Internal Audit Charter

Purpose of Internal Audit

The purpose of the Office of Internal Audit and Advisory Services is to provide independent and objective assurance and advisory services to Georgia College & State University (Institution) to add value and improve operations while promoting accountability and transparency to maintain public trust. The Office of Internal Audit and Advisory Services helps the institution accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, compliance, and internal control processes.

Internal Audit Mandate

The Office of Internal Audit and Advisory Services provides internal audit services to the institution as defined by the requirements of Board of Regents (BOR) Policy Manual § 7.9.2—Internal Audits. The scope of these services is further described by the University System of Georgia (USG) Business Procedures Manual § 16.1 – Internal Audit Functions Across the USG, § 16.3 – Types of Internal Audit, Ethics and Compliance Engagements, and § 16.4 – Internal Audit/Engagement Process.

Role of the Internal Audit Function

Internal Audit reports directly to the President of the Institution (President), and the USG’s Chief Audit Officer (USG CAO), as required by BOR Policy Manual § 7.9.2 – Internal Audits. The senior staff member of Internal Audit will serve as the Institutional Chief Auditor (ICA) as it pertains to system-wide meetings and communications. Internal Audit does not report to any other division or unit of the Institution.

Responsibilities

1. The ICA is responsible for developing an institution-wide rolling audit plan using appropriate risk-based methodology, including input from senior management and the USG CAO. The President will review and approve the audit plan before it is submitted to the USG CAO for approval by the BOR Committee on Internal Audit, Risk, and Compliance. Any modifications to the audit plan will be communicated to the USG CAO for approval.
2. The ICA is responsible for performing and/or providing functional coordination and guidance for the following institution-wide audit activities:
   1. Implement the annual audit plan, as approved, including and as appropriate, any special tasks or projects requested by the appropriate levels of management and approved by the President and USG CAO.
   2. As applicable, recruit, train, and maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the objectives of this charter. To the extent that additional or expert/specialized skills are needed to supplement the work, such activities may be co-sourced or out-sourced as necessary.
   3. Evaluate and assess significant new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
   4. Analyze operational issues impacting enterprise-wide processes and organizational areas.
   5. Conduct follow-up reviews on previously reported recommendations.
   6. Issue periodic reports to the President and USG CAO summarizing the results of audit activities.
   7. According to USG Business Procedures Manual §16.6.5, report all issues of malfeasance to the USG CAO.
   8. Keep the President informed of emerging trends regarding risk management, internal controls, and successful practices in internal auditing.
   9. Investigate reported occurrences of fraud, waste, and abuse and recommend controls to both prevent and detect such occurrences.
   10. Coordinate enterprise risk management activities while expressly avoiding making management decisions to include setting the risk appetite, implementing risk responses, taking accountability for risk management, etc.

Authorization

To the extent permitted by law, the Office of Internal Audit and Advisory Services has free and unrestricted access to all activities, records, properties, and personnel within the institution to include cooperative organizations created to serve the institution.  The Office of Internal Audit and Advisory Services is authorized to review and appraise all operations, policies, plans, and procedures. Documents and other materials provided to the Office of Internal Audit and Advisory Services will be handled in the same prudent manner as handled by those employees normally accountable for them.

Independence and Objectivity

The ICA will ensure the internal audit function remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of engagement selection, scope, procedures, frequency, timing, and communication. If the ICA determines that objectivity may be impaired in fact or appearance, the details of the impairment will be disclosed to the President and the USG CAO. 

Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, prepare records, or engage in any other activity that may impair the internal auditor’s judgment. 

Internal auditors must disclose any impairment of independence or objectivity, in fact or appearance, to the ICA and ultimately to the USG CAO. Internal auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined and will not be unduly influenced by their own interests or by others in forming judgments.

Definition of Audit Engagement Scope

The Office of Internal Audit and Advisory Services encompasses the examination and evaluation of the adequacy and effectiveness of the organization’s system of governance, risk management, compliance, internal control and the quality of performance in carrying out assigned responsibilities. The scope will vary by area and may include:

1. Review the effectiveness of governance processes to include the:
   1. Promotion of ethical behavior within the organization;
   2. Efficiency of organizational performance management and accountability;
   3. Communication of risk and control information to appropriate areas of the organization; and,
   4. Coordination of activities and information among external and internal auditors and management.
2. Review the effectiveness of risk management processes to include the:
   1. Alignment of organizational objectives in support of the USG and institutional missions;
   2. Identification and assessment of significant risks;
   3. Alignment of risk responses with the institution’s risk appetite; and,
   4. Capturing and communication of relevant risk information across the institution to enable staff and management to carry out their responsibilities.
3. Review the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
4. Review the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on operations and reports and whether the system is in compliance.
5. Review the means of safeguarding assets and, as appropriate, verify the existence of such assets.
6. Review and appraise the economy and efficiency with which resources are employed.
7. Review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
8. Review the status of Information Technology policies and procedures, verifying that required hardware, software and process controls have been implemented and that the controls are functioning properly.
9. Conduct special audits at the request of the USG CAO or President.
10. Analyze and review public private ventures associated with the institution and its cooperative organizations.
11. Provide advisory services at the request of institution management and with the USG CAO’s approval, consistent with the Institute of Internal Auditors Global Internal Audit Standards (Standards) governing advisory engagements. Advisory engagements undertaken should have the potential to contribute to the improvement of governance, risk management, compliance, and/or internal controls within the institution. 

The internal audit function shall issue reports on the results of completed reviews, discuss these reports with appropriate levels of management, and share them with the USG CAO before distributing them as final reports to the USG CAO, President, and other levels of management as deemed appropriate. 

Required Actions by Management

The institutional areas receiving an internal audit report from the Office of Internal Audit and Advisory Services will respond within 30 days.  This response will indicate agreement or disagreement, proposed actions, and the dates for completion for each specific finding and recommendation. If a recommendation is not accepted, the reason should be given.  A final written report will be prepared and issued by the Office of Internal Audit and Advisory Services. 

Quality Assurance and Improvement Program

The Office of Internal Audit and Advisory Services will participate in a quality assurance and improvement program (QAIP) created by the USG CAO that covers all aspects of the internal audit process. The program will include an evaluation of the internal audit activity’s conformance with the Standards and an evaluation of whether internal auditors apply the “Code of Ethics”. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.

The Office of Internal Audit and Advisory Services will participate in quality assurance external assessments with the USG Office of Internal Audit, Compliance, Ethics & Risk Management, conducted at least every five years as required by the Standards. The ICA will report to the President on the results of the review.

The Charter was last updated in January 2026.