UNIVERSITY OF PRETORIA

Department of Internal Audit and Compliance Services

INTERNAL AUDIT CHARTER

Document type: Charter Document number: ARMC 39/22
Policy Category: Governance and Compliance

TABLE OF CONTENTS
1. Purpose ..................................................................................................................................................... 2

2. Scope ......................................................................................................................................................... 2

3. Consequences of non-compliance ....................................................................................................... 2

4. Policy statement....................................................................................................................................... 2

5. Abbreviations/Definitions ....................................................................................................................... 3

6. Purpose and Mission............................................................................................................................... 4

7. Internal Audit Function Strategy ........................................................................................................... 5

8. Standards for the Professional Practice of Internal Auditing........................................................... 5

9. Authority of the Internal Audit Function .............................................................................................. 5

10. Independence of the Internal Audit Function ...................................................................................... 7

11. Scope of the Internal Audit Function’s Work ...................................................................................... 8

12. Exclusions from the mandate of the Internal Audit Function ........................................................... 9

13. Key reporting obligations of the Internal Audit Function................................................................ 10

14. Responsibility of the Director: IA and CS .......................................................................................... 11

15. Responsibility of management to uphold the IA Function’s mandate .......................................... 12

16. Responsibility with regards to fraud .................................................................................................. 13

17. Funding of the Internal Audit Function .............................................................................................. 13

18. Quality Assurance Program ................................................................................................................. 14

19. Associated documents ......................................................................................................................... 14

20. Policy life cycle ...................................................................................................................................... 14

21. Approval .................................................................................................................................................. 15

22. Document metadata .............................................................................................................................. 15

ARMC 39/22
1. Purpose

The Internal Audit Charter embodies the general authorisation and mandate from the Audit,
IT and Risk Committee of the University of Pretoria (UP) Council (AITRC) for the Internal
Audit Function to conduct a certain scope of work. It outlines the key principles associated
with the provision of various internal audit and related services at the University and its
entities, including the corresponding responsibilities of management and other relevant
stakeholder groups.

2. Scope

The Internal Audit Charter applies to all areas of the University of Pretoria, including the
faculties, professional service departments, centres, bureaus, units, campus companies
and other entities controlled by the University.

3. Consequences of non-compliance

Non-compliance with the Internal Audit Charter may result in reputational, as well as
potential financial damage and/or inability of the University to comply with applicable
legislative, contractual and corporate governance requirements.
In addition, non-compliance may result in relevant corrective action, including, but not
limited to, disciplinary action.

4. Policy statement

It is the policy of the University to maintain an independent, objective and effective co-
sourced Internal Audit Function that is adequately resourced to assist management in the
effective discharge of their responsibilities, by:
• Providing reasonable assurance on whether management processes are adequate
to identify, manage and monitor significant risks;

• Providing confirmation of whether the established internal control systems are

operating effectively;

• Providing objective confirmation on whether Council, through the AITRC, receives

adequate assurance that information from management is reliable;
• Providing a multi-disciplinary range of advisory and consulting services, including
investigative services; and

• Recommending appropriate remedial actions and improvements for action by

management. This includes following-up on the implementation status of the agreed

ARMC 39/22

2
 remedial actions and improvements until the full implementation thereof has been
achieved.

5. Abbreviations/Definitions

AITRC The Audit, IT and Risk Committee of Council. The Chairperson

and the members of this sub-committee are members of the
Council of the University of Pretoria. The AITRC is the collective
functional line manager of the Internal Audit Function and the
Director: Internal Audit and Compliance Services. The AITRC is
constituted in terms of the Institutional Statute of the University of
Pretoria.

Assurance Examinations of evidence for the purpose of providing an

services independent assessment of and conclusion on governance, risk
management, and internal control processes for the University.
Types of internal audits include, but are not limited to, academic,
financial, supply-chain and procurement, operational,
performance, compliance, IT audits, governance and similar
reviews.

