Skip to McMaster Navigation Skip to Site Navigation Skip to main content
McMaster logo

Internal Audit

Projects and Programs

The objective of Internal Audit is to determine whether Management’s network of risk management, governance processes and internal controls is adequate and functioning in a manner to ensure that:

  1. Risks are appropriately identified and managed;
  2. Interaction of the various governance groups occurs as needed;
  3. Significant financial, managerial and operating information is accurate, reliable and timely;
  4. Employees conduct themselves in compliance with policies, applicable laws and regulations;
  5. Resources are acquired economically, used efficiently and adequately safeguarded;
  6. Quality and continuous improvement are fostered;
  7. Significant regulatory issues are recognized and addressed appropriately; and
  8. The strategic objectives of the University are being attained

Below are ways in which Internal audit assures that McMaster’s audit objectives come to life.

To learn more about how we can help or report fraudulent or unethical behaviour, please contact the Chief Internal Auditor at

Safe Disclosures

Ethics Point – Integrity at Work

McMaster is committed to the highest standards of integrity. It is our policy to investigate any alleged or fraudulent activities related to funds or property owned by, or in the care of, the University. Follow the link to assist you in providing a better understanding of McMaster’s policies and to provide a process for voicing your concerns.

Learn More at EthicsPoint

Internal Audit Policies

  1. Internal Audit Policy Statement
  2. Fraud Policy
  3. Use of External Auditor for Non-Audit

Office of Internal Audit

The Board of Governors By-Law No. 1 (dated June 4, 2020), section 15, sub-section 5(a) states:

The Office of Internal Audit shall be composed of the Chair and the Vice-Chair(s) of the Board, and a minimum of three other members of the Board. The Chair of the Committee shall be appointed by the Board on the recommendation of the Nominating Committee. Notwithstanding any other provisions in the By-laws, in any event, every Internal Audit member shall be an independent, external and unrelated Governor (not employed by the University nor enrolled in a course of study at the University). Members of the Office of Internal Audit shall be financially literate, with the ability to read and understand financial statements of the breadth and complexity comparable to those of the University. Optimally, at least one member of the Committee a professional accounting designation. One half of the membership of the Committee shall constitute a quorum. The following individuals will normally be invited to attend Internal Audit meetings: the President, the Provost, the Vice-President (Administration), the Assistant Vice-President (Administration) and the Chief Internal Auditor. Meetings shall be held as required or upon the request of a member of the Office of Internal Audit or of the University’s internal or external auditors. The Committee Chair shall review an agenda in advance of each meeting. The Office of Internal Audit assists the Board in fulfilling its oversight responsibilities for the financial reporting process, the system of internal control, the audit process, the risk profile of the University and the University’s processes for monitoring compliance with laws, regulations and University policies.

To oversee the system of internal control and the financial reporting process. In fulfilling this responsibility, the Committee shall:

a. meet with the external auditors and review the results of the annual financial statement audit and approve such statements for recommendation to the Board;

b. review other sections of the annual report, including Management’s Discussion and Analysis, and any report or opinion that the auditors propose to render, and consider the accuracy and completeness of the information;

c. review and discuss with management and the external auditors significant variances, estimates and accruals, judgments, changes in accounting policies and standards, issues concerning litigation or contingencies and any difficulties encountered;

d. review any recent and relevant professional and regulatory pronouncements to understand their impact on the financial statements;

e. review and discuss with management whether adequate procedures and processes are in place to ensure the integrity of the financial statements;

f. review the appropriateness of significant accounting principles and practices, reporting issues, unusual or extraordinary items, transactions with related parties and the adequacy of disclosures; and

g. consider whether the financial statements are complete and consistent with information known to Committee members.

To oversee the internal control structure and processes, the Committee shall:

a. Review with management and the internal and external auditors, their evaluation of the University’s internal controls and processes, including internal controls over financial reporting and any material weaknesses or fraud and assess the steps management has taken to minimize significant risks or exposures; and

b. Consider the effectiveness of the internal control system, including information technology security and control.

