Internal Audit Charter
Introduction
The Office of Internal Audit provides independent and objective assurance and consulting services to Middle Georgia State University and the University System of Georgia leadership using a systematic, disciplined approach to evaluating the efficiency and effectiveness of internal controls for governance, risk management, and compliance activities and making recommendations for improvement. Our services are designed to add value by providing Middle Georgia State University and the University System of Georgia leadership with timely information, advice and guidance that is objective, accurate, balanced and useful and by promoting a culture of ethical conduct.
Mission
The mission of the Office of Internal Audit is to support Middle Georgia State University management in executing its governance, risk management, and compliance responsibilities while helping to improve organizational and operational effectiveness and efficiency.
Responsibilities
The Director of Internal Audit is responsible for informing the President, Executive Leadership and USG Chief Audit Officer of unusual transactions or matters of significance. The responsibilities of the Office of Internal Audit include:
- Developing and implementing an audit program for internal controls necessary to provide reasonable assurance of compliance with accounting standards, policies, and procedures to safeguard University resources and programs;
- Conducting financial, operational, IT and compliance audits and consulting engagements of departments, colleges, divisions, programs, and activities with due professional care.
- Coordinating the University’s Enterprise Risk Management process to facilitate the identification of key institutional risks and mitigation plans.
- Providing assistance with external audits and assisting management with preparing responses to audit observations.
- Preparing reports on the results of audits and other engagements, including recommendations for modification of management practices, fiscal policies, and accounting procedures as justified by audit findings.
- Communicating the results of audit reviews in a timely manner.
The above is intended to describe the general content of and requirements for the Office of Internal Audit. It is not to be construed as a complete list of duties, responsibilities, or requirements. Additionally, internal audit professional standards require that the auditor possess the requisite knowledge, skills, and abilities to perform specialized reviews or engagements, e.g., information technology audits. The Director of Internal Audit may choose to seek assistance from the University System internal audit office in those instances where an engagement must be performed and the auditor lacks the technical skills to perform the audit procedures. Any University administrator, vice president, manager, or other interested party may request a special audit or examination of any portion of the University’s activities. Decisions to perform special audits rest with the Director of Internal Audit upon consultation with the President or as directed by the USG Chief Audit Officer.
Scope of Audit Work
The scope of an internal audit should encompass examining and evaluating the adequacy and effectiveness of internal controls over the organization’s governance, risk management, and compliance activities and the quality of performance in carrying out assigned responsibilities. The scope of audit will vary by audit entity and may include:
- Reviewing the effectiveness of governance processes to include the:
- Promotion of ethical behavior within the organization;
- Efficiency of organizational performance management and accountability;
- Communication of risk and control information to appropriate areas of the organization; and,
- Coordination of activities and information among the USG Chief Audit Officer, external auditors, and management.
- Reviewing the effectiveness of risk management processes to include the:
- Alignment of organizational objectives in support of the Institution’s mission;
- Identification and assessment of significant risks;
- Alignment of risk responses with the University’s risk appetite; and,
- Capturing and communication of relevant risk information across the University to enable staff and management to carry out their responsibilities.
- Reviewing the reliability and integrity of financial and operational information and the means used to identify, measure, classify, and report such information.
- Reviewing the systems established to provide reasonable assurance that University personnel are complying with policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports and determine whether the University is in compliance.
- Reviewing the means for safeguarding assets and verifying the existence of assets.
- Reviewing and appraising the economy and efficiency with which resources are employed.
- Reviewing operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
In addition to internal audits, the Office of Internal Audit also performs investigations and consulting services. The scope of these projects will vary and may include:
- Investigating reported occurrences of fraud, embezzlement, theft, waste, and abuse and recommending controls to prevent and detect such occurrences.
- Providing consulting services at the request of University management after approval by the President and after obtaining approval from the USG Chief Audit Officer to modify the existing audit plan.
Reporting Procedures
Management receiving an internal audit report from the Office of Internal Audit should respond in writing within 30 days after the receipt of the draft report. The written response should include a corrective action for each audit observation that management agrees with, a target date for each corrective action, and the name and title of the individual responsible for implementing each corrective action. Alternatively, if management does not chose to implement a corrective action for an audit observation, management should communicate in writing to Internal Audit that it accepts the risk identified in the observation, the reasons for accepting the risk, and that no corrective actions will be taken. A final written report containing management’s response will be prepared and issued by the Director of Internal Audit.
Professional Standards
The Office of Internal Audit activities will be conducted in compliance with the requirements of The Institute of Internal Auditors’ International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing and the Definition of Internal Auditing.
Authority
The Office of Internal Audit is an independent appraisal function with a direct reporting relationship to the President of Middle Georgia State University and the USG Chief Audit Officer. It provides management with information that may assist in improving the operations for which it is responsible. The Office is also subject to provisions of the University System of Georgia Board of Regents Policy Section 7.9.2. As such, “the USG chief audit officer may direct the internal auditors to audit specific functions at their institutions as needed to address system-wide issues or directives.”
The Director of Internal Audit is authorized to:
- Have full, free and unrestricted access to all functions, records, property, and personnel pertinent to carrying out any engagement, subject to accountability for confidentiality and safeguarding of records and information.
- Allocate resources, set frequencies, select subjects, determine scopes of work, apply techniques required to accomplish audit objectives, and issue reports.
- Obtain the necessary assistance of personnel in units of the organization where audits are performed, as well as other specialized services from within or outside the organization in order to complete the engagement.
It is understood that certain items are confidential in nature and special arrangements will be made by the Office of Internal Audit when examining and reporting upon such items. Documents and other materials furnished to the Office will be handled in the same prudent manner as the employees to whom they are normally entrusted.
Independence
Independence is essential to the effectiveness of the Office of Internal Audit. The Director of Internal Audit should not engage in activities that could be construed to compromise their independence. Such activities could include initiating or approving accounting transactions, developing or installing policies, procedures or controls, preparing records, performing operational duties, or engaging in activities that its personnel would normally review and appraise. Furthermore, an internal audit does not in any way relieve other Middle Georgia State University employees of their responsibilities. However, the Office of Internal Audit may be consulted when new systems are designed or old systems are redesigned to provide reasonable assurance that the system controls are adequate.
Approved by Dr. Christopher Blake, President for Middle Georgia State University, and Jenna G. Wiese, Vice Chancellor for Internal Audit, Ethics and Compliance, Chief Audit Officer, for the Board of Regents of the University System of Georgia on December 13, 2022.