted access to all activities, records (including contracts), property and personnel of the University.

2.7.1 In fulfilling its mandate, Audit Services will not exercise direct control over the units whose work it reviews or over the activities under review.  

2.7.2 The Audit Services Office will obtain access to University confidential and personnel records on an as needed basis upon request.

2.8 Audit Services Responsibility to Auditee

Audit Services staff is required to meet with auditee management in regard to the following:

2.8.1 During the planning stage of the audit to discuss the objective, scope, criteria for measurement, timing and staff resource requirements of the auditee.  

2.8.2 Prior to the issuance of the Audit Report to obtain the concurrence of management on the Finding and Recommendations and to obtain management comments for inclusion in the Audit Report.

2.9 Auditee Responsibility to Audit Services

University management and staff are required to co-operate with the Audit Services Office, provide timely response to reports and make every effort to implement recommendations that have been agreed to with the Audit Services Office.

2.10 Follow-up of Recommendations

The Audit Services Office will follow-up implementation of all recommendations in a timely manner. Where recommendations are not implemented, Audit Services will advise the Office of the President that management has not implemented the recommendations and the risk this poses to the University.

3.0 Accountability

3.1 The University Secretary is responsible for advising the President that a formal review of the Policy is required.

3.2 The Director of Audit Services is responsible for the communication, administration and interpretation of this policy.

4.0 Secondary Documents

The Vice-President (Administration) or the President may approve Procedures which are secondary to and comply with this Policy.

5.0 Review

5.1 Formal Policy reviews will be conducted every ten (10) years. The next scheduled review date for this Policy is June 20, 2016.

5.2 In the interim, this Policy may be revised or rescinded if:

(a) the Approving Body deems necessary; or
(b) the relevant Bylaw, Regulations or Policy is revised or rescinded.

5.3 If this Policy is revised or rescinded, all Secondary Documents will be reviewed as soon as reasonably possible in order to ensure that they:

(a) comply with the revised Policy; or
(b) are in turn rescinded.

6.0 Effect on Previous Statements

(a) all previous Board/Senate Policies, Procedures, and resolutions on the subject matter contained herein;
(b) all previous Administration Policies, Procedures, and directives on the subject matter contained herein; and
(c) Policy 320 Audit Services.

7.0 Cross References

Procedures: Audit Services