Internal Audit Charter
Eastern University supports Internal Audit Division as an independent appraisal function to examine and evaluate University activities as a service to management and the Council. The mission of Internal Audit Division is to support members of the University in the effective discharge of their responsibilities. To this end, Internal Audit Division will furnish them with analyses, recommendations, counsel, and information concerning the activities examined.
Organization and Committee Reporting
The Internal Auditor will report to Vice – Chancellor, Eastern University and to the Audit Committee of the Council with a copy to the Chief Internal Auditor of the University Grants Commission and Auditor General of Sri Lanka. The Chief Internal Auditor of the University Grants Commission will be responsible for the overall co-ordination of the University Internal Audit Units / Divisions.
Annually, the Internal Auditor will submit to the Committee a written report on the internal audit activity during the preceding fiscal year. In addition, if the circumstances ever warrant such action, the Assistant Internal Auditor may circumvent normal university reporting lines and communicate directly with the Committee.
In order that Internal Audit Division may perform its functions effectively, it is essential that it operates with objectivity, obtained through adequate scope and authority and freedom from executive responsibilities in the areas it audits. It should not therefore, be involved in routine departmental procedures or financial systems. In addition to this departmental independence, the internal auditor should also be independent in the following areas:
- Scope: the scope of the auditor’s work should not be restricted in any way. He should be free to examine and report on the activities of any part of the organisation;
- Access: he must have an unchallengeable right of access, at all reasonable time, to all financial and associated records of the organisation. He must have the right to examine all assets and to require any explanation deemed necessary;
- Report: he should be able to report, both verbally and in writing, to all levels of management;
- Activity: auditors should be able to report on any aspect of financial or management control, therefore it is vital that they do not become part of any system on which they might be required to report;
- Personnel: auditors should not be required to report on people with whom they a personal or working relationship, neither should they be required to audit any area for which they previously held managerial responsibility; and
- Mind: this is the most important factor, and most difficult to define or measure. It is a quality which incorporates “single – mindedness”, tempered by a cautious awareness of the views of others.
Authorization and Responsibilities
Internal Audit Division has the authority to audit all parts of the University and shall have full and complete access to any of the organization's records, physical properties, information systems, and personnel relevant to the performance of an audit or investigation. Documents and information given to internal auditor during a periodic review will be handled in the same prudent manner as by those employees normally accountable for them.
Internal Audit Division will have no direct responsibility or authority for any of the activities or operations they review. They should not develop and install procedures, prepare records, or engage in activities that would normally be reviewed by internal auditor. Furthermore, an internal audit does not in any way relieve other university personnel of their responsibilities.
A report will be prepared and issued by the Internal Auditor following the conclusion of each audit. Copies of the report will be distributed as appropriate. The Head of the activity or department will respond before the final report is issued and the response will be included with the final report. The response will indicate corrective actions taken or planned regarding specific report findings.
The Head of the Department receiving the report is responsible for ensuring that progress is made toward correcting any reported findings. Internal Audit Division is responsible for determining whether the action taken is adequate to resolve the audit findings. If the action is not adequate, Internal Audit Unit will inform university management and the Audit Committee of the potential risk and exposure in allowing the unsatisfactory conditions to continue.
Internal Audit's objectives in accomplishing its mission will include the following:
- Determine the accuracy and propriety of financial transactions
- Evaluate, consult, and educate on financial and operational processes, controls, related risks, and exposures. Provide advice and guidance on control and risk aspects of new policies, systems, processes, and procedures
- Verify the existence of university assets and determine whether proper safeguards are maintained to protect them from loss
- Determine the level of compliance with university policies and procedures and state and federal laws and regulations
- Evaluate the accuracy, effectiveness, and efficiency of the university's electronic information and processing systems
- Determine the effectiveness and efficiency of organizations in accomplishing their mission and identify operational opportunities for cost savings and revenue enhancements
- Coordinate audit efforts with, and provide assistance to the Central Internal Audit Unit, University Grants Commission and external auditors
- Investigate fraud and other types of fiscal misconduct
Standards and Ethics
Code of Ethics
The Internal Audit staff is responsible for conducting themselves so that their good faith and integrity will not be open to question. Internal Audit Division has adopted the Codes of Ethics issued by the Institute of Internal Auditors, USA and the Institute of Charted Accountants of Sri Lanka. Staff shall realize that individual judgment is required in the application of these standards.