Internal Audit Charter
The Office of Internal Audit provides independent and objective assurance and consulting services to Middle Georgia State University and the University System of Georgia leadership in order to add value and improve operations. The Office of Internal Audit helps Middle Georgia State University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, compliance and internal control processes.
The mission of the Office of Internal Audit is to support Middle Georgia State University management in meeting its governance, risk management, and compliance responsibilities while helping to improve organizational and operational effectiveness and efficiency. The Office of Internal Audit is a core unit that provides management with timely information, advice and guidance that is objective, accurate, balanced and useful. Additionally the unit promotes an organizational culture that encourages ethical conduct.
The Internal Auditor is responsible for informing the President of unusual transactions or matters of significance. The responsibilities of the Office of Internal Audit include:
- developing and implementing an audit program for internal controls necessary to ensure compliance with accounting standards, policies, and procedures to safeguard University resources and programs;
- conducting financial, operational, IT and compliance audits of departments, colleges, divisions, programs, and activities;
- coordinating external audits with independent auditors and overseeing the preparation of responses to their audits;
- conducting consulting engagements designed to assist in the attainment of the University’s organizational objectives;
- conducting operational reviews on the efficiency and effectiveness of programs upon the request of the President or other members of the University’s management;
- preparing reports on the results of audits and other engagements, including recommendations for modification of management practices, fiscal policies, and accounting procedures as justified by audit findings;
- ensuring that audits are performed with due professional care; and,
- communicating the results of audit reviews in a timely manner.
The above is intended to describe the general content of and requirements for the Office of Internal Audit. It is not to be construed as a complete list of duties, responsibilities, or requirements. Additionally, internal audit professional standards require that the auditor possess the requisite knowledge, skills, and abilities to perform specialized reviews or engagements, e.g., information technology audits. The University internal auditor may choose to seek assistance from the University System internal audit office in those instances where an engagement must be performed and the auditor lacks the technical skills to perform the audit procedures. Any University administrator, vice president, manager, or other interested party may request a special audit or examination of any portion of the University’s activities. Decisions to perform special audits rest with the Internal Auditor upon consultation with the President or as directed by the Chief Audit Officer and Associate Vice Chancellor for Internal Audit of the Board of Regents.
Scope of Audit Work
The scope of internal audit should encompass the examination and evaluation of the adequacy and effectiveness of the organization’s governance, risk management, compliance, internal control and the quality of performance in carrying out assigned responsibilities. The scope of audit will vary by audit entity and may include:
- Review the effectiveness of governance processes to include the:
- Promotion of ethical behavior within the organization;
- Efficiency of organizational performance management and accountability;
- Communication of risk and control information to appropriate areas of the organization; and,
- Coordination of activities and information among the USG Chief Audit Officer, external auditors, and management.
- Review the effectiveness of risk management processes to include the:
- Alignment of organizational objectives in support of the Institution’s mission;
- Identification and assessment of significant risks;
- Alignment of risk responses with the University’s risk appetite; and,
- Capturing and communication of relevant risk information across the University so as to enable staff and management to carry out their responsibilities.
- Review the reliability and integrity of financial and operational information and the means used to identify, measure, classify, and report such information.
- Review the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports and whether the University is in compliance.
- Review the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Review and appraise the economy and efficiency with which resources are employed.
- Review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
- Investigate reported occurrences of fraud, embezzlement, theft, waste, and abuse and recommend controls to prevent and detect such occurrences.
- Provide consulting services at the request of University management after approval by the President and after obtaining approval to modify the existing audit plan. Consulting engagements should be conducted in accordance with the IIA standards governing consulting engagements. Consulting engagements undertaken by the Office of Internal Audit should have the potential to contribute to the improvement of governance, risk management, compliance, and/or internal controls within the institution.
Management of the audit entity receiving an internal audit report from the Office of Internal Audit should respond within 30 days. This response should indicate agreement or disagreement, proposed actions, and the dates for completion for each specific finding and recommendation. If a recommendation is not accepted, the reason should be given. A final written report will be prepared and issued by the Internal Auditor.
The Office of Internal Audit activities will be conducted in compliance with Middle Georgia State University objectives and policies as well as the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics promulgated by the Institute of Internal Auditors, Inc.
The Office of Internal Audit is an independent appraisal function with a direct reporting relationship to the President of Middle Georgia State University and the USG Chief Audit Officer. It provides management with information that may assist in the operations for which it is responsible. The Office is also subject to provisions of the University System of Georgia Board of Regents Policy Section 7.10.2. As such, “the USG Chief Audit Officer shall have the authority to direct the internal auditors to audit specific functions at their institution as needed to address system-wide issues or directives.”
The Internal Auditor is authorized to:
- have unrestricted access to all functions, records, property, and personnel relevant to the area under review to the extent permitted by law.
- allocate resources, set frequencies, select subjects, determine scopes of work, and apply techniques required to accomplish audit objectives;
- obtain the necessary assistance of personnel in units of the organization where audits are performed, as well as other specialized services from within or outside the organization
It is understood that certain items are confidential in nature and special arrangements will be made by the Office of Internal Audit when examining and reporting upon such items. Documents and other materials furnished to the Office will be handled in the same prudent manner as provided by the employees to whom they are normally entrusted.
Independence is essential to the effectiveness of the Office of Internal Audit. The Internal Auditor should not engage in activities that could be construed to compromise their independence. Such activities could include initiating or approving accounting transactions, developing or installing policies, procedures or controls, preparing records, performing operational duties, or engaging in activities that its personnel would normally review and appraise. Furthermore, an internal audit does not in any way relieve other Middle Georgia State University employees of their responsibilities. However, the Office of Internal Audit may be consulted when new systems are designed or old systems are redesigned to ensure that the system adequately addresses internal controls.
Approved by Dr. Christopher Blake, President for Middle Georgia State University, and John M. Fuchko, III, Chief Audit Officer and Associate Vice Chancellor for the Board of Regents of the University System of Georgia on July 21, 2014.