Director: The UP Director: Department of Internal Audit and Compliance

IA and CS Services (professional service department), who carries the
responsibilities of the Chief Audit Executive (as defined in the
International Standards for the Professional Practice of Internal
Auditing), of the University of Pretoria and its entities (University
of Pretoria/UP Group), with overall responsibility over the UP
Internal Audit Function (inclusive of the co-sourced
arrangements).

Executive UP Vice-Chancellor and Principal and the members of the

management Executive Management team consisting of Vice-Principals,
Executive Director(s), the Chief Operating Officer and the
Registrar.

IA Internal Audit

Internal A methodology or an approach which focuses the efforts of the

Auditing (risk- Internal Audit Function on providing assurance services related
based) to the strategic and significant risks of the University.

Internal Audit The collective consisting of the Department of Internal Audit and
Function Compliance Services (UP professional service department),
inclusive of the providers of co-sourced internal audit and related
services, as well as (where and to the extent applicable) ad hoc

ARMC 39/22

3
 external service providers and experts engaged by the
Department of Internal Audit and Compliance Services.

Internal Audit A formal document developed on an annual basis by the Internal

Plan Audit Function and approved by the AITRC, outlining the selected
areas of the University and its entities that are subject to the
planned review thereof in the specific academic and financial
year.

Internal The Institute of Internal Auditors’ (IIA) International Professional

Auditing Practices Framework, including its Standards, Core Principles for
Standards the Professional Practice of Internal Auditing, Definition of
Internal Auditing and the IIA Code of Ethics.

Independence Unbiased mental professional attitude that allows internal

and Objectivity auditors to perform their duties in an unbiased and objective
manner, free from conditions which may impair their impartiality
(actual or perceived impairment).

Management Executive and Senior management of UP and its entities.

Non-assurance Reviews and activities performed by the Internal Audit Function

services other than assurance services. Non-assurance services include
investigative services, consulting, advisory services, projects and
processes, including observer-status activities.

Senior Deans and Deputy Deans of UP Faculties (including GIBS),

management Senior Directors, Directors and Deputy Directors of Professional
Service Departments and entities controlled by the University,
Heads of UP Units, Directors of Bureaus/Centres/Institutes, and
other members with senior management or equivalent
responsibilities, including persons temporarily acting in such roles
and positions.

UP/University The University of Pretoria and entities controlled by it, as well as

any other body functioning under the auspices of the University.

6. Purpose and Mission

The Internal Audit Function helps UP to accomplish its strategic and operational objectives
by bringing a systematic, disciplined approach to evaluate and improve the effectiveness
of various aspects of UP’s organisational governance.
The purpose of the University of Pretoria’s Internal Audit Function is to provide independent,
objective assurance and consulting services designed to add value and improve the
University of Pretoria’s operations and corporate governance.

ARMC 39/22

4
 The mission of the Internal Audit Function is to enhance and protect UP’s organisational
value, including the UP’s reputation, by providing risk-based and objective assurance
services. This includes effective consulting services, advice and insight, inclusive of
effective recommendations for improvement, formulation of appropriate remedial actions
and provision of modern corporate governance insight.

7. Internal Audit Function Strategy

The University’s approach to internal auditing is embedded in its philosophy that internal
auditing is an essential part of good corporate governance and one of the mechanisms for
providing the necessary checks and balances within the University.
The strategy of the University is to maintain a risk-based, independent co-sourced Internal
Audit Function consisting of the in-house component (the Department of Internal Audit and
Compliance Services) and a primary co-sourced internal audit and related services
provider(s) from the private sector, depending on capacity and the need for additional
expertise.
In addition, the strategy of the Internal Audit Function includes supplementary appointments
of ad hoc specialised audit and specific relevant subject matter service providers.
The appointment of the service providers is done in line with prevailing UP procurement
policies, procedures and related requirements.

