INTERNAL AUDIT CHARTER INTRODUCTION
Management and the Audit Committee believe that a professional, independent Internal Audit Services Department is essential to the most economical, effective and efficient operation of the Company. The purpose of this charter is to establish the Internal Auditing function within the organization, authorize its access to records, personnel, and physical property relevant to the performance of audits, and to define the nature, objective and scope of internal auditing activities and to delegate to the Senior Internal Audit Manager the authority necessary to achieve these objectives. Internal control is the responsibility of management. It is a process designed to provide reasonable assurance of:
• Compliance with applicable laws and regulations. The required reasonable
assurance exists when all the components of management control (the control environment; risk assessment processes; control activities; information and communication systems; and monitoring activities) are present and operate effectively.
Internal auditing is an independent, objective assurance and consulting activity which is managed within the organization as an integral part of its risk management, control and governance processes. It assists management in accomplishment of objectives by assessing the state of internal control. In that regard, internal auditing:
• Assists management in understanding and assess risk;
• Evaluates the adequacy of techniques to manage risk;
• Provides an assessment of the level of comfort that risk management, control
and governance processes are operating effectively and efficiently; and
• Identifies and recommends changes that add value.
Through these assurance and consultative activities, Internal audit assists management accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
The Internal Audit Department is an independent appraisal function established within the Company to examine and evaluate its activities. The objective of Internal Audit is to assist members of the organization, especially management and the Board of Directors, in the effective discharge of their responsibilities by furnishing them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed and by promoting effective control at reasonable cost. The information furnished to each may differ in format and detail, depending upon their requirements, requests and the nature of the assignments. Internal Audit examines and evaluates the adequacy and effectiveness of the system of internal control provided by the Company. The objective is to provide all levels of management with sufficient, relevant and useful information that will help them assure:
• The reliability and integrity of information. • Compliance with policies, plans, procedures, laws and regulations. • The safeguarding of assets. • The economical and efficient use of resources. • The accomplishment of established objectives.
The Charter serves as a guide to Internal Audit in the performance of its duties. The Charter does not include, nor is it intended to include, all of the department's duties or responsibilities, as they may exist from time to time. The Charter is intended to:
• Provide a written record of formally approved policies of the Internal Audit
• Provide a basis for the evaluation of the performance of the Internal Audit
Department by the management of the Organization;
• Serve as a basic document in the organization and administration of the
AUTHORITY
Authorization is granted for full and complete access to any of the company’s records (manual or electronic), physical property and personnel relevant to a review. Documents and information given to Internal Auditors during a periodic review will be handled in the same prudent manner as by those employees normally accountable for them.
Internal Auditors should not have direct responsibility or any authority over any of the activities or operations that they review. They should not develop and install procedures, prepare records or engage in activities that would normally be reviewed by Internal Auditors.
Recommendations on standards of control to apply to a specific activity shall be included in the written report of audit findings and opinions that is given to management for review and implementation. A written report will be prepared and issued, in draft format, following the conclusion of each audit and will be addressed to the management of the activity or area audited. The auditee has an obligation to respond, within reasonable time limits established by the Internal Auditor, to the Internal Audit recommendations and to specify the proposed action and the timetable for implementation. An exit meeting between Internal Audit and the auditee to discuss the audit findings and recommendations is desirable, though not a must.
The Senior Internal Audit Manager will issue the final audit report, within a reasonable time after receiving the written management responses, and will distribute the report or a summarized version thereof to:
• Copies to: (At the discretion of the Senior Internal Audit Manager)
• Vice President • Chief Financial Officer
The scope of Internal Audit encompasses the examination and evaluation of the adequacy and effectiveness of the organization’s system of internal control and the quality of performance in carrying out assigned responsibilities. It includes:
• Reviewing the reliability and integrity of financial and operating information,
and the means used to identify, measure, classify, and report such information.
• Reviewing the systems established to ensure compliance with those policies,
plans, procedures, laws, and regulations that could have a significant impact on operations.
• Reviewing the means of safeguarding assets and, as appropriate, verifying the
existence of such assets in order to provide management with reasonable assurance that assets are protected against loss that could result from fire, theft, other improper or illegal activities, or exposure to the elements.
• Reviewing and appraising the economy and efficiency with which resources
are employed. In this context, internal auditing evaluates whether operating standards have been established for measuring economy and efficiency; whether operating standards are understood and are being met; whether deviations from operating standards are identified, analyzed and communicated to those responsible for corrective action; and whether effective corrective action has been taken.
• Reviewing operations to ascertain whether results are consistent with
established objectives and goals, and whether the operations or programs are being carried out as planned.
• Providing consultation and other services to Management as need be, e.g.
forensic audit services, IT auditing services, risk management services.
Management does not place any restrictions on the scope of the audits. However, it is recognized that Management and the Audit Committee provide general direction as to the scope of work and the activities to be audited, and may request Internal Audit to carry-out special reviews or audits.
RESPONSIBILITIES
The Senior Internal Audit Manager is responsible for providing overall direction and control of the internal audit program to assure that:
• The Internal Audit Department is staffed and operated in accordance with the
Standards for the Professional Practice of Internal Auditing, Code of Ethics, and Statement of Responsibilities of the Institute of Internal Auditors.
