Internal Audit Charter
This Charter identifies the purpose, authority, and responsibilities of the Internal Audit department at Avanos Medical, Inc. (Avanos).
Internal Audit’s Vision and Mission Statement
We will support leadership through performing internal audits, partnering with stakeholders and performing consulting services that proactively assess and monitor risks, controls and compliance to achieve business objectives.
Internal Audit will protect the business with a risk, control and compliance focus to deliver measurable value and assist in the achievement of Avanos’ business strategies.
Purpose and Role
The head of Internal Audit reports directly to the Audit Committee of the Board of Directors and administratively to the Vice
President and Controller
The purpose of the Internal Audit department is to provide the Audit Committee and senior management with an independent and objective assessment of the adequacy and effectiveness of Avanos’ integrated internal control framework, risk management, governance and compliance functions. This assessment will be based upon the following objectives:
1. Management of Internal Control Risks
• Provide assurance that key internal control risks affecting the achievement of Avanos’ business objectives are effectively managed, and providing assurance on internal controls by appropriate coverage of financial, operational, and compliance risks, including compliance with the requirements of the Sarbanes-Oxley Act of 2002.
• Execute the audit plan, as approved by the Audit Committee, which prioritizes activities and allocates resources based on risk assessment and materiality to Avanos.
2. Risk Mitigation and Collaboration
• Perform assessments of and provide advice regarding certain business risks, linking to Internal Audit’s annual plan, and including strong collaboration with Avanos’ other risk mitigating functions, such as: Quality, Security, Internal Controls, Legal, Compliance and Risk Management.
• Execute special projects and consulting engagements, at the request or with the approval of the Audit Committee or senior management to examine and evaluate various financial, compliance, operational, and information systems exposures.
3. Knowledge Sharing
Share qualitative information, such as trends, best practices and benchmarking, in addition to reporting results, to support Internal Audit’s conclusions and assist Avanos in embracing proactive change, including opportunities to improve internal controls and operations.
Conduct and assist in internal investigations, as requested by the Board of Directors, the Audit Committee or management.
In the performance of its audits and related activities, Internal Audit is granted unrestricted access to any and all of Avanos’ records, physical properties and personnel relevant to any function under review. The head of Internal Audit shall also have free and unrestricted access to the Audit Committee of the Board. Internal Audit will exercise discretion in its audits and special reviews to ensure the confidentiality of all matters that come to its attention. Documents and information given to Internal Audit while executing its responsibilities will be handled in the same prudent and confidential manner as by those employees normally accountable for them. The activities of Internal Audit do not relieve management of any assigned responsibilities, and Internal Audit shall have no direct authority over the activities which its personnel review.
Professionalism and Independence
Internal Auditors must observe a high standard of professional conduct in the performance of their duties and be proactive in assisting and guiding management and staff, not only on audit recommendations, but also by offering constructive comments and suggestions regarding improvements to existing controls. The head of Internal Audit has the responsibility to ensure the internal auditors and any external consultants have the appropriate skills and knowledge to adequately perform the responsibilities of the Internal Audit function as described in this Charter.
Internal auditors are required to be independent of the operations they audit and to be objective in carrying out their duties. Internal Audit’s direct reporting relationship to the Audit Committee ensures departmental independence, promotes comprehensive audit coverage, and assures adequate consideration of Internal Audit recommendations. The Audit Committee shall review the annual objectives and performance of the head of Internal Audit.
Statement of Responsibilities
Methodology and Process:
• Use an appropriate risk-based methodology, Internal Audit will design and maintain a comprehensive annual audit plan for Avanos’ operations, including subsidiaries and operations where Avanos maintains a significant interest. The audit plan, which is approved annually by the Audit Committee, is aligned with Avanos’ Enterprise Risk Management process and is revisited on a periodic basis to validate audit coverage based on risk and/or changes to Avanos’ objectives and operations.
• Ensure that internal audit practices and procedures are appropriately aligned with the International Standards for the Professional Practice of Internal Auditing (Standards and Guidance) ,the IIA’s Code of Ethics, AICPA consulting standards, and other applicable guidance.
• Evaluate the adequacy of the internal control environment using COSO (Committee of Sponsoring Organizations) and CobiT (Control Objectives for Information and related Technology). These industry frameworks provide a basis for evaluating the adequacy of the internal control framework through a review of financial reporting, operational effectiveness and efficiency and compliance controls, and information and related technology controls.
• Assist in the evaluation of effective internal control design for new process or system development initiatives as requested which may represent informal or formal advice, analysis or assessments.
• Evaluate compliance with certain policies, plans, procedures, laws and regulations having a significant impact on operations, financial reports or information technology systems.
• Perform testing of certain critical financial reporting controls that are included in Avanos’ financial reporting control framework as specified by the Corporate Controller’s Office to comply with the requirements of The Sarbanes-Oxley Act of 2002, Section 404.
Communication and Reporting
The head of Internal Audit, reports periodically to senior management and the Audit Committee on Internal Audit’s activities, purpose, authority, responsibility and performance relative to the plan. Reporting also includes significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management or the Audit Committee.
A summary of communication and reporting requirements are as follows:
• Review with the Audit Committee the performance of the internal audit function on an annual basis including audit scope, audit results, operational plans, staffing levels, adequacy of internal audit budget, and coordination of activities with the independent auditors.
• Provide timely written reports to appropriate members of management for each audit or related services provided.
• Issue periodic reports to the Audit Committee and management summarizing results of audits, related activities, and the status of management’s corrective action on audit findings.
• Provide timely notification to the Audit Committee of significant changes to the audit plan.
• Provide timely notification to the Audit Committee of material changes in the quality and effectiveness of internal controls.
• Communicate to the Audit Committee periodic updates regarding the working relationship with and quality of any firms providing co-sourcing services.
• Provide insight and guidance to Avanos’ Internal Control, Security and/or Compliance functions on activities that could enhance Avanos’ internal control environment.
• Share information and coordinate activities with internal and external providers of relevant assurance and consulting services to ensure proper coverage and minimize duplication of efforts.
• Communicate to the Audit Committee and management information about ongoing internal quality assessments.
This Charter is reviewed annually by the head of Internal Audit and the Controller, and presented to Avanos’ Audit Committee of the Board of Directors for review and approval. Any off-cycle changes to this Charter require Audit Committee approval.