Page 4
FEDERAL HOME LOAN BANK OF PITTSBURGH
CHARTER for the INTERNAL AUDIT DEPARTMENT and
CHIEF INTERNAL AUDITOR
I. Mission and Scope of Work
The mission of the internal audit department is to provide independent, objective assurance and consulting services designed to add value and improve the organization's operations and overall system of internal control. It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The scope of work of the internal audit department is to determine whether the organization's network of risk management, control, and governance processes, as designed and represented by management, are adequate and functioning in a manner to ensure:
• | Risks are appropriately identified and managed. |
• | Interaction with the various governance groups occurs as needed. |
• | Significant financial, managerial, and operating information is accurate, reliable, and timely. |
• | Employee's actions are in compliance with policies, standards, procedures, and applicable laws and regulations. |
• | Resources are acquired economically, used efficiently, and adequately protected. |
• | Programs, plans, and objectives are achieved. |
• | Quality and continuous improvement are fostered in the organization's control process. |
• | Significant legislative or regulatory issues impacting the organization are recognized, properly addressed, and satisfactorily resolved. |
Opportunities for improving management control, profitability, and the organization's image may be identified during audits. They will be communicated to the appropriate level of management.
II. Accountability
The Chief Internal Auditor, in the discharge of his/her duties, shall be accountable to management and the audit committee to:
• | Provide periodic, but at least annual, assessment on the adequacy and effectiveness of the organization's processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work. |
• | Report significant issues related to the processes for controlling the activities of the organization and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution. |
• | Provide information periodically on the status and results of the annual audit plan and the sufficiency of department resources. |
• | Coordinate with other control and monitoring functions (risk management, compliance, security, legal, ethics, external audit). |
III. Independence
To provide for the independence of the internal audit department, its personnel report to the Chief Internal Auditor, who reports functionally to the Audit Committee and administratively to the CEO. Reports to the audit committee will include a regular update on internal audit personnel.
In certain cases, internal audit may consult with management in the development and implementation of accounting and operational procedures, preparation of records, and formulation of accounting
methodologies. However, in performing these and other functions, the Chief Internal Auditor and the audit staff will have no direct authority over, nor responsibility for these items. Internal audit staff will refrain from assessing specific operations for which they were previously responsible for design or operation. In addition, internal audit professionals will not make management decisions or engage in any other activity which could be reasonably construed to compromise their independence.
Internal audit's ultimate responsibility is to provide the Audit Committee with information necessary to execute its responsibilities.
IV. Consulting Services
The internal audit department may provide informal consulting services without prior approval of the Audit Committee. Informal consulting engagements include advisory activities, such as routine information exchange with management, participating in standing or temporary management committee or project teams, and informal consultation with management on questions regarding control activities or business processes.
Advanced Audit Committee approval is required for internal audit performance of formal consulting engagements. Formal consulting engagements would entail an agreed upon scope between Internal Audit and Management, use of significant Auditor resources, and result in the issuance of a formal report.
V. Responsibility
The Chief Internal Auditor and staff of the internal audit department have responsibility to:
• | Develop a flexible annual audit plan using appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the audit committee for review and approval. |
• | Implement the annual audit plan, as approved, including as appropriate any special tasks or projects requested by management and the audit committee. |
• | Conduct risk-based audits to include adequate testing and review internal control and information systems |
• | Maintain an audit department that is adequately staffed with properly trained and competent personnel with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter. |
• | Ensure that violations, findings, weaknesses and other issues reported by regulators, external auditors, and others are promptly addressed and satisfactorily resolved. |
• | Evaluate and assess significant new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion. |
• | Issue periodic reports to the audit committee and management summarizing results of audit activities. |
• | Keep the audit committee informed of emerging trends and successful practices in internal auditing. |
• | Assist, as needed, in the investigation of significant suspected fraudulent activities within the organization and notify management and the audit committee of the results. |
• | Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the organization at a reasonable overall cost. |
• | Report, when noted, non-compliance with GAAP to appropriate management and the Audit Committee. |
VI. Authority
The Chief Internal Auditor and staff of the internal audit department are authorized to:
• | Have unrestricted access to all functions, records, property, and personnel. |
• | Have full and free access to the audit committee. |
• | Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives. |
• | Obtain the necessary assistance of personnel in units of the organization where they perform audits, as well as other specialized services from within or outside the organization. |
The Chief Internal Auditor and staff of the internal audit department are not authorized to:
• | Perform any operational duties for the organization, inclusive of management of risks. |
• | Initiate or approve accounting transactions external to the internal audit department. |
• | Direct the activities of any organization employee not employed by the internal audit department, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors. |
VII. Standards of Audit Practice
Audits will be performed in accordance with the International Standards for the Professional Practice of Internal Auditing. The Internal Audit function will fully conform to the International Professional Practices Framework (IPPF) of the Institute of Internal Auditors, including the Institute's “Code of Ethics”. In addition, Internal Audit will adhere to the Bank's Code of Conduct and all relevant bank wide policies and procedures. Internal Audit will also conform with applicable laws, regulations, and supervisory guidance governing the independence and adequacy of internal audit systems.
VIII. Quality Assurance Review (QAR) Program
The Chief Internal Auditor will maintain a Quality Assessment Review (QAR) program that covers all quality aspects of internal audit activity. This program will incorporate internal resources for continuously monitoring effectiveness, as well as, periodic evaluation by independent external resources covering:
• | Effective utilization of computerized audit tools and methodologies |
• | Ongoing monitoring of work papers by Managers and Senior Managers |
• | Completion of audit assessments by business unit personnel and tracking of feedback |
• | Review of audit tools and performance metrics |
Internal audit activities will be conducted in accordance with the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing. Internal audit will be subject to an external audit quality review at least once every five years by a qualified and independent third party.
IX. Periodic Assessment
The Chief Internal Auditor should annually assess whether the purpose, authority, and responsibility, as defined in this charter, continue to be adequate to enable Internal Audit to accomplish its objectives. The result of this assessment should be communicated to the Audit Committee.
Charter approved by Audit Committee February 23, 2012