• Audit planning provides for organizations within the organization to be
reviewed at appropriate intervals to determine whether they are carrying out their functions economically, efficiently, effectively and in accordance with Company policies and procedures.
• The results of the examinations made by the auditors, the opinions which they
form, and the recommendations which they make are promptly reported to management personnel who should be informed or who should take appropriate action. Copies of audit reports are normally distributed to the audited area's chain of command and could include the Vice President of the audited Operation. Periodically, the Senior Internal Audit Manager meets directly with Senior Management and the Audit Committee. Quarterly, the Internal Audit Department provides written reports on its activities to Senior Management and the Audit Committee.
• Any plans or actions taken to correct reported conditions are evaluated to
determine the corrective action taken is achieving desired results, or that management has assumed the risk of not taking corrective action.
• The Internal Audit Department is a staff department and does not have the
authority or responsibility to implement its recommendations. During each audit the manager to whom the audit report is directed is asked to respond to recommendations and outline plans for action. At an appropriate period following the audit, the manager may be asked to respond in writing regarding action that has been taken.
• Determination of areas or departments to be audited is made by the Senior
Internal Audit Manager. Any officer or manager may request an audit in their area of responsibility.
The Internal Audit Department shall report directly to the Chairman of the Audit Committee or through a designated representative for the purpose of day-to-day direction needed by the department in the mediation of audit scope and scheduling, plus budgetary and personnel concerns. The Senior Internal Audit Manager will have direct access to all members of the Executive Committee and the Audit Committee.
INDEPENDENCE Programming
The Internal Audit Department shall be free from control or undue influence in the selection and application of audit techniques, procedures, and programs. Reporting
The Internal Audit Department shall be free from control or undue influence in the determination of facts revealed by the examination or in the development of recommendations or opinions as a result of the examination. Investigative
The Internal Audit Department shall be free from undue influence in the selection of areas, activities, personal relationships, and managerial policies to be examined. No legitimate source of information is to be closed by the auditor. General
Objectivity is an essential element of independence. The independence of the department may be compromised if the internal auditor participated directly in the preparation or reconstruction of accounting systems, data, or records, thus members of the Internal Audit Department will be used only in an advisory capacity. SYSTEM PLANNING AND DEVELOPMENT
The Internal Audit Department will participate, in an advisory capacity, in the planning, development, implementation, and modification of major computer-based and manual systems to ensure that:
• Adequate controls are incorporated in the system;
• A thorough testing of the system is performed at appropriate stages;
• System documentation is complete and accurate; and
• The intended purpose and objective of the system implementation or
The internal auditor participating in such a review should ensure that the extent of participation does not affect independence, thus suggested audit trails or other controls will be transmitted through formal correspondence. RESPONSIBILITY FOR THE DETECTION OF ERRORS OR IRREGULARITIES
The internal auditor has a professional responsibility to conduct reviews with an attitude of professional skepticism, recognizing that the application of internal auditing procedures may produce evidential matter indicating the possibility of errors or irregularities. Deterrence of fraud is however the responsibility of management. Internal auditing is responsible for examining and evaluating the adequacy and the effectiveness of actions taken to fulfill this obligation. Internal auditors should have sufficient knowledge of fraud to be able to identify indicators that fraud might have occurred. If significant control weaknesses are detected, additional tests conducted by internal auditors should include tests directed towards the identification of other indicators of fraud. Internal auditors are not expected to have knowledge equivalent to that of a person whose primary responsibility is to detect and investigate fraud. Internal auditing procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected. Internal auditing will assist in the investigation of fraud in order to:
• Determine if controls need to be implemented or strengthened, • Design audit tests to help disclose the existence of similar frauds in
The Internal Audit Department shall be notified in all cases where the discovery of circumstances suggest a reasonable possibility that assets have, or are thought to have, been lost through defalcation or other security breaches in the financial and operating systems. The Internal Audit Department will perform sufficient tests to identify the weaknesses in financial and operating procedures, both automated and manual, which permitted the loss and evaluate the impact the weaknesses have with respect to other
activities of the organization. In addition, the Internal Audit Department will recommend improvements to correct the weaknesses and incorporate appropriate tests in future audits to disclose the existence of similar weaknesses in other areas of the organization. PERSONNEL
The ultimate quality of the Internal Audit Department's performance is directly related to the quality of the people employed. The internal audit function should be directed by and staffed with qualified and competent individuals. Minimum qualifications for each position with the audit function have been established; however, additional experience, training, specialized skills, as well as intelligence, adaptability, promotability, an inquiring mind, analytical ability, good business judgment, and an ability to communicate with individuals should be considered in the employment process. The Senior Internal Audit Manager should report annually to the Chairman and/or a designated representative and the Audit Committee as to the effectiveness of the present staff in fulfilling the stated objective of the Internal Audit Department.
Providing valuable insights to corporate decision-makers and their legal counsel February 2009 Navigating uncertainty: a framework for understanding patent values By James D. Woods, PhD, Grant Thornton LLP of the following sources: (1) using the patented technology to increase sales sales, or both; (2) licensing the patented of its patents. Another defendant in the suit, AT&T Corp