Projects and Programs
The objective of Internal Audit is to determine whether Management’s network of risk management, governance processes and internal controls is adequate and functioning in a manner to ensure that:
- Risks are appropriately identified and managed;
- Interaction of the various governance groups occurs as needed;
- Significant financial, managerial and operating information is accurate, reliable and timely;
- Employees conduct themselves in compliance with policies, applicable laws and regulations;
- Resources are acquired economically, used efficiently and adequately safeguarded;
- Quality and continuous improvement are fostered;
- Significant regulatory issues are recognized and addressed appropriately; and
- The strategic objectives of the University are being attained
Below are ways in which Internal audit assures that McMaster’s audit objectives come to life.
To learn more about how we can help or report fraudulent or unethical behaviour, please contact the Chief Internal Auditor at email@example.com.
Ethics Point – Integrity at Work
McMaster is committed to the highest standards of integrity. It is our policy to investigate any alleged or fraudulent activities related to funds or property owned by, or in the care of, the University. Follow the link to assist you in providing a better understanding of McMaster’s policies and to provide a process for voicing your concerns.
Internal Audit Policies
Audit And Risk Committee
The Board of Governors By-Law No. 1 (dated June 4, 2020), section 15, sub-section 5(a) states:
The Audit and Risk Committee shall be composed of the Chair and the Vice-Chair(s) of the Board, and a minimum of three other members of the Board. The Chair of the Committee shall be appointed by the Board on the recommendation of the Nominating Committee. Notwithstanding any other provisions in the By-laws, in any event, every Audit and Risk Committee member shall be an independent, external and unrelated Governor (not employed by the University nor enrolled in a course of study at the University). Members of the Audit and Risk Committee shall be financially literate, with the ability to read and understand financial statements of the breadth and complexity comparable to those of the University. Optimally, at least one member of the Committee a professional accounting designation. One half of the membership of the Committee shall constitute a quorum. The following individuals will normally be invited to attend Audit and Risk Committee meetings: the President, the Provost, the Vice-President (Administration), the Assistant Vice-President (Administration) and the Chief Internal Auditor. Meetings shall be held as required or upon the request of a member of the Audit and Risk Committee or of the University’s internal or external auditors. The Committee Chair shall review an agenda in advance of each meeting. The Audit and Risk Committee assists the Board in fulfilling its oversight responsibilities for the financial reporting process, the system of internal control, the audit process, the risk profile of the University and the University’s processes for monitoring compliance with laws, regulations and University policies.
To oversee the system of internal control and the financial reporting process. In fulfilling this responsibility, the Committee shall:
a. meet with the external auditors and review the results of the annual financial statement audit and approve such statements for recommendation to the Board;
b. review other sections of the annual report, including Management’s Discussion and Analysis, and any report or opinion that the auditors propose to render, and consider the accuracy and completeness of the information;
c. review and discuss with management and the external auditors significant variances, estimates and accruals, judgments, changes in accounting policies and standards, issues concerning litigation or contingencies and any difficulties encountered;
d. review any recent and relevant professional and regulatory pronouncements to understand their impact on the financial statements;
e. review and discuss with management whether adequate procedures and processes are in place to ensure the integrity of the financial statements;
f. review the appropriateness of significant accounting principles and practices, reporting issues, unusual or extraordinary items, transactions with related parties and the adequacy of disclosures; and
g. consider whether the financial statements are complete and consistent with information known to Committee members.
To oversee the internal control structure and processes, the Committee shall:
a. Review with management and the internal and external auditors, their evaluation of the University’s internal controls and processes, including internal controls over financial reporting and any material weaknesses or fraud and assess the steps management has taken to minimize significant risks or exposures; and
b. Consider the effectiveness of the internal control system, including information technology security and control.
To oversee the external audit process, the Committee shall:
a. Select and recommend annually the public accountants for appointment as auditors for the ensuing fiscal year and, in consultation with the administration, the basis of their compensation;
b. Approve the engagement letter, receive the independence letter and review the management letter and related materials;
c. Review all matters required to be communicated to the Committee under Generally Accepted Auditing Standards;
d. Review with the external auditors their findings, any restrictions on their work, cooperation received, and their recommendations and facilitate the resolution of any disagreements between management and the external auditors;
e. Receive privately the external auditors’ opinion on various matters, including the quality and effectiveness of financial and internal audit staff, significant accounting principles and practices, unresolved material differences of opinion or disputes;
f. Discuss with the external auditors the scope and purpose of the upcoming audit and the procedures to be followed including coordination with internal audit;
g. Periodically review and approve a policy governing the engagement of the external auditors for the provision of non-audit services; and
h. Annually review and assess the independence and performance of the external auditors.