8. Standards for the Professional Practice of Internal Auditing

The Internal Audit Function governs itself by adherence to the mandatory elements of the
Institute of Internal Auditors' International Professional Practices Framework, including the
Core Principles for the Professional Practice of Internal Auditing, the IIA Code of Ethics, the
International Standards for the Professional Practice of Internal Auditing, and the Definition
of Internal Auditing (“collectively referred to as “the Standards”).
The Director: IA and CS reports periodically to Executive management and the AITRC
regarding the Internal Audit Function’s conformance to the IIA Code of Ethics and the
Standards, as well as relevant UP policies.

9. Authority of the Internal Audit Function

The AITRC has established the Internal Audit Function on a co-sourced model, and is inter
alia, responsible for ensuring that the Internal Audit Function has sufficient authority,
resources and co-operation from management to fulfil its duties, by means of the following:
9.1 AITRC approves the appointment and dismissal of the primary co-sourced service
provider (except for circumstances where the contract has naturally come to an end

ARMC 39/22

5
 due to the completion of the contractual period for which the co-sourced service
provider was appointed).
9.2 AITRC approves the Internal Audit Charter of the Internal Audit Function, and its
amendments, from time to time.
9.3 AITRC approves the risk-based Internal Audit Plan on an annual basis.
9.4 AITRC evaluates all material issues on which the Internal Audit Function reports.
9.5 AITRC evaluates management’s reports and comments, as well as the steps taken
by management to rectify situations.
9.6 AITRC ensures proper co-ordination between external auditors and the Internal
Audit Function.
9.7 AITRC monitors the performance of the Internal Audit Function (in-house and co-
sourced), assessing the adequacy and effectiveness of the manner in which internal
audits are performed, and ensuring adequate resources are made available to the
Internal Audit Function.
9.8 AITRC approves the Internal Audit Function’s budget and resource plan as
administratively allocated by the relevant UP Executive authority.
9.9 AITRC ensures that the Internal Audit Function is an integral part of UP’s corporate
governance processes and that it functions independently of management.
9.10 AITRC receives communications from the Director: IA and CS on the Internal Audit
Function’s performance relative to its plan and other matters.
9.11 AITRC, as the functional line manager, approves decisions regarding the
appointment, performance management, discipline management, any significant
HR management matters including remuneration upon the appointment thereof, and
dismissal of the Director: IA and CS.
9.12 AITRC makes periodic inquiries of management and the Director: IA and CS to
determine whether there are inappropriate scope, resource or process limitations.
9.13 AITRC ensures that the Director: IA and CS has unrestricted access to and
communicates and interacts directly with the members and the Chairperson of the
AITRC, including in private meetings without management present.
9.14 AITRC approves that the Director: IA and CS and the director of the primary co-
sourced service provider, and one (1) member of each of their senior management
teams, are invited to attend all of the ordinary and any relevant special meetings of
the AITRC.
9.15 AITRC ensures that the Internal Audit Function has full, free, and unrestricted
access to all functions, records, property, data, assets, and UP personnel (both staff
and management) pertinent to carrying out any engagement at the time they are
relevant to the performance of the specific internal audit engagement(s), subject to

ARMC 39/22

6
 accountability and due care for the confidentiality and safeguarding of records and
information.
9.16 AITRC authorises the Director: IA and CS to allocate resources, set frequencies,
select subjects, determine scopes of work, apply techniques required to accomplish
assurance and non-assurance objectives per the Internal Audit Function’s mandate,
to constructively liaise with various stakeholders, to obtain management comment
where applicable, and to issue draft and final reports, as well as other
communications and activities incidental to the discharge of the Internal Audit
Function’s mandate.
9.17 AITRC authorises the Director: IA and CS to obtain assistance from the necessary
UP personnel, as well as other specialised services from within or outside of UP, in
order to complete any of its engagements and reviews, which technical subject
matter assistance or external independence thereof is deemed necessary in the
professional discretion of the Director: IA and CS.

