Internal Audit Charter



I. Purpose

The internal audit function provides independent, risk-based assurance and advisory services designed to add value and improve Santa Barbara City College (SBCC) operations, strengthening the institution’s ability to create, protect, and sustain value.

The internal audit function helps the institution achieve its objectives through a systematic evaluation of risk management, control, and governance processes, enhancing decision-making, oversight, credibility with stakeholders, and service to the public interest.

The internal audit function is most effective when it is performed in accordance with standards, is independently positioned with direct board accountability, and operates free from undue influence.

Commitment to Standards

SBCC’s internal audit function will adhere to the Institute of Internal Auditors (IIA) International Professional Practices Framework (IPPF), and the Internal Auditor will periodically report to the board and senior management on conformance with standards.



II. Mandate

Authority

The Standards for Board of Governors Approval of District Applications for Fiscal Independence require SBCC to provide an internal audit function to assure adequate internal controls.  The internal audit function derives authority from its reporting relationship to the SBCC Board of Trustees (Board). The authority and responsibilities of the internal audit function are defined in this charter and approved by the SBCC Superintendent/President and Board.

The internal audit function is authorized to:

  • have unrestricted access to all functions, records, property and personnel.
  • have direct access to relevant Board committees.
  • determine the resources, subjects, scope, and methods needed to achieve internal audit objectives.
  • obtain assistance of institution personnel in completing engagements and advisory services, as well as other specialized services at or outside the institution.

Authorization does not include:

  • access to the SBCC Foundation.
  • performing operational responsibilities for the institution or its affiliates.
  • initiating or approving accounting transactions external to Internal Audit.
  • directing employees outside of Internal Audit, unless appropriately assigned to assist Internal Audit.

Independence, Organizational Position and Reporting Relationships

The internal audit function at SBCC reports to the Superintendent/President. This organizational placement supports independent audit services that are performed without interference and allows communication with senior leadership and escalation to the Board when needed.

The Internal Auditor will keep the Board informed of any interference affecting audit scope, performance, or communication of results, including any potential impact on the function’s effectiveness. Any differences in perspective between the Superintendent/President and the Internal Auditor regarding audit results will first be addressed with the Board President, and if the matter cannot be resolved, the full Board will be informed.

The organizational independence of the internal audit function will be periodically assessed and confirmed. If independence is found to be impaired, the nature of the impairment will be documented and appropriate mitigating actions implemented.

Changes to the Mandate and Charter

The internal audit mandate and charter will be reviewed and updated, in consultation with the Board and leadership in response to significant changes including, but not limited to, changes in:

  • standards,
  • organizational structure,
  • Internal Audit, Board or leadership composition, or
  • institution mission, strategy, objectives, risk profile, or regulatory environment.


III. Board Oversight

To establish, maintain, and ensure that SBCC’s internal audit function has sufficient authority to fulfill its duties, the Board will:

  • Approve the internal audit function’s charter.
  • Discuss with the Internal Auditor and senior management:
    • the appropriate authority, role, responsibilities and scope of the internal audit function.
    • essential conditions to support an effective audit function.
    • additional topics that should be included in the audit charter.
    • updates to the charter to reflect changes affecting the organization.
  • Ensure unrestricted access for the Internal Auditor to the Board.
  • Collaborate with senior management to define the Internal Auditor’s required qualifications.
  • Approve the annual risk-based audit plan.
  • Approve Internal Audit’s human resources budget.
  • Approve the appointment, removal, and remuneration of the Internal Auditor.
  • Receive communications from the Internal Auditor on progress against the audit plan.
  • Ensure a Quality Assurance and Improvement Program is implemented with periodic review.
  • Make inquiries of senior management and the Internal Auditor to determine whether scope or resource limitations are inappropriate.


IV. Internal Auditor Roles and Responsibilities

Ethics and Professionalism

The Internal Auditor will:

  • Conform to IIA standards, including principles of Ethics and Professionalism.
  • Encourage and promote an ethics-based culture in the organization.
  • Uphold and support SBCC’s ethical expectations.

Objectivity

The Internal Auditor will:

  • Remain independent and objective.
  • Not subordinate judgement in performing audit responsibilities.
  • Take necessary steps to avoid conflicts of interest, bias, or undue influence.
  • Disclose actual or perceived impairments of independence at least annually.
  • Maintain no direct authority or operational responsibility over areas subject to audit.

Managing the Internal Audit Function

The Internal Auditor will:

  • Develop an annual, risk-based internal audit plan for Board approval, incorporating input from the Board and senior management.
  • Review and adjust the audit plan in response to emerging risks and operational changes; report significant changes to Board and senior management.
  • Ensure that the internal audit function conforms to professional standards; disclose any limitations.
  • Ensure internal audits are planned and performed according to professional standards.
  • Implement and maintain a Quality Assurance and Improvement Program.
  • Communicate the impact of resource limitations to the Board and senior management.
  • Monitor and report on implementation of audit recommendations and corrective actions.
  • Coordinate with, and consider reliance on, internal and external assurance and advisory providers.
  • Identify emerging trends affecting SBCC and communicate relevant information to the Board and senior management.
  • Stay informed on emerging trends and successful practices in internal auditing.
  • Maintain or acquire the qualifications and competencies needed to meet professional standards and fulfill the internal audit mandate.
  • Adhere to SBCC’s policies and procedures unless they conflict with the internal audit charter or standards; resolve or document and communicate any conflicts to the Board and senior management.

Communication with the Board and Senior Management

The Internal Auditor will periodically report to the Board and senior management regarding:

  • the internal audit mandate.
  • the internal audit function’s budget and resource needs.
  • the internal audit plan, performance to plan, and significant changes to plan.
  • results of assurance and advisory services.
  • management’s response to or acceptance of risks.
  • risk exposures and control issues.
  • potential impairments to independence.
  • Quality Assurance and Improvement Program results.


V. Scope and Types of Internal Audit Services

The scope of internal audit services extends across the entire organization, including all SBCC activities, assets, and personnel.  Internal audit activities include, but are not limited to, objective examinations of evidence to provide independent assurance and advisory services on the adequacy and effectiveness of SBCC’s governance, risk management, and control processes.

The nature and scope of advisory services may be agreed upon with the requesting party, provided the internal audit function does not assume management responsibilities. Opportunities to improve governance, risk management, and control processes may be identified during advisory engagements and will be communicated to the appropriate level of management.