Internal Audit Charter
Internal Audit is an independent and objective assurance and consulting activity designed to add value to improve the operations of Cincinnati Bell, Inc. (“the Company”) and its subsidiaries. It assists Cincinnati Bell in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the Company’s governance, risk management and internal control processes.
The Internal Audit function is established by the Audit & Finance Committee (“A&F Committee”) of the Board of Directors (“the Board”). Internal Audit’s responsibilities are defined by the A&F Committee as part of its oversight role.
Along with the Company’s Code of Business Conduct, Internal Audit will be governed in accordance with the mandatory guidance defined in the Institute of Internal Auditor’s Definition of Internal Auditing, Code of Ethics and the International Standards for the Professional Practice of Internal Auditing. In addition, Internal Audit will adhere to the Cincinnati Bell Internal Audit Manual for standard operating procedures.
Internal Audit shall have full, free and unrestricted access to all Company activities, reports, records, property and personnel necessary to perform its duties. All such information shall be kept strictly confidential. All current and proposed Company activities shall be subject to review and/or audit. Management will ensure the cooperation of their respective personnel throughout the audit process.
Organization & Independence
The Chief Audit Executive is responsible for managing the Internal Audit function. The Chief Audit Executive reports functionally to the A&F Committee and administratively to the Chief Financial Officer.
The Board’s oversight responsibilities include:
* Approve the Internal Audit charter.
* Approve the risk based Internal Audit plan.
* Approve the Internal Audit budget and resource plan.
* Receive communications from the Chief Audit Executive on Internal Audit’s performance relative to its plan and other matters.
* Approve decisions regarding the appointment and removal of the Chief Audit Executive.
* Approve the compensation and salary adjustments of the Chief Audit Executive.
* Make appropriate inquiries of management and the Chief Audit Executive to determine whether there are scope or budgetary limitations that impede the ability of Internal Audit to execute its responsibilities.
Internal Audit shall have direct access to both the Chief Executive Officer and the A&F Committee. The Chief Audit Executive shall meet privately with the A&F Committee each quarter to report any conflicts of interest.
Internal Audit will remain free from interference by any element of the organization, including matters of audit selection, scope, procedures, frequency, timing or report content to maintain independence and
objectivity. The Chief Audit Executive will confirm to the Board, at least annually, the organizational independence of the Internal Audit function.
Internal Audit is not authorized to:
* Perform any operational duties for the Company.
* Initiate or approve accounting transactions.
* Direct the activities of any Company employee not employed by Internal Audit, except to the extent such employees have been appropriately assigned to the auditing teams or to otherwise assist the auditors.
Internal Audit may consist of not only employees of the Company, but also consultants to the Company. Therefore, any reference in this charter shall also apply to any consultants acting in an Internal Audit capacity.
The Chief Audit Executive and staff of the Internal Audit function have responsibility to:
* Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by senior management and the Board, and submit that plan to the A&F Committee for review and approval.
* Execute the annual audit plan, as approved, including as appropriate any special tasks or projects requested by management and/or the A&F Committee.
* Provide assurance over the design and operating effectiveness of internal controls over financial reporting for compliance with Sarbanes-Oxley regulations.
* Issue audit reports, where appropriate, that detail the scope, objectives and timing of the review as well as Internal Audit’s observations, recommendations and management’s agreed upon corrective actions.
* For significant reported audit observations, monitor and ensure that management actions have been effectively implemented or that management has accepted the risk of not taking action.
* Perform advisory and consulting services, beyond Internal Audit’s assurance services, to assist management in meeting its objectives. These services may include counsel, process design and improvement, advice, facilitation and training.
* Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter.
* Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, technologies and control processes coincident with their development, implementation, and/or expansion.
* Coordinate with other control and monitoring functions (i.e. risk management, legal, compliance, security, etc.) to ensure appropriate coverage of Company risks.
* Deliver periodic updates to the A&F Committee and management summarizing results of audit activities.
* Assist in the investigation of significant suspected fraudulent activities within the Company and notify management and the A&F Committee of the results.
* Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing and coordinating optimal audit coverage to the Company at a reasonable overall cost.
* Monitor the Company’s Ethics & Compliance reporting hotline and coordinate responses, investigations or other follow-up, as necessary, with senior management.
* Establish a quality assurance program by which the Chief Audit Executive assesses the operations of Internal Audit. Results will communicate to management and the A&F Committee annually for internal assessments and at least every five years for external assessments.
Approved: May 2, 2019