Skip to main content

Internal Audit, Risk & Compliance Charter


Internal Audit, Risk & Compliance (IARC) serves as a proactive partner with University management. IARC’s goal is to enhance internal controls and compliance mechanisms while supporting the University’s core values of collaboration, academic excellence, discovery and innovation, integrity, openness and inclusion, and sustainability. IARC works to identify and mitigate risks which may impair the University’s ability to achieve its core values. Internal Audit (IA) provides independent and objective assurance and consulting services to the University. Risk & Compliance (RC) assists management in building compliance consciousness in business processes, including promoting communication and coordination regarding compliance and risk management. IARC promotes integrity among the people of the University with a purpose of improving the University’s operations and recommending action to grow the University.


As defined by The Institute of Internal Auditors (IIA), the Definition of Internal Auditing states the fundamental purpose, nature, and scope of internal auditing. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Where assurance and consulting services are defined as:

Assurance services: objective examinations of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization.

Consulting services: advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility.

Internal Audit Function

The GS Chief Audit Officer (CAO) has a direct reporting relationship to both the GS President and to the Vice Chancellor for Internal Audit, Ethics & Compliance / Chief Audit Officer (VCIAEC/CAO) of the University System of Georgia (USG) as required by Board of Regents (BoR) Policy 7.9.2 Internal Audits and BoR Procedures manual 16.0 Audits. The USG VCIA/CAO has the authority to direct the GS CAO to audit specific functions at their institutions as needed to address system-wide issues or directives. The GS President shall consult with the USG VCIA/CAO, as well as the Committee on Internal Audit, Risk, and Compliance (CIARC), on significant personnel actions involving the GS CAO to include appointment and termination. The USG VCIAEC/CAO also provides formal input to the performance evaluations of the GS CAO in consultation with the GS President.


To the extent permitted by law, IA is authorized free and unrestricted access to the University’s records, activities, physical properties, and personnel pertinent to engagements. In addition, IA is authorized to review and appraise operations, policies, plans, and procedures. IA will preserve strict accountability for confidentiality and safeguarding of records and information. University employees are required to assist IA in fulfilling its role and responsibilities.


The IA functions include, but are not limited to, the following:

  • Evaluating risk exposure relating to achievement of the institution’s strategic
  • Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
  • Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the institution.
  • Verifying the existence and safeguarding of
  • Evaluating operations or programs to determine whether goals and objectives are carried out as planned.
  • Monitoring and evaluating the effectiveness of the institution’s governance and risk management processes.
  • Performing consulting and advisory services related to governance, risk management, and internal
  • Reporting significant risk exposures and control issues.
  • Evaluating specific operations at the request of University administration or the USG VCIA/CAO.
  • Establishing a risk-based internal audit plan.

The Risk & Compliance functions include, but are not limited to, the following:

  • Ensure University functional areas are in compliance with institutional and USG policies, procedures, and regulations.
  • Evaluate risk and compliance policy, programs, processes, and activities.
  • Conduct periodic risk assessments to identify potential areas of compliance vulnerability and risk.
  • Act as an advisor to institutional compliance risk owners and risk management leadership across campuses.
  • Serve as case manager for the University’s Ethics and Compliance Reporting Hotline, ensuring cases are current and reported to appropriate levels of management.
  • Coordinate University policy lifecycle management, website, and library.
  • Maintain an accurate, complete, up-to-date policy library.

Quality Assurance and Improvement Program (QAIP)

IA will maintain a QAIP which includes an evaluation of IA’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The QAIP also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement. The GS CAO will communicate to senior management and the USG VCIAEC/CAO on the internal audit activity’s QAIP, including results of ongoing internal and external assessments conducted at least every five years.

Standards of Audit Practice

Internal Audit staff will abide by the mandatory nature of the Institute of Internal Auditors’ Code of Ethics, Core Principles for the Professional Practice of Internal Auditing, and will conduct audit activities in conformance with the Standards for the Professional Practice of Internal Auditing.


The CAO shall review, at least one time per fiscal year, the adequacy of this charter and recommend to the GS President and USG VCIAEC/CAO any improvements or revisions that may be necessary or valuable.

Approved by Dr. Kyle Marrero, President for Georgia Southern University, and Jenna Wiese, Vice Chancellor for Internal Audit, Ethics & Compliance/Chief Audit Officer for the Board of Regents of the University System of Georgia on December 14, 2023.

Last updated: 3/30/2022