10. Independence of the Internal Audit Function

The Internal Audit Function is independent of UP management. Independence from

management, as a professional requirement, is essential for the proper conduct of internal
audits and related activities, which involves the rendering of impartial and unbiased
judgement.
The Director: IA and CS reports functionally to the AITRC and administratively to the UP
Registrar.
The Director: IA and CS is required to ensure that the Internal Audit Function remains free
from all conditions that threaten the ability of internal auditors to carry out their
responsibilities in an unbiased manner, including matters of audit selection, scope,
procedures, frequency, timing, and report content.
If the Director: IA and CS determines, in their professional judgement, that independence
or objectivity may be impaired in fact (actual) or appearance (perceived), the details of the
impairment will be disclosed to appropriate parties.
The Director: IA and CS is required to confirm to the AITRC, the organisational
independence of the Internal Audit Function annually.
The Director: IA and CS is required to disclose to the AITRC any interference and related
implications in determining the scope of internal auditing, performing work, and/or
communicating results.
Internal auditors are required to maintain an unbiased mental attitude that allows them to
perform engagements objectively and in such a manner that they believe in their work
product, that no quality compromises are made, and that they do not delegate their
professional judgement on audit matters to others.

ARMC 39/22

7
 Internal auditors have no direct operational responsibility or authority over any of the
activities audited. Accordingly, internal auditors do not implement internal controls, develop
procedures (other than those relevant to its functioning), install systems, prepare records,
or engage in any other activity that may impair their judgement.
Where the Director: IA and CS has or is expected to have roles and/or responsibilities that
fall outside of internal auditing, safeguards will be established to limit impairments to
independence or objectivity.
Internal auditors (both in-house and co-sourced) will, in their individual professional
capacity as part of the Internal Audit Function:

• Disclose any impairment of independence or objectivity, in fact or appearance, to

appropriate parties.
• Exhibit professional objectivity in gathering, evaluating, and communicating
information about the activity or process being examined.
• Make balanced, professional judgement assessments of all available and relevant
facts and circumstances.
• Take necessary precautions to avoid being unduly influenced by their own interests
or by others in forming judgements.

11. Scope of the Internal Audit Function’s Work

The scope of work of the Internal Audit Function consists of two (2) broad categories, as
indicated below:

Category 1:
Assurance activities (internal audits): Reviews based on a systematic, disciplined and risk-
based approach, performed in accordance with the IIA Standards, aimed at evaluating and
improving the adequacy and effectiveness of internal controls, corporate governance, risk
management and other organisational processes. Internal audits encompass, but are not
limited to, objective examinations of evidence for the purpose of providing independent
assessments to the AITRC and management on the adequacy and effectiveness of
governance, risk management, and control processes at the University of Pretoria.
Internal audits may include, but are not limited to the following reviews:

• Risks relating to the achievement of UP strategic objectives are appropriately

identified and managed.
• The actions of UP officers, directors, employees, and contractors comply with UP
policies, procedures, and applicable laws, regulations, and governance standards.
• The results of operations or programs are consistent with established goals and
objectives.
• Operations or programs are being carried out effectively and efficiently.

ARMC 39/22

8
 • Established processes and systems enable compliance with the policies,
procedures, laws, and regulations that could significantly impact UP.
• Information and the means used to identify, measure, analyse, classify, and report
such information are reliable and have integrity.
• Resources, assets and consumable goods and services are acquired economically,
managed, consumed and applied efficiently and responsibly, and protected
adequately.

Category 2:
Non-assurance activities: Consulting activities, advisory services, investigations, internal
training and related services and participation in UP and UP-related projects, excluding
assurance activities (internal audits).
The Internal Audit Function plays a role as consultants/advisors in various strategic
processes of UP and UP-related entities, such as (but not limited to) Business Continuity
Management, Risk and Compliance Management, Policies and Procedures Management,
etc.
Non-assurance activities are subject to the consideration of appropriate safeguards with
regards to the independence of the Internal Audit Function and its mandate.

