Purpose and Role
Internal Audit (IA) is an independent and objective assurance and consulting function established within Denver Water by the CEO/Manager of Denver Water and the Board of Water Commissioners (Board).
IA exists to assist Denver Water with the execution of its mission. It does so by evaluating whether adequate and effective risk management, governance, and internal control procedures are in place and are functioning effectively. IA works in close partnership with the CEO in the execution of its mission.
The term “risk” is defined, for the purposes of this charter, to mean operational, financial, information technology, and regulatory/compliance exposures. The term “assurance” is defined as the objective examination of evidence for the purpose of providing an independent assessment of governance, risk management, and control processes for the organization. The term “consulting” is defined as advisory and related client service activities, the nature and scope of which are agreed with the client, that are intended to add value and improve Denver Water’s governance, risk management, and control processes. Examples include counsel, advice, facilitation, and training.
Further, IA helps Denver Water to achieve its objectives by influencing the continuous development of risk management, governance, and control procedures; by bringing a systematic and disciplined approach to internal audit work; sharing best practices; working in partnership with management; being respectful of its client’s time and the disruption that may be caused by its work; and adding value through the provision of risk management, governance, and control advice.
Authority, Independence, & Accountability
Authorization is granted to IA for unrestricted access to any of Denver Water’s functions, records (manual or electronic), physical properties, and personnel relevant to the performance of the internal audit activity. IA will treat any information obtained during a review in an appropriate and prudent manner. IA is also authorized, with the input of senior management and the Board, to assign adequate audit resources, determine engagement timing, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
The existence of IA does not relieve management of its responsibility to establish appropriate systems of risk management, governance, and control. IA has no direct responsibility for, or any direct authority over, the activities that it reviews. Further, IA shall not develop or install procedures, prepare records, or engage in activities that are subject to its review; and IA shall not direct the activities of any employee not assigned to its section.
To ensure objectivity, Internal Auditors will maintain an impartial and unbiased attitude and avoid conflicts of interest.
To ensure appropriate consideration of legal issues, IA will work in consultation with the General Counsel’s office on audits and investigations.
The Chief Internal Auditor reports functionally to the Board and administratively (i.e. day to day operations) to the CEO/Manager. The Chief Internal Auditor will communicate and interact directly with the Board.
The Board will:
- Approve the internal audit charter.
- Approve the risk based internal audit plan, as developed in consultation with the CEO/Manager.
- Approve the internal audit budget and resource plan, as developed in consultation with the CEO/Manager.
- Receive communications from the Chief Internal Auditor on IA’s performance relative to its plan and other matters.
- Consent to decisions regarding the appointment and removal of the Chief Internal Auditor.
- Make appropriate inquiries of management and the Chief Internal Auditor to determine whether there are inappropriate scope or resource limitations.
The CEO/Manager’s administrative roles will include:
- Budgeting and management accounting.
- Human resource administration, including personnel evaluations and compensation. The CEO will seek Board input into the Chief Internal Auditor’s evaluation and compensation.
- Internal communications and information flows.
- Administration of internal audit’s policies and procedures.
IA will adhere to the Institute of Internal Auditors (IIA) “Definition of Internal Auditing”; the “International Standards for the Professional Practice of Internal Auditing (IPPF)”; and the “Code of Ethics”. This mandatory guidance constitutes the fundamental principles for the professional practice of internal auditing and for evaluating the effectiveness of IA’s performance. As well, the IIA’s “Position Papers”; “Practice Guides”; and “Practice Advisories” will guide the practice.
Scope of Work
IA’s primary scope of work includes determining whether Denver Water’s network of risk management, internal control, and governance processes is adequate and functioning in a manner to achieve its goals and objectives. IA’s scope, therefore, includes reviewing and ascertaining whether:
- Risks (operational, financial, IT, regulatory/compliance) are appropriately identified, managed, and monitored.
- Resources and assets (physical, informational, and information technology) are acquired prudently, used efficiently, and adequately safeguarded.
- Significant financial, managerial, and operating information is accurate, reliable, and timely.
- The activities of employees are in compliance with Denver Water policies, standards, and procedures; as well as applicable laws and regulations.
- Significant Federal or State regulatory issues affecting the organization are recognized and addressed appropriately.
- The results of operations, projects, or programs are consistent with established goals and objectives.
IA’s scope of work may also include:
- Helping to foster and support quality and continuous improvement in the organization’s control processes.
- Coordinating with other control and monitoring functions, including Denver Water’s external auditors.
- Conducting special investigations into fraud, ethics, control failure, and/ or regulatory incidents.
IA shall carry out the following responsibilities:
- Annually, develop and present a flexible audit plan, in consultation with the CEO/Manager, for Board approval. This plan should be developed using a risk-based methodology and should acknowledge risks and/or internal control concerns identified by Management and the Board.
- Implement the audit plan and report performance quarterly to the Board and CEO/Manager.
- Work with Management to develop actions to address identified issues of control, governance, or risk management and develop jointly agreed dates for implementation of such actions.
- Evaluate and advise on the adequacy and timeliness of Management’s responses to, and the corrective action to be taken on, all significant control issues noted.
- Report annually to the Board, and appropriate Management, Internal Audit’s opinion and overall assessment of the adequacy and effectiveness of the organization’s processes to control its activities and manage its risks.
- Follow-up and report quarterly on the timeliness and/or effectiveness of the implementation of corrective actions.
- Implement practices that meet the International Standards for the Professional Practice of Internal Auditing, codified in the International Professional Practices Framework (IPPF) and set forth by The Institute of Internal Auditors (IIA).
- Ensure the selection, development, and supervision of competent and professional audit staff.
- Implement a Quality Assurance Program by which the Chief Internal Auditor evaluates internal auditing activities compared to professional standards and obtains external quality assurance reviews.
- Consider and/or rely upon the work of external consultants, auditors, inspectors, regulators, analysts, and others for the purpose of providing optimal audit coverage to the organization at a reasonable cost, so long as such work meets acceptable levels of diligence and independence.
- Keep the CEO/Manager, Board, and Management informed of emerging trends and best practices in controls, governance, and internal auditing.
The Chief Internal Auditor will periodically review the Charter and present it to the CEO/Manager and the Board for approval.
This Charter approved on August 12, 2015 by Board Resolution.