Internal Audit Charter
Page Sections
Purpose
The Office of the Internal Auditor is an independent, objective assurance and consulting activity guided by a philosophy of adding value to improve the operations of The University of North Carolina at Greensboro (University). It assists the University in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the University’s governance, risk management, and internal controls.
Mission
The mission of the Office of the Internal Auditor is to enhance and protect the University’s value by providing risk-based and objective assurance, advice, and insight.
Vision
The vision of the Office of the Internal Auditor is to be a proactive, competent, collaborative, and transparent resource for the University. The Office of the Internal Auditor (OIA) will protect and add value to the University by (1) proactively seeking input from University leaders and staff and conducting engagements that benefit the University, (2) continuously improving professional competencies by attending relevant training events, (3) collaborating with University leaders and advising them on the effectiveness and efficiency of current operations and improvement opportunities, and (4) communicating applicable findings, issues, and accomplishments in written reports that are clear, concise, and constructive.
Role
The internal audit activity is established by NC General Statute Chapter 143, Article 79. The internal audit activity’s responsibilities are defined by these laws. The Council of Internal Auditing has authority to set policy related to the internal audit function.
Professionalism
The Office of the Internal Auditor will govern itself by adherence to The Institute of Internal Auditors’ mandatory guidance, including the Definition of Internal Auditing, the Code of Ethics, the Core Principles, and the International Standards for the Professional Practice of Internal Auditing (Standards). This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the internal audit activity’s performance.
The Office of the Internal Auditor will also adhere to the Institute of Internal Auditors’ Practice Advisories, Practice Guides, and Position Papers, as applicable to guide operations. In addition, the Office of the Internal Auditor will adhere to the North Carolina Internal Audit Act, the University’s relevant policies and procedures, and the University’s internal audit manual.
Authority
The internal audit activity, with strict accountability for confidentiality and safeguarding records and information, is authorized full, free, and unrestricted access to all the University’s records, physical properties, and personnel pertinent to carrying out any engagement. All University employees are requested to assist the internal audit activity in fulfilling its roles and responsibilities.
Organization
The Director of Internal Audit will report functionally to the Chair of the Compliance, Audit, Risk Management, and Legal Affairs Committee (CARL Committee) and administratively (i.e., day to day operations) to the Vice Chancellor for Institutional Integrity and General Counsel. The Director will communicate and interact directly with the CARL Committee, as appropriate. The CARL Committee shall be composed and organized in accordance with its charter approved by the Board of Trustees.
Independence and Objectivity
The internal audit activity will remain free from interference by any element in the University, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of a necessary independent and objective mental attitude.
Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment.
Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.
The Director of Internal Audit will confirm to the CARL Committee, at least annually, the organizational independence of the internal audit activity.
Responsibility
The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the University’s governance, risk management, and internal controls. This shall be accomplished through the application of standard internal audit practices, including conducting and documenting an annual comprehensive risk assessment of the University, developing an annual risk-based audit plan, and ensuring or advising on the quality of performance in carrying out assigned responsibilities to achieve the University’s and the Office of the Internal Auditor’s purpose, mission, vision, goals, and objectives. This may include:
- Evaluating risk exposure relating to achievement of the University’s strategic objectives through development of a comprehensive risk assessment of the University.
- Monitoring and evaluating the effectiveness of the University’s risk management processes.
- Performing consulting and advisory services related to governance, risk management, and control as appropriate for the University.
- Performing consulting and advisory services related to operational effectiveness and efficiency.
- Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
- Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the University.
- Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
- Evaluating the effectiveness and efficiency with which resources are employed.
- Evaluating operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
- Monitoring and evaluating governance processes.
- Confirming the implementation of corrective action to address internal and external audit recommendations, as appropriate.
- Evaluating specific operations at the request of university management, as appropriate.
- Reporting periodically on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and its charter.
Investigating allegations of fraud, waste, or abuse of university assets or resources from internal and external sources, including, but not limited to the University, the North Carolina University System Central Office, the Office of the State Auditor, the Office of State Budget and Management, or the United States Department of Education, as appropriate.
Internal Audit Plan
At least annually, the Director of Internal Audit will submit to executive management and the CARL Committee a risk-based internal audit plan for review and approval. The Director will communicate the impact of resource limitations and significant interim changes to executive management and the CARL Committee.
The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input of senior management and the CARL Committee. The Director will review and adjust the plan, as necessary, in response to changes in the University’s business, risks, operations, programs, systems, and controls. Any significant deviation from the approved internal audit plan will be communicated to executive management and/or the CARL Committee.
Reporting and Monitoring
A written report will be prepared and issued by the Director of Internal Audit or designee following the conclusion of each internal audit engagement. The report will be distributed as appropriate.
The internal audit report may include management’s response and corrective action taken or to be taken regarding the specific findings and recommendations. Management’s response, whether included within the original audit report or provided thereafter by management of the audited area should include a timetable for anticipated completion of action to be taken and an explanation for any corrective action that will not be implemented. The internal audit activity will be responsible for appropriate follow-up on engagement findings and recommendations. All significant findings will remain in an open issues file until cleared.
Quality Assurance and Improvement Program
The Office of the Internal Auditor will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of the internal audit activity’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.
The Director of Internal Audit will provide an annual progress report to executive management and the CARL Committee on the internal audit activity’s quality assurance and improvement program. This will include results of internal and external assessments conducted, the mission of the Office of the Internal Auditor, and conformance with the mandatory elements of the International Professional Practices Framework.
The Internal Audit Charter was approved by the Chair of the CARL Committee and the Chancellor on 10/10/2023.