Skip to main content

Learn about the Audit Charter

Audit & Advisory Services’ primary role is to serve Northeastern University’s Board of Trustees and management in the identification, evaluation, and mitigation of risk. To serve this role, Audit & Advisory Services assists management in identifying risks and controls in financial, operational, compliance, and information technology areas; develops Audit & Advisory Services plans and conducts control testing in specific areas of risk; and identifies process improvement opportunities. Audit & Advisory Services is an independent, objective assurance and consulting activity designed to add value and improve the University’s operations. Audit & Advisory Services helps the University to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal controls, and governance processes.

Audit & Advisory Services also follows the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing (Standards). The Standards are a set of principles-based, mandatory requirements consisting of:

Statements of core requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance that are internationally applicable at organizational and individual levels;

Interpretations clarifying terms of concepts within the Audit & Advisory Services supports the University’s strategic objectives by assessing that resources are used effectively and efficiently and comply with established policies and procedures. The extent of Audit & Advisory Services’ efforts is to examine, evaluate, and recommend improvements to the internal control system established throughout the University. Internal controls encompass the policies, procedures, people, activities, and information systems through which colleges, schools, centers, and departments ensure:

Accuracy, authorization, completeness, and timeliness of information;

Security and privacy of data;

Integrity of data;

Safeguarding of assets;

Compliance with federal and state laws and regulations;

Adherence to University policies and procedures.

To promote an ethical culture in the profession of internal auditing, Northeastern University’s Audit & Advisory Services follows the Institute of Internal Audit’s Code of Ethics. The Code of Ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about risk management, control, and governance. By upholding high ethical standards and promoting good business conduct, Audit & Advisory Services is a valuable resource to management by assuring that financial, operational, and system controls are adequate and effective.

  • checkScope of Work

    To assess the University’s control environment, Audit & Advisory Services performs:

    • Step 1: Financial Reviews

      To provide an assessment of internal controls over financial reporting including controls over revenue and expenditure processes.

    • Step 2: Compliance Reviews

      To ensure University departments and operations adhere to applicable regulations, and to determine that University policies exist to support compliance with regulations.

    • Step 3: Operational Reviews

      To provide an assessment of processes, systems, operations and strategies to ensure adherence with internal controls, and to determine that adequate policies and procedures exist to support operations.

    • Step 4: Information Technology Reviews

      To provide an assessment of the University’s information technology organization including controls over program development, change control, applications, system security, databases, logical security, and physical security as they relate to the University’s business activities.

  • checkAccountability

    The Vice President of Audit & Advisory Services shall be accountable to management and the Audit & Risk Committee to:

    • Provide a continuous assessment of the adequacy and effectiveness of processes for controlling activities and managing risks in the areas set forth in the charter and scope of work.

    • Report issues related to internal control weaknesses identified in organizational processes, including potential improvements to those processes, and provide information concerning such issues through resolution.

    • Provide information periodically on the status and results of the annual audit plan and the sufficiency of department resources.

  • checkIndependence
    • The scope of audit coverage is enterprise-wide and no function, activity, or unit of the University is exempt from audit and review. To provide for the independence of Audit & Advisory Services, the department has a dual reporting relationship. The Vice President of Audit & Advisory Services reports administratively to a member of the Senior Leadership Team and reports to the Chair of the Audit Committee.

  • checkAuthority

    The Audit & Advisory Services department is authorized to:

    • Have unrestricted access to all activities, documents, records, systems, facilities, and personnel as necessary to fulfill its objectives. Information will be maintained with appropriate confidentiality.

    • Have full and free access to the audit committee.

    • Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.

    • Obtain the necessary assistance of personnel in units of the organization where they perform audits, as well as other specialized services from within or outside the organization.

  • checkConsulting
    • From time to time, Audit & Advisory Services is asked to participate in management committees or project teams. Audit & Advisory Services is not a management decision-making function. Decisions to adopt or implement recommendations made as a result of an internal audit or an advisory service should be made by management. Therefore, Audit & Advisory Services objectivity should not be impaired by the decisions made by management.

      Audit & Advisory Services may also be requested to facilitate consulting engagements as requested by the board or management. Consulting engagements may produce a formal report for management. The formal report may include analytical details, and recommendations to management and/or the board. Management is not required to implement Audit & Advisory Services’ recommendations. If control risks are identified during a consulting engagement, Audit & Advisory Services is responsible to report the issues to management and the board.

We Are Here to Help