Internal Audit Charter
The Office of Internal Audit & Consulting Services (“IA”) is established within the Colrado
School of Mines (“Mines” or “University”) toprovide internal auditing services, as defined by
the Institute of Internal Auditors (“IIA”). Internal auditing is an independent, objective
assurance and consulting activity designed to add value and improve an organization’s
operations. It helps an organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk management, control,
andOr ggoanvierznancatione palr Sotrcesuctsesur. e
IA is established by the Board of Trustees. The Director of Internal Audit is
appointed/removed by the Board of Trustees upon the recom endation of the Executive
Vice President and Chief Operating Oficer, Chief Financial Oficer, & Treasurer
(EVP/COO/CFO/ Treasurer). IA reports functionally to the Finance and Audit Com ittee
(“FAC”) of the Board of Trustees and administratively to the EVP/COO/CFO/Treasure.
Adminis• trative reporting facilitates the day-to-day operations and includes:
• approval of travel or other expenses;
human resource administration, including compensation and evaluation of staff
• members other than the Director; and
other functions as delegated by the FAC.
Annually, the Audit Com ittee shall evaluate the performance of the Director of Internal
Audit. This structure achieves organizational independence by allowing the function to fulfill its
responsibilities, to have ful access to the FAC, and to be free from interference in
dIeterndempiningende thnce se &c oOpe bjofec intertivitynal auditing, performing work, and com unicating results.
To ensure independence and objectivity of the function, IA has no direct responsibility or
authority for activities or operations reviewed with the exception of the responsibilities
listed within this charter. The internal audit activity does not, in any way, relieve other
persons of their responsibilities assigned to them.
If there are potential impairments to independence or objectivity, the details of the
impairment must be disclosed to appropriate parties, depending on the nature of the

IA isgranted ful and complete access to any of the University’s records, personnel, physical
properties, and systems (as necesary) in the course of their role. This may include, but is
not limited to, allocating resources, setting frequencies, selecting subjects, determining
scope of work, applying the techniques required to accomplish audit objectives, and
obtaining assistance of personnel within departments. Documents and information given to
the internal auditor will be handled in a prudent manner.
IA is not authorized to perform any operational duties for the University, initiate or approve
accounting transactions external to IA, or direct any organization employee not employed by
IA, except to the extent such employees have been appropriately assigned to auditing teams
orA to ouditth Sterawnisdae asrds sist the internal auditors.
IA will govern itself by adherence to the IIA’s Mandatory Guidance, which includes the Core
PrIincnteriplnaestio fonalr th Stae Prndarodfses fsoiornal the Pr Pracocticese osiof Inalnter Pranalctic Aeu ofditing Audi, thtinge Code of Ethics, the
, and the Definition of
Internal Auditing. The IIA’s Mandatory Guidance constitutes the fundamental requirements
for the professional practice of internal auditing and the principles against which to evaluate
thRe efolefecs ativnd enesRessp oof thnse acibilittivieitys ’s performance.
The scope of internal auditing encompasses examination and evaluation of the adequacy and
effectiveness of the Mines’ sytem of internal control and the quality of performance in
carrying out assigned responsibilities.
IA shal: 1) Develop a flexible Internal Audit Plan based on prioritization determined by using
2) relevant risk factors, including any risk or control concerns identified by
management, and submit the plan to the FAC for approval.
Implement the Internal Audit Plan, as approved, including any special projects or audits
requested by management and/or the FAC.
3) Evaluate risk exposure relating to achievement of the organization’s strategic objectives.
4) Assess business risk and provide assurance to management and the FAC regarding
stewardship of University assets, integrity of operational and financial information, and
compliance with applicable laws, regulations, and University policies.
5) Perform consulting services, to assist management in meetings its objectives. For example,
review of the design and development of major computer-based systems to determine if
adequate controls are incorporated in the systems.
6) Report to the FAC the status of Internal Audit activities, including the results of completed
internal audits, and the extent to which prior recommendations have been implemented.
7) Submit to the FAC an annual summary of the accomplishments of the past fiscal year and
goals and objectives for the following fiscal year. Keep the FAC informed of key emerging
trends and best practices in Internal Audit and risk management.

8) Maintain a professional Internal Audit staff with sufficient knowledge, skills, experience,
and professional certifications to meet the requirements of this Charter.

In addition to internal auditing responsibilities, IA may participate in risk or control activities in a
limited capacity. Participation will be such that independence will be maintained by refraining
from aforementioned unauthorized activities. Such activities will also be overseen by the FAC.

At the conclusion of each engagement, IA will com unicate the results to the responsible
department, who will respond. Executive sum aries will be presented at the Finance and
AuRdesit Coloutmio ittee
n of A m
it F s
ind for
ing th
s e President, EVP/COO/CFO/Treasure and the FAC.
IA will attempt to resolve all internal audit findings at the appropriate administrative level
to implement the necessary corective action.
Reported internal audit findings will be reviewed with the auditee (department head, unit
manager) at on-going basis intervals until all findings are resolved. Resolution means
satisfactory corective action is taken or the audit recom endation is rescinded. Where
resolution of indings is untimely, or will result in significant exposure from control
weaknesses or lost op ortunity to improve productivity, resolution will be pursued at
appropriate higher administrative levels. Executive-level management is ultimately
resQupoalnsityib Ale fssourr auandcit re ecom endations within their area.
IA will maintain a quality asurance and improvement program that covers all aspects of the
internal audit activity. The program will include an evaluation of the internal audit activity’s
conformance with the Definition of Internal Auditing and the Standards and an evaluation of
whether internal auditors apply the Code of Ethics. The program also assesses the efficiency
and effectiveness of the internal audit activity and identifies oportunities for improvement.
The Director will com unicate to executive management and the FAC on the internal audit
activity’s quality assurance and improvement program, including results of ngoing internal
assessments and external assessments conducted at least every five years.
Approved by the Finance and Audit Committee of the Board of Trustees, April 24, 2017.