Internal Audit Charter

Purpose

The purpose of the Internal Audit Office (the “IAO”) at The University of Hong Kong (the “University”) is to provide independent, risk-based and objective assurance and advisory services designed to add value and improve the University’s governance, risk management and control processes in alignment with the University’s vision and strategic development.

Mission

The mission of the IAO is to enhance and protect the value of the University by providing risk-based and objective assurance, advice, insight, and foresight.

Standards of Audit Practice

All internal audit assignments must be undertaken with due professional care, adhering to the University’s policies, codes of ethics, and in conformance with the Institute of Internal Auditors’ Global Internal Audit Standards.

Authority

The Director of Internal Audit (the “DIA”) reports functionally to the Council’s Audit Committee and the HKU School of Professional and Continuing Education (HKU SPACE) Audit Committee, and administratively to the President and Vice-Chancellor via the Executive Vice-President (Administration and Finance).

 

To ensure that the IAO has sufficient authority to fulfill its duties, the internal auditors will:

  • Have full and unrestricted access to all functions, data, records, information, physical property, and personnel pertinent to carrying out any engagement, subject to accountability for confidentiality and safeguarding of records and information.
  • Allocate resources, set frequencies, select subjects, determine scopes of work, apply techniques, and issue communications to accomplish the function’s objectives.
  • Obtain assistance from the necessary University personnel and other specialised services from within or outside the University to complete internal audit services.

Oversight by the Council’s Audit Committee

To establish, maintain, and ensure that the IAO has sufficient authority to fulfill its duties, the Council’s Audit Committee will:

  • Discuss with the DIA and senior management the appropriate authority, role, responsibilities, scope, and services (assurance and/or advisory) of the IAO.
  • Ensure the DIA has unrestricted access to and communicates and interacts directly with the Council’s Audit Committee, including in private meetings without senior management present.
  • Discuss with the DIA and senior management other topics that should be included in the Internal Audit Charter.
  • Participate in discussions with the DIA and senior management about the “essential conditions”, described in the Global Internal Audit Standards, which establish the foundation that enables an effective internal audit function.
  • Approve the IAO’s Charter, which includes the scopes of internal audit activities.
  • Review the Internal Audit Charter annually with the DIA to consider changes affecting the University, such as the employment of a new DIA or changes in the type, severity, and interdependencies of risks to the University.
  • Approve the risk-based internal audit plan.
  • Provide input to the IAO’s human resources administration and budgets.
  • Provide input to senior management on the appointment and removal of the DIA, ensuring adequate competencies and qualifications and conformance with the Global Internal Audit Standards.
  • Review and provide input to senior management on the DIA’s performance.
  • Receive communications from the DIA about the IAO including its performance relative to its plan.
  • Make appropriate inquiries of senior management and the DIA to determine whether scope or resource limitations are inappropriate.

Independence and Objectivity

The DIA will ensure that the IAO remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of engagement selection, scope, procedures, frequency, timing, and communication. If the DIA determines that independence or objectivity may be impaired in fact or appearance, the details of the impairment will be disclosed to the appropriate parties.

 

The internal auditors will have no direct operational responsibility or authority over any of the activities they review. The internal auditors will not implement internal controls, develop procedures, install systems, or engage in other activities that may impair their judgement.

Scope of Internal Audit Activities

The scope of internal audit activities encompasses but is not limited to:

  • Evaluating the effectiveness and efficiency of the University’s governance, risk management, and control processes.
  • Assessing the adequacy of the University’s internal controls to ensure the reliability and integrity of information, compliance with policies, regulations, and laws, safeguarding of assets, and accomplishment of the University’s goals and objectives.
  • Evaluating the University’s compliance with applicable laws, regulations, policies, and procedures.
  • Performing follow-up reviews to monitor the implementation progress of recommendations raised in audit reports.
  • Conducting special investigations and consultations as requested by the University’s management or Audit Committee.

August 2023
Amended September 2025

Back to Top
Skip to content