12. Exclusions from the mandate of the Internal Audit Function

The following are excluded from the mandate of the Internal Audit Function:

• The evaluation of academic performance falls within the mandate of Senate and is
undertaken through a process of independent external peer and/or relevant third-
party review, accreditation assessment by professional boards, reviews by external
auditors or by the Auditor-General of South Africa;
• The management and/or implementation of the combined assurance model and the
co-ordination of the process with other parties (which forms part of the Executive
management’s mandate);
• Any directives, additional duties or reviews that do not form part of its mandate;
• Any references made to “Internal Audit/Internal Auditors/Department of Internal
Audit and Compliance Services” in UP policies or external documents, which were
not part of prior consultation and agreement with the Director: IA and CS;
• The Internal Audit Function may not be compelled to accept an ad hoc request from
management or third parties to perform any specific review or activity;
• Where UP policy documents or external party requirements refer to “audit” and “UP
auditors”, the assumption is that these reference(s) refer to the external auditors of
UP (registered auditors who are members of the Independent Regulatory Board for
Auditors (IRBA)); and

ARMC 39/22

9
 • Review of compliance of donor funding with donor-specific requirements, review of
financial information for purposes of agreed upon procedures or for purposes of
providing an opinion on the fair presentation thereof, or any other review which is
not expressly included in the mandate of the Internal Audit Function per the present
Internal Audit Charter and associated documents.

13. Key reporting obligations of the Internal Audit Function

The Director: IA and CS will report to Executive management for noting and at the AITRC,
for approval, respectively, at the following key intervals:

• First meeting of the AITRC

The Interim Consolidated Summary Internal Audit Report will serve at the first
meeting of the AITRC annually (approximately in May of every year), indicating to-
date progress on the Internal Audit Plan, any changes thereto requested by either
management or the Internal Audit Function, summary outcomes of final reports
issued since the previous reporting cycle and any other significant matters.

• Second meeting of the AITRC

The Consolidated Summary Report on the status of implementation of remedial

actions arising from ad hoc reviews (initial follow-ups), as well as additional ad hoc
follow-up reviews, will serve at the second meeting of the AITRC annually
(approximately in August of every year).

The status of corrective actions is indicated as “not implemented”, “partially

implemented”, “implemented but not operating effectively”; or “fully implemented”,
and any additional recommendations, as may be deemed necessary.

• Third meeting of the AITRC

The Final Consolidated Summary Internal Audit Report will serve at the third
meeting of the AITRC annually (approximately in October of every year), indicating
to-date progress on the Internal Audit Plan, any changes thereto requested by either
management or the Internal Audit Function, summary outcomes of final reports
issued since the previous reporting cycle and any other significant matters.

This report also includes, but is not limited to, the following:

o A proposed risk-based Internal Audit Plan for the upcoming academic and
financial year, for consideration and approval by the AITRC;
o Results of client satisfaction surveys, as may be conducted from time to
time;

ARMC 39/22

10
 o Confirmation of the Internal Audit Function’s independence for the
reporting period;
o The Internal Audit Function’s assessment of the UP internal financial
controls; and
o Other significant matters arising, as the case may be.

In addition, the Director: IA and CS will report to relevant members of Executive and Senior
management on the outcomes of individual internal audit engagements, and where
applicable, investigations and consulting and advisory activities.
Where applicable, findings, observations and recommendations for improvement of
governance, risk management, and control processes and remedial actions are discussed
and agreed with the relevant members of management.
In addition, the Internal Audit Function contributes to other reporting processes, as may
arise from specific policy requirements and organisational processes, including but not
limited to, the provision of inputs towards:

• UP Annual Report;
• Summary Quarterly and Annual Whistle-Blowing and Anti-Fraud Reports;
• Quarterly reports to the Vice-Chancellor and Principal; and
• Other reports as may be deemed applicable to the functioning and the mandate of
the Internal Audit Function.