To oversee the external audit process, the Committee shall:

a. Select and recommend annually the public accountants for appointment as auditors for the ensuing fiscal year and, in consultation with the administration, the basis of their compensation;

b. Approve the engagement letter, receive the independence letter and review the management letter and related materials;

c. Review all matters required to be communicated to the Committee under Generally Accepted Auditing Standards;

d. Review with the external auditors their findings, any restrictions on their work, cooperation received, and their recommendations and facilitate the resolution of any disagreements between management and the external auditors;

e. Receive privately the external auditors’ opinion on various matters, including the quality and effectiveness of financial and internal audit staff, significant accounting principles and practices, unresolved material differences of opinion or disputes;

f. Discuss with the external auditors the scope and purpose of the upcoming audit and the procedures to be followed including coordination with internal audit;

g. Periodically review and approve a policy governing the engagement of the external auditors for the provision of non-audit services; and

h. Annually review and assess the independence and performance of the external auditors.

To oversee the internal audit function and reports, the Committee shall:

a. Review with the senior internal audit officer a summary of findings, any restrictions or limitations on his or her work, cooperation received, special investigation reports, findings from third party auditors (not including work performed by the appointed external auditors), and any recommendations arising therefrom;

b. Review the proposed audit plans for the coming year, the criteria upon which they are based and the coordination of services provided to the external auditors;

c. Periodically review and approve the internal audit mandate (the Internal Audit Department Policy Statement) for continued relevance;

d. Review audit progress, findings, recommendations, responses and follow-up actions; in situations where the auditee has not responded appropriately in a timely fashion to the audit findings, follow-up and obtain a management response on those action items which remain outstanding for a significant period of time;

e. Satisfy itself as to internal audit independence, cooperation received from management, interaction with external audit and any unresolved material disagreements with management;

f. Review the budget, organizational structure, and qualifications of the internal audit department; and

g. Through its Chair, act as the formal supervisor of the senior internal audit officer and in consultation with the President and the Vice-President (Administration), have the final approval to appoint or discharge the senior internal audit officer and complete an annual performance review of the senior internal audit officer; and

h. Periodically review the effectiveness of the internal audit activity.

To oversee compliance-related issues, the Committee shall:

a. Obtain regular updates from management and legal counsel regarding compliance and outstanding litigation matters;

b. Review the effectiveness of the system for monitoring compliance with laws and regulations and the results of management’s investigation and follow-up (including disciplinary action) of instances of non-compliance;

c. Review the findings of any examinations by regulatory agencies; and

d. Review the process for communicating code of conduct policies to employees and monitoring compliance.

To fulfill its reporting responsibilities, the Committee shall:

a. report to the Board of Governors as required about Committee activities, issues, and related recommendations;

b. report to the Board of Governors, on its review of Management’s proposed Risk Appetite Statement and present a final version for approval by the Board;

c. complete periodic self-assessments of the Audit and Risk Committee’s effectiveness against its mandate and report any concerns to the Board;

d. periodically review the Terms of Reference of the Audit and Risk Committee and recommend any proposed changes for consideration by the Board of Governors; and

e. perform other activities as requested by the Board.

Other duties such as:

a. Oversee the work of any public accounting firm engaged by the University where such work would be defined as public accounting within the meaning of the standards of the Canadian Institute of Chartered Accountants;

b. Investigate any matter brought to its attention with full access to all books, records, facilities and personnel of the University; and

c. Review and ensure that procedures are in place for the receipt, retention and treatment of complaints regarding accounting, internal accounting controls or audit matters.

Members of the Office of Internal Audit include those members of the Finance Committee who are not salaried employees of the University.

The Office of Internal Audit consists of the following members for July 1, 2021, to June 30, 2022:

Name Type Composition
K. Nye (Kevin) Member Chair of the Committee
R. Walker (Robert) Member Vice-Chair of the Committee
C. Stefankiewicz (Connie) Member
S. McLarty (Stephanie) Member
J. Rowe (Jennifer) Member
P. Douglas (Paul) Member
B. Merkel (Bradley) Ex Officio Chair of the Board
J. Allen (Allen) Ex Officio Vice-Chair of the Board
D. Farrar (David) Invited President and Vice-Chancellor
S. Tighe (Susan) Invited Provost and Vice-President (Academic)
S. Fazilat (Saher) Invited Vice-President (Operations and Finance)
D. Henne (Deidre) Invited Assistant Vice-President (Administration) and CFO
A. Purina (Anna) Consultant Chief Internal Auditor