Internal Audit, Risk & Compliance
Georgia Southern University

Internal Audit, Risk & Compliance Charter


Internal Audit, Risk & Compliance (IARC), which consists of separate yet related disciplines, serves as a proactive partner with Georgia Southern University (GS) management and staff to enhance internal controls and compliance mechanisms. This is accomplished by identifying and mitigating risks which may impair the University’s ability to achieve its objectives, aiding in safeguarding assets, and promoting integrity. Internal Audit (IA) provides independent and objective assurance and consulting services to the University in order to add value and improve operations. Risk & Compliance (RC) assists management in building compliance consciousness in business processes, as well as reducing compliance risks that could adversely affect the University.

Internal Audit Function

The GS Chief Audit Officer (CAO) has a direct reporting relationship to both the GS President and to the Vice Chancellor for Internal Audit / Chief Audit Officer (VCIA/CAO) of the University System of Georgia (USG) as required by Board of Regents (BoR) Policy 7.9.2 Internal Audits and BoR Procedures manual 16.0 Audits. The USG VCIA/CAO has the authority to direct the GS CAO to audit specific functions at their institutions as needed to address system-wide issues or directives. The GS President shall consult with the USG VCIA/CAO, as well as the Committee on Internal Audit, Risk, and Compliance (CIARC), on significant personnel actions involving the GS CAO to include appointment and termination. The USG VCIA/CAO also provides formal input to the performance evaluations of the GS CAO in consultation with the GS President.


To the extent permitted by law, IA is authorized free and unrestricted access to the University’s records, activities, physical properties, and personnel pertinent to engagements. In addition, IA is authorized to review and appraise operations, policies, plans, and procedures. IA will preserve strict accountability for confidentiality and safeguarding of records and information. University employees are required to assist IA in fulfilling its role and responsibilities.

Institutional Responsibilities

The IA functions include, but are not limited to, the following:

  • Evaluating risk exposure relating to achievement of the institution’s strategic objectives.
  • Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information.
  • Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the institution.
  • Verifying the existence and safeguarding of assets.
  • Evaluating operations or programs to determine whether goals and objectives are carried out as planned.
  • Monitoring and evaluating the effectiveness of the institution’s governance and risk management processes.
  • Performing consulting and advisory services related to governance, risk management, and internal controls.
  • Reporting significant risk exposures and control issues.
  • Evaluating specific operations at the request of University administration or the USG VCIA / CAO.
  • Establishing a risk-based internal audit plan.

Quality Assurance and Improvement Program (QAIP)

IA will maintain a QAIP which includes an evaluation of IA’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The QAIP also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement. The GS CAO will communicate to senior management and the USG VCIA/CAO on the internal audit activity’s QAIP, including results of ongoing internal and external assessments conducted at least every five years.

Approved by Dr. Kyle Marrero, President for Georgia Southern University, and Claire Arnold, Vice Chancellor for Internal Audit/Chief Audit Officer for the Board of Regents of the University System of Georgia on December 16, 2019.

Last updated: 12/17/2019

Internal Audit, Risk & Compliance • PO Box 8038 Statesboro, GA 30460 • 912-478-1652