The detailed arrangements for internal audit and related services are outlined in the Service
Level Agreement (SLA), which is entered into between the Director: IA and CS on behalf of
the Internal Audit Function and by the Vice-Chancellor and Principal of the University, on
behalf of UP management, in the Vice-Chancellor and Principal’s capacity as the Chief
Executive Officer of UP.

14. Responsibility of the Director: IA and CS

The Director: IA and CS is required to apply reasonable professional judgement and due
care in ensuring, facilitating, directing and monitoring the following:

• Ensuring compliance of the Internal Audit Function to the Internal Audit Charter.
• Ensuring that assurance and non-assurance engagements are planned, performed
and reported with due care and diligence. Detailed arrangements and
methodologies in this regard may be documented in the standard operating
procedures of the Internal Audit Function, as deemed relevant.
• Ensuring that the principles of integrity, objectivity, confidentiality, quality and
competency are applied and upheld by the Internal Audit Function.
• Ensuring that all personnel of the Internal Audit Function, including of the co-
sourced service provider(s), as well as any subject matter experts temporarily
engaged by the Internal Audit Function for ad hoc reviews and projects, collectively

ARMC 39/22

11
 possess or obtain the knowledge, skills, and other competencies needed to meet
the requirements of the Internal Audit Charter.
• Ensure that trends and emerging issues that could impact the University of Pretoria
are considered and communicated to Executive management and the AITRC as
appropriate.
• Ensuring adherence of the Internal Audit Function to the relevant policies and
procedures, unless such policies and procedures conflict with the Internal Audit
Charter or applicable professional body requirements. Any such conflicts will be
resolved or otherwise communicated to Executive management and the AITRC.
• Ensuring appropriate level of co-ordination of its activities with other assurance
providers.
• Ensuring conformance of the Internal Audit Function with the IIA Standards, subject
to the following:
o If the Internal Audit Function is prohibited by law or regulation from
conformance to certain parts of the Standards, the Director: IA and CS will
ensure appropriate disclosures and will ensure conformance to all other
parts of the Standards.
o If the IIA Standards are used in conjunction with requirements issued by
other relevant professional and regulatory bodies, the Director: IA and CS
will ensure that the Internal Audit Function conforms to the Standards, even
if the Internal Audit Function also conforms to the more restrictive
requirements of such other relevant professional and regulatory bodies.

15. Responsibility of management to uphold the IA Function’s mandate

Co-operation and support from management is essential to the ability of the Internal Audit
Function to execute its mandate.
Any attempt to interfere with, prevent, obstruct, harass or in any way intimidate the Internal
Audit Function in performance of its mandated duties, including accessing information,
which is required to perform the duties, shall be escalated to the relevant member of the
Executive and thereafter, as may be applicable, to the Vice-Chancellor and Principal for
resolution.
If the concerns are not resolved in a timely manner through this escalation, the Director: IA
and CS shall escalate the matter to the Chairperson of the AITRC.
The internal audit review processes, and/or the consulting activities of the Internal Audit
Function, do not relieve other persons in the UP structures (staff and management) from
the responsibilities assigned to them per UP policies and related activities.

ARMC 39/22

12
16. Responsibility with regards to fraud

Management and those charged with governance have the primary responsibility for the
design and implementation of the internal control environment at UP. This includes
mechanisms to deter, prevent, detect and remediate fraud and irregularities.
The Internal Audit Function, through its mandate, is responsible for the examination and
evaluation of the adequacy and effectiveness of the internal controls implemented by
management.
In terms of the, inter alia, IIA Standard 1210.A2, internal auditors are required to have
sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by
the organisation, but are not expected to have the expertise of a person whose primary
responsibility is the detection and investigation of fraud. Per IIA Standard 2120.A2, the
Internal Audit Function must evaluate the potential for the occurrence of fraud and how the
organisation manages fraud risk.
Per IIA Standard 2210.A2, the Internal Audit Function is required to consider the probability
of significant errors, fraud, non-compliance and other irregularities when developing its
internal audit engagement objectives.
It should be noted that there are inherent limitations in any system of internal control,
including error and circumventions through collusion. In addition, internal audit procedures
cannot guarantee that fraud will be detected.

