Internal Audit

Office of the Internal Auditor (OIA)

In accordance with Internal Audit Standards and the Internal Audit Charter, the Office of the Internal Auditor (OIA) will perform engagements of various types and scopes depending on the circumstances, identified risks, and input from University leaders. The following types of engagements may be conducted by the OIA.

  • Financial Reviews
  • Information System Controls audits and/or Reviews
  • Audits/Reviews of Internal Controls
  • Performance/Operational Audits and/or Reviews
  • Compliance Audits
  • Audit Findings Follow-up
  • Special Investigations
  • Consulting/Advising

All engagements are planned and conducted to comply with Internal Audit Standards (Standards) published in the International Professional Practices Framework by the Institute of Internal Auditors (IIA).

The principal product of an audit, review, or investigation is the final report in which the auditor presents the audit findings/results, recommendations for improvement, supporting details, and context. Draft reports will be provided to process owners for review and comment before a final report is issued. A final report with comments from process owners will be submitted to the Chancellor. Final reports will also be provided to the Compliance, Audit, Risk Management, and Legal Affairs (CARL) Committee of the UNCG Board of Trustees and the Full Board; the NC Office of the State Auditor; the Council of Internal Auditing; and others upon request if permissible.

Investigative reports, engagements with non-public information/content, and consulting or advising engagement reports may not be published.

Standards state that the “sensitivity to distribution of the report is tied to the internal auditor’s responsibilities of confidentiality, an important principle in The IIA’s Code of Ethics, as well as protections ensuring that the internal audit engagement results are not misused by those without an understanding of the scope or other elements of the work. The Standards further require that, if not otherwise mandated by legal, statutory, or regulatory requirements, prior to releasing results to parties outside the organization, the CAE must:

  • Assess the potential risk to the organization.
  • Consult with senior management and/or legal counsel as appropriate.
  • Control dissemination by restricting the use of the results (2440.A2).


ContactContact Info
Director of Internal AuditKatherine A. Skinner, CPA, CIA, CFE
[email protected]
Office of Institutional Integrity and General Counsel336.334.3067
UNC System Office Hotline
State Auditor’s Hotline
Share This