To oversee the internal audit function and reports, the Committee shall:
a. Review with the senior internal audit officer a summary of findings, any restrictions or limitations on his or her work, cooperation received, special investigation reports, findings from third party auditors (not including work performed by the appointed external auditors), and any recommendations arising therefrom;
b. Review the proposed audit plans for the coming year, the criteria upon which they are based and the coordination of services provided to the external auditors;
c. Periodically review and approve the internal audit mandate (the Internal Audit Department Policy Statement) for continued relevance;
d. Review audit progress, findings, recommendations, responses and follow-up actions; in situations where the auditee has not responded appropriately in a timely fashion to the audit findings, follow-up and obtain a management response on those action items which remain outstanding for a significant period of time;
e. Satisfy itself as to internal audit independence, cooperation received from management, interaction with external audit and any unresolved material disagreements with management;
f. Review the budget, organizational structure, and qualifications of the internal audit department; and
g. Through its Chair, act as the formal supervisor of the senior internal audit officer and in consultation with the President and the Vice-President (Administration), have the final approval to appoint or discharge the senior internal audit officer and complete an annual performance review of the senior internal audit officer; and
h. Periodically review the effectiveness of the internal audit activity.
To oversee compliance-related issues, the Committee shall:
a. Obtain regular updates from management and legal counsel regarding compliance and outstanding litigation matters;
b. Review the effectiveness of the system for monitoring compliance with laws and regulations and the results of management’s investigation and follow-up (including disciplinary action) of instances of non-compliance;
c. Review the findings of any examinations by regulatory agencies; and
d. Review the process for communicating code of conduct policies to employees and monitoring compliance.
To oversee the University’s risk management framework which shall include approval of Management’s proposed Risk Appetite Statement and review of:
a. the identification and quantification of all significant risks (e.g. strategic, financial, operational, reputational etc.) the University is exposed to;
b. the University’s appetite and tolerance for these risks on both an inherent and residual basis;
c. Management’s strategy and controls for managing these risks;
d. the roles and responsibilities for risk identification and management including risk ownership;
e. risk monitoring and reporting;
f. emerging risks including risk horizon, likelihood and severity of such risks;
g. opportunities identified by Management for the future growth of the University
and shall provide input as appropriate as to the overall risk culture and tolerance of the University. The Audit and Risk Committee shall be satisfied that Management operates within the University’s approved Risk Appetite Statement
To fulfill its reporting responsibilities, the Committee shall:
a. report to the Board of Governors as required about Committee activities, issues, and related recommendations;
b. report to the Board of Governors, on its review of Management’s proposed Risk Appetite Statement and present a final version for approval by the Board;
c. complete periodic self-assessments of the Audit and Risk Committee’s effectiveness against its mandate and report any concerns to the Board;
d. periodically review the Terms of Reference of the Audit and Risk Committee and recommend any proposed changes for consideration by the Board of Governors; and
e. perform other activities as requested by the Board.
Other duties such as:
a. Oversee the work of any public accounting firm engaged by the University where such work would be defined as public accounting within the meaning of the standards of the Canadian Institute of Chartered Accountants;
b. Investigate any matter brought to its attention with full access to all books, records, facilities and personnel of the University; and
c. Review and ensure that procedures are in place for the receipt, retention and treatment of complaints regarding accounting, internal accounting controls or audit matters.
Members of the Audit and Risk Committee include those members of the Finance Committee who are not salaried employees of the University.
The Audit and Risk Committee consists of the following members for July 1, 2021, to June 30, 2022:
|K. Nye (Kevin)||Member||Chair of the Committee|
|R. Walker (Robert)||Member||Vice-Chair of the Committee|
|C. Stefankiewicz (Connie)||Member|
|S. McLarty (Stephanie)||Member|
|J. Rowe (Jennifer)||Member|
|P. Douglas (Paul)||Member|
|B. Merkel (Bradley)||Ex Officio||Chair of the Board|
|J. Allen (Allen)||Ex Officio||Vice-Chair of the Board|
|D. Farrar (David)||Invited||President and Vice-Chancellor|
|S. Tighe (Susan)||Invited||Provost and Vice-President (Academic)|
|S. Fazilat (Saher)||Invited||Vice-President (Operations and Finance)|
|D. Henne (Deidre)||Invited||Assistant Vice-President (Administration) and CFO|
|A. Purina (Anna)||Consultant||Chief Internal Auditor|