Internal Audit

The Office of Internal Audit (Internal Audit) at University of North Georgia (UNG) has prepared this Charter to serve as a guide in the performance of its duties. The Charter does not include, nor does it intend to include, all of the duties and responsibilities of Internal Audit.

Internal Audit provides independent, objective assurance and consulting activities designed to add value and improve UNG's operations. Internal Audit also helps UNG accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal Audit adheres to the Institute of Internal Auditors' (IIA) International Standards for the Professional Practice of Internal Auditing (Standards). In addition, Internal Audit complies with the Practice Advisories, Practice Guides, and recommendations issued by the IIA to the extent that these apply.

Internal Audit helps UNG accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit works in conjunction with other offices and departments of UNG and the University System of Georgia's (USG's) Office of Internal Audit and Compliance (OIAC) to monitor the risk management processes and provide assistance as needed. Internal Audit assists employees of UNG in the effective discharge of their responsibilities, thereby protecting the resources provided by the University System of Georgia ("USG") and the students it serves.

Internal Audit reports directly to the President of UNG (President), and the USG's Chief Audit Officer (CAO), as required by Board of Regents (BOR) Policy Manual, 7.10.2. Internal Audit does not report to any other division or unit of UNG.

Internal Audit, with strict accountability for confidentiality and safeguarding records and information, shall have full, free, and unrestricted access to any and all of UNG's records, physical properties, and personnel pertinent to carrying out any engagement.

The President has the authority to request audits and advisory services to be added to the audit plan at his or her discretion. The President's requests, after Internal Audit review, shall be submitted to the USG CAO who holds the delegated authority to approve changes to the audit plan. Decisions to amend the approved audit plan are made in light of UNG's risk profile and available audit resources. Additionally, the CAO has the authority to direct Internal Audit to audit specific areas of UNG.

The internal audit activity will remain free from interference by any element in the organization, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.

Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, prepare records, or engage in any other activity that may impair internal auditor's judgment.

Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined and will not be unduly influenced by their own interests or by others in forming judgments.

The Internal Audit Department's responsibilities include, but are not limited to, the examination and evaluation of the adequacy and effectiveness of UNG's governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve UNG's stated goals and objectives. This includes:

• Evaluating risk exposure relating to achievement of UNG's strategic
  objectives.
• Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
• Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations, which could have a significant impact on UNG.
• Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
• Evaluating the effectiveness and efficiency with which resources are employed.
• Evaluating operations or programs (e.g., Centers and Institutes) to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
• Performing consulting and advisory services related to governance, risk management, and controls as appropriate for UNG.
• Reporting significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the CAO.
• Recruiting, developing, and retaining personnel with appropriate skills, knowledge, experience, and professional certifications to meet the requirements of this Charter.
• Evaluating specific operations at the request of the CAO.

Internal Audit is responsible for developing and maintaining a rolling audit plan, which encompasses all components at UNG, based upon risk assessments, input from the CAO, and requests by the President and other senior management officials. Internal Audit will present the rolling audit plan to the CAO for review, approval, and subsequent submission to the Board of Regents for approval in order to ensure the system-wide audit plan is coordinated and sufficient resources are available to complete these engagements. A rolling 18-month audit plan will (1) include the top priority engagements and projects based on potential risk impacts, and (2) be adjusted, as necessary, in response to changes in UNG's business, risks, operations, programs, systems, and internal controls. Audit coverage is achieved using a combination of governance audits, process and control audits, risk management framework audits, themed audits, and project audits. In addition, Internal Audit may carry out investigations and special reviews. The plan will also he reviewed and approved on a periodic basis by the Board of Regents' Committee on Internal Audit, Risk, and Compliance, and any material deviations should be communicated to the CAO as soon as said deviations are acknowledged, for approval of the changes to the audit plan.

Internal Audit performs three types of projects:

1. Audits - Audits are assurance services defined as examinations of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples include:
   1. Operational - designed to evaluate effectiveness, efficiency, and reasonableness of a unit's operational processes.
   2. Compliance - designed to determine if activities are in compliance with applicable regulations, policies, procedures, and practices.
   3. Financial - designed to examine the accounting and reporting of financial transactions.
   4. Information Systems - designed to examine the accuracy, reliability, access controls, and security of information systems.
2. Advisory Services - Advisory services designed to add value to and improve UNG's risk management and control processes. Senior management officials or departmental managers can request these engagements be performed.
3. Investigations - Investigations are independent evaluations of allegations generally focused on improper organization activities including misuse of University resources, fraud, financial irregularities, significant internal control weaknesses, and unethical behavior or actions. 

The Internal Audit Department will maintain a quality assurance and improvement program (QAIP) that covers all aspects of the internal audit activity. The program will include an evaluation of the Internal Audit Department's conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.

The Director of Internal Audit will communicate to senior management and the BOR CAO on the internal audit activity's quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every five years.