Internal Audit

The Office of Internal Audit assists UNG's management by providing an independent evaluation of the soundness, adequacy, and application of accounting, financial and other operating controls necessary to accomplish the university's objectives.

Furthermore, it makes recommendations to improve systems, processes, and internal controls designed to safeguard university resources, promote its mission toward academic excellence, and ensure compliance with state and federal regulations, established policies, procedure, and sound business practices.

Contact Us

Jill Holman, Director of Internal Audit
Downtown Office Building Room 113
706-867-2532

UNG Ethical and Compliance Hotline

Report via web: UNG Ethics & Compliance Reporting Hotline
Report via phone: 1-877-516-3461

At UNG we believe that each of us shares the responsibility for maintaining an ethical, honest university. While speaking to your supervisor is the most effective way to report unethical behavior, we realize that it is not always possible to do so.

The Ethics and Compliance Hotline provides two easy ways to report concerns. You can submit a report via the web or you can call 24 hours a day, seven days a week. Interview specialists will document your concerns and relay them to the university. Individuals who wish to remain anonymous may do so. Please join us in making this program a success.

When To Call

Whenever you have a concern about an observed event or employee behavior that may be in violation of a policy, you should address the issue with your immediate supervisor, the Human Resources Department, the Internal Audit Department, a University Administrator, or University Compliance Officer. However, if you fear retaliation for reporting, or if a report is given and no apparent action is taken, you should call the hotline and report all pertinent details related to your concern.

How To Call/Times To Call

You may call the UNG Ethics & Compliance Hotline at any time during the day or night, seven days a week, year round. The number is 877-516-3461.

Who Will Listen?

The University System of Georgia has contracted with a third party, Navex Global, to establish hotlines at all USG institutions. Navex employees answer the phone calls and receive the complaints filed online.

What Happens With The Information?

Navex Global employees receive the information provided by the reporter and clarify with the reporter which information can be shared with the institution and whether the reporter wants to file the r report anonymously. The information is then put into Navex Global case management system, classified for tracking purposes and provided to the individuals authorized by the University to receive and review the complaints to determine if further investigation or actions are warranted. Only four employees at the University receive notice of the Hotline Complaint – the Senior Vice President for Business and Finance, the Director of Internal Audit, the Associate Vice President for Human Resources/Risk/Compliance, and University General Counsel. Once a report is submitted, it is promptly reviewed to determine what further steps should be taken. The scope of the review and which official(s) will be involved will depend on the facts and nature of the case. Hotline reports are handled with the utmost care and in a timely manner.

Anonymity

Employees may choose to make reports anonymously. The Naves system also allows anonymous reporters to establish a “masked”.

UNG Audit Charter

Introduction

The Office of Internal Audit (Internal Audit) at University of North Georgia (UNG) has prepared this Charter to serve as a guide in the performance of its duties. The Charter does not include, nor does it intend to include, all of the duties and responsibilities of Internal Audit.

Internal Audit provides independent, objective assurance and consulting activities designed to add value and improve UNG's operations. Internal Audit also helps UNG accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal Audit adheres to the Institute of Internal Auditors' (IIA) International Standards for the Professional Practice of Internal Auditing (Standards). In addition, Internal Audit complies with the Practice Advisories, Practice Guides, and recommendations issued by the IIA to the extent that these apply.

Purpose

Internal Audit helps UNG accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit works in conjunction with other offices and departments of UNG and the University System of Georgia's (USG's) Office of Internal Audit and Compliance (OIAC) to monitor the risk management processes and provide assistance as needed. Internal Audit assists employees of UNG in the effective discharge of their responsibilities, thereby protecting the resources provided by the University System of Georgia ("USG") and the students it serves.

Organization

Internal Audit reports directly to the President of UNG (President), and the USG's Chief Audit Officer (CAO), as required by Board of Regents (BOR) Policy Manual, 7.10.2. Internal Audit does not report to any other division or unit of UNG.

Authority

Internal Audit, with strict accountability for confidentiality and safeguarding records and information, shall have full, free, and unrestricted access to any and all of UNG's records, physical properties, and personnel pertinent to carrying out any engagement.

The President has the authority to request audits and advisory services to be added to the audit plan at his or her discretion. The President's requests, after Internal Audit review, shall be submitted to the USG CAO who holds the delegated authority to approve changes to the audit plan. Decisions to amend the approved audit plan are made in light of UNG's risk profile and available audit resources. Additionally, the CAO has the authority to direct Internal Audit to audit specific areas of UNG.

Independence and Objectivity

The internal audit activity will remain free from interference by any element in the organization, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.

Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, prepare records, or engage in any other activity that may impair internal auditor's judgment.

Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined and will not be unduly influenced by their own interests or by others in forming judgments.

Responsibilities
The Internal Audit Department's responsibilities include, but are not limited to, the examination and evaluation of the adequacy and effectiveness of UNG's governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve UNG's stated goals and objectives. This includes:

Evaluating risk exposure relating to achievement of UNG's strategic
objectives.

Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information.

Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations, which could have a significant impact on UNG.

Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets.

Evaluating the effectiveness and efficiency with which resources are employed.

Evaluating operations or programs (e.g., Centers and Institutes) to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.

Performing consulting and advisory services related to governance, risk management, and controls as appropriate for UNG.

Reporting significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the CAO.

Recruiting, developing, and retaining personnel with appropriate skills, knowledge, experience, and professional certifications to meet the requirements of this Charter.

Evaluating specific operations at the request of the CAO.

Internal Audit is responsible for developing and maintaining a rolling audit plan, which encompasses all components at UNG, based upon risk assessments, input from the CAO, and requests by the President and other senior management officials. Internal Audit will present the rolling audit plan to the CAO for review, approval, and subsequent submission to the Board of Regents for approval in order to ensure the system-wide audit plan is coordinated and sufficient resources are available to complete these engagements. A rolling 18-month audit plan will (1) include the top priority engagements and projects based on potential risk impacts, and (2) be adjusted, as necessary, in response to changes in UNG's business, risks, operations, programs, systems, and internal controls. Audit coverage is achieved using a combination of governance audits, process and control audits, risk management framework audits, themed audits, and project audits. In addition, Internal Audit may carry out investigations and special reviews. The plan will also he reviewed and approved on a periodic basis by the Board of Regents' Committee on Internal Audit, Risk, and Compliance, and any material deviations should be communicated to the CAO as soon as said deviations are acknowledged, for approval of the changes to the audit plan.

Internal Audit performs three types of projects:

Audits - Audits are assurance services defined as examinations of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples include:

Operational - designed to evaluate effectiveness, efficiency, and reasonableness of a unit's operational processes.

Compliance - designed to determine if activities are in compliance with applicable regulations, policies, procedures, and practices.

Financial - designed to examine the accounting and reporting of financial transactions.

Information Systems - designed to examine the accuracy, reliability, access controls, and security of information systems.

Advisory Services - Advisory services designed to add value to and improve UNG's risk management and control processes. Senior management officials or departmental managers can request these engagements be performed.

Investigations - Investigations are independent evaluations of allegations generally focused on improper organization activities including misuse of University resources, fraud, financial irregularities, significant internal control weaknesses, and unethical behavior or actions.

Quality Assurance and Improvement Program

The Internal Audit Department will maintain a quality assurance and improvement program (QAIP) that covers all aspects of the internal audit activity. The program will include an evaluation of the Internal Audit Department's conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.

The Director of Internal Audit will communicate to senior management and the BOR CAO on the internal audit activity's quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every five years.