hambuger-menu

Popular searches

Home > About Us > Internal Audit, Risk & Compliance Charter

Internal Audit, Risk & Compliance Charter

Mission & Purpose of Internal Audit

Internal Audit, Risk & Compliance (IARC) serves as a proactive partner with University management. IARC’s goal is to enhance internal controls and compliance mechanisms while supporting the University’s core values of collaboration, academic excellence, discovery and innovation, integrity, openness and inclusion, and sustainability. IARC works to identify and mitigate risks which may impair the University’s ability to achieve its core values. Internal Audit (IA) provides independent and objective assurance and consulting services to the University. Risk & Compliance (RC) assists management in building compliance consciousness in business processes, including promoting communication and coordination regarding compliance and risk management. IARC promotes integrity among the people of the University with a purpose of improving the University’s operations and recommending action to grow the University.

Internal Audit Mandate

IA provides internal audit services to the institution as defined by the requirements of BOR Policy Manual § 7.9.2 – Internal Audits. The scope of these services is further described by USG Business Procedures Manual § 16.1 – Internal Audit Functions Across the USG, § 16.3 – Types of Internal Audit, Ethics and Compliance Engagements, and § 16.4 – Internal Audit/Engagement Process.

Internal Audit Function

The GS Chief Audit Officer (CAO) has a direct reporting relationship to both the GS President and to the Vice Chancellor for Internal Audit, Ethics & Compliance / Chief Audit Officer (VCIAEC/CAO) of the University System of Georgia (USG) as required by Board of Regents (BoR) Policy 7.9.2 Internal Audits and BoR Procedures manual 16.0 Audits. The USG VCIA/CAO has the authority to direct the GS CAO to audit specific functions at their institutions as needed to address system-wide issues or directives. The GS President shall consult with the USG VCIA/CAO, as well as the Committee on Internal Audit, Risk, and Compliance (CIARC), on significant personnel actions involving the GS CAO to include appointment and termination. The USG VCIAEC/CAO also provides formal input to the performance evaluations of the GS CAO in consultation with the GS President. Internal Audit does not report to any other division or unit of the University.

Responsibilities

The IA functions include, but are not limited to, the following:

  1. The GS CAO is responsible for developing an institution-wide rolling audit plan using appropriate risk-based methodology, including input from senior management and the BOR CAO. The President will review and approve the audit plan before it is submitted to the BOR CAO for approval by the BOR Committee on Internal Audit, Risk, and Compliance. Any modifications to the audit plan will be communicated to the BOR CAO for approval.
  2. The GS CAO is responsible for performing and/or providing functional coordination and guidance for the following institution-wide audit activities:
    1. Implement the annual audit plan, as approved, including and as appropriate, any special tasks or projects requested by the appropriate levels of management and approved by the President and BOR CAO.
    2. As applicable, recruit, train, and maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the objectives of this charter. To the extent that additional or expert/specialized skills are needed to supplement the work, such activities may be co-sourced or out-sourced as
    3. Evaluate and assess significant new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or
    4. Analyze operational issues impacting enterprise-wide processes and organizational
    5. Conduct follow-up reviews on previously reported
    6. Issue periodic reports to the President and BOR CAO summarizing results of audit
    7. Pursuant to USG Business Procedures Manual 16.6.5, report all issues of malfeasance to the BOR CAO.

Keep the President informed of emerging trends regarding risk management, internal controls, and successful practices in internal auditing.

Authority

To the extent permitted by law, IARC is authorized free and unrestricted access to the University’s records, activities, physical properties, and personnel within the institution to include cooperative organizations created to serve the institutions. In addition, IARC is authorized to review and appraise operations, policies, plans, and procedures. IARC will preserve strict accountability for confidentiality and safeguarding of records and information. University employees are required to assist IARC in fulfilling its role and responsibilities.

Independence and Objectivity

The GS CAO will ensure the internal audit function remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of engagement selection, scope, procedures, frequency, timing, and communication. Ifthe ICA determines that objectivity may be impaired in fact or appearance, the details of the impairment will be disclosed to the President and the BOR CAO.

Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, prepare records, or engage in any other activity that may impair internal auditor’s judgment.

Internal auditors must disclose any impairment of independence or objectivity, in fact or appearance, to the GS CAO and ultimately to the BOR CAO. Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined and will not be unduly influenced by their own interests or by others in forming judgments.

Definition of Audit Engagement Scope

IA encompasses the examination and evaluation of the adequacy and effectiveness of the organization’s system of governance, risk management, compliance, internal control and the quality of performance in carrying out assigned responsibilities. The scope will vary by area and may include:

  1. Review the effectiveness of governance processes to include the:
    1. Promotion of ethical behavior within the organization;
    2. Efficiency of organizational performance management and accountability;
    3. Communication of risk and control information to appropriate areas of the organization; and,
    4. Coordination of activities and information among external and internal auditors and
  2. Review the effectiveness of risk management processes to include the:
    1. Alignment of organizational objectives in support of the USG and institutional missions;
    2. Identification and assessment of significant risks;
    3. Alignment of risk responses with the institution’s risk appetite; and,
    4. Capturing and communication of relevant risk information across the institution so as to enable staff and management to carry out their responsibilities.
  3. Review the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
  4. Review the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports and whether the System is in compliance.
  5. Review the means of safeguarding assets and, as appropriate, verify the existence of such
  6. Review and appraise the economy and efficiency with which resources are
  7. Review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
  8. Review the status of Information Technology policies and procedures, verifying that required hardware, software and process controls have been implemented and that the controls are functioning properly.
  9. Conduct special audits at the request of the BOR CAO or
  10. Analyze and review public private ventures associated with the institution and its cooperative
  11. Provide advisory services at the request of institution management and with the BOR CAO’s approval consistent with the IIA standards governing advisory engagements. Advisory engagements undertaken should have the potential to contribute to the improvement of governance, risk management, compliance, and/or internal controls within the institution.

The internal audit function shall issue reports on the results of completed reviews, discuss these reports with appropriate levels of management, and share them with the BOR CAO before distributing them as final reports to the BOR CAO, President, and other levels of management as deemed appropriate.

Required Actions by Management

The institutional areas receiving an internal audit report from IARC will respond within 14 days. This response will indicate agreement or disagreement, proposed actions, and the dates for completion for each specific finding and recommendation. If a recommendation is not accepted, the reason should be given. A final written report will be prepared and issued by IA.

Standards of Audit Practice

Internal Audit staff will abide by the mandatory nature of the Institute of Internal Auditors’ Code of Ethics, Core Principles for the Professional Practice of Internal Auditing, and will conduct audit activities in conformance with the Standards for the Professional Practice of Internal Auditing.

Quality Assurance and Improvement Program (QAIP)

GS IA will participate in a quality assurance and improvement program (QAIP) created by the BOR CAO that covers all aspects of the internal audit process. The program will include an evaluation of the internal audit activity’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.

GS IA will participate in quality assurance external assessments with the USG OIAEC conducted at least every five years as required by Global Internal Audit Standards. The ICA will report to the President on the results of the review.

Evaluation

The CAO shall review, at least one time per fiscal year, the adequacy of this charter and recommend to the GS President and USG VCIAEC/CAO any improvements or revisions that may be necessary or valuable.

Approved by Dr. Kyle Marrero, President for Georgia Southern University, and Jenna Wiese, Vice Chancellor for Internal Audit, Ethics & Compliance/Chief Audit Officer for the Board of Regents of the University System of Georgia on January 22, 2025.

Last updated: 3/30/2022

European General Data Protection Regulation (GDPR)

Contact Information

Internal Audit, Risk & Compliance
P.O. Box 8038
Statesboro, GA 30460-8038

Phone: 912-478-1652
Fax: 912-478-0448

Hollis Building, Rooms 2127 & 2129

Internal Audit, Risk & Compliance • PO Box 8038 Statesboro, GA 30460 • 912-478-1652