17. Funding of the Internal Audit Function

The Executive management, through its budgetary and financial processes, allocates
annual operational funding to the Internal Audit Function. The funding is used for defraying
the costs associated with the primary co-sourced and ad hoc externally sourced, related
services, and separately, the administrative running costs of the Internal Audit Function.
The decisions relating to the use of the allocated operational funding are subject to the
prevailing UP policies, with the necessary independence associated with the organisational
status of the Internal Audit Function.
In order to preserve the organisational independence of the Internal Audit Function, the
annual operational funding allocated to the Internal Audit Function, once allocated, is ring-
fenced and cannot be re-allocated to other cost centres of the University, without express
written consent of the Director: IA and CS. This also applies to the reserve funds of the
Internal Audit Function.

The operational funding of the Internal Audit Function is applied primarily towards the co-
sourced costs associated with the execution of the Internal Audit Plan, the investigations
allocated to the co-sourced and ad hoc outsourced service providers, and advisory

ARMC 39/22

13
 services, to the extent deemed necessary at the discretion of the Director: IA and CS,
subject to the prevailing UP procurement and related policies.
Where relevant, the Director: IA and CS consults administratively with the Registrar in this
regard.
The human resources costs of the in-house component of the Internal Audit Function,
namely the personnel of the Department of Internal Audit and Compliance Services, are
covered from the central HR budget of the University per prevailing UP policies.

18. Quality Assurance Program

The Internal Audit Function is required to maintain a quality assurance and improvement
program that covers the assurance-related (i.e. internal auditing) aspects of the Internal
Audit Function’s mandate.
The program is required to include an evaluation of the Internal Audit Function’s
conformance to the IIA Standards and an evaluation of whether internal auditors apply the
IIA’s Code of Ethics.
The program is required to assess the efficiency and effectiveness of the Internal Audit
Function’s assurance-related services and identify opportunities for improvement.
The Director: IA and CS will communicate to Executive management and the AITRC, the
Internal Audit Function’s quality assurance and improvement program, including results of
internal self-assessments and external assessments conducted per the schedule approved
by the AITRC or at least every five years, by a qualified, independent assessor or
assessment team from outside the University of Pretoria, duly accredited by the IIA.

19. Associated documents

• Charter of the Audit, IT and Risk Committee of UP Council;

• SLA on provision of Internal Audit and related services;
• Whistle-blowing and Anti-Fraud Policy;
• Department of Internal Audit and Compliance Services standard operating procedures,
working papers and related documents; and
• Model Internal Audit Activity Charter and the Position Paper issued by the International
Professional Practices Framework of the Institute of Internal Auditors (IIA Global).

20. Policy life cycle

This document, including amendments thereto, is consulted with and presented to the
Executive management for consideration, as well as to the AITRC for consideration and
approval.

ARMC 39/22

14
 The Director: IA and CS, as the policy owner, reviews the Internal Audit Charter in
consultation with the AITRC on a periodic basis, but at least every five (5 years) to ensure
its continued effectiveness and relevance.

21. Approval

This Charter was approved by the AITRC and signed on its behalf by the Chairperson.

22. Document metadata

Document number: ARMC 39/22

Document version: ARMC 39/22 is the latest version replacing ARMC
26/15 and ARMC 27/15
Document approval authority: AITRC
Document approval date: 20 October 2022
Document owner: Director: IA and CS
Document authors: Senior management team of the Department of
Internal Audit and Compliance Services
Next review date: September 2027
Visibility:
Display on staff intranet Yes
Display on student intranet No
Display on public web No

ARMC 39/22

15