Internal Audit

UNCW Internal Audit Charter

Reviewed and approved: October 19, 2018

Mission and Scope of Work

The mission of the Office of Internal Audit is to provide independent, objective assurance and advisory services designed to add value and improve the university's operations. Internal Audit helps the university accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The scope of the Office of Internal Audit's work is to determine whether the university's network of risk management, control, and governance processes, as designed by management, is adequate and functioning in a manner to ensure: 

  • Risks are appropriately identified and managed.
  • Interaction with the various governance groups occurs as needed.
  • Significant financial, managerial, and operating information is accurate, reliable, and timely.
  • Employees' actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
  • Resources are acquired economically, used efficiently, and adequately protected.
  • Programs, plans, and objectives are achieved.
  • Quality and continuous improvements are fostered in the university's control process.
  • Significant legislative or regulatory issues impacting the university are recognized and addressed appropriately.
  • Accountability, integrity and efficiency within the university are maintained.

Opportunities for improving management control, the university's image, and overall effectiveness and efficiency may be identified during audits. These, and any other relevant matters, may be communicated to the appropriate level of management.


The Chief Audit Executive (CAE), in the discharge of his/her duties, shall be accountable to the Board of Trustees through the Audit, Risk and Compliance Committee (ARCC) and the Chancellor or the Chancellor's designee to:

  • Provide an assessment on the adequacy and effectiveness of the university's processes for controlling its activities and managing its risk in the areas set forth under the mission and scope of work.
  • Report significant issues related to the processes for managing risk and controlling the activities of the university and its affiliates.
  • Provide information periodically on the status and results of the annual audit plan and the sufficiency of the Office of Internal Audit's resources.
  • Coordinate with and provide coverage of other controls and monitoring functions such as risk management, compliance, security, legal, ethics, environmental, and external audits.
  • Establish a follow-up process to track actions related to important issues and recommendations.
  • Maintain audit records in accordance with the State's records retention schedule.


The internal audit activity should be free from interference in determining the scope of internal auditing, performing work, and communicating results. To provide for the independence of the Office of Internal Audit, its personnel report to the CAE, who reports administratively to the Chancellor and functionally to the ARCC. The CAE shall have full and independent access to the Chancellor and the ARCC.


The CAE and staff of the Office of Internal Audit have responsibility to:

  • Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the Chancellor and ARCC for review and approval as well as periodic updates.
  • Implement the approved annual audit plan and incorporate, as appropriate, any special tasks or projects requested by management and the ARCC.
  • Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of the Charter.
  • Establish a quality assurance program to ensure the Office of Internal Audit's conformance with the International Professional Practices framework including the definition of internal auditing, Code of Ethics and Standards established by the Institute of Internal Auditors as well as assess efficiency and effectiveness of the office and identify opportunities for improvement.
  • Evaluate and assess significant functions and new or changing services, systems, processes, operations, and control processes as deemed necessary.
  • Issue periodic reports to management, the Chancellor, and ARCC summarizing results of audit activities.
  • Keep the Chancellor and ARCC informed of emerging trends and successful practices in internal auditing.
  • Provide a list of significant measurement goals and results to the Chancellor and ARCC.
  • Provide a mechanism for whistleblowing including receiving, resolving, and retaining records of complaints regarding accounting, internal controls, and auditing matters.
  • Assist and/or conduct the investigation of suspected fraudulent activities within the university in cooperation with the Chief of Police and/or General Counsel, notify the Chancellor and ARCC of the results, and report as required to outside agencies.
  • Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the university.
  • Serve as liaison between university management and external auditors.
  • As appropriate, provide consulting services to management that add value and promote the best interests of the university.
  • At least annually, submit this charter to ARCC for review and approval
  • At least annually, confirm to ARCC the functional independence of Internal Audit.


The CAE and staff of the Office of Internal Audit are authorized to:

  • Have unrestricted access to all functions, systems, data, records, or other information, property, and personnel.
  • Have access to external persons and records as a result of all contracts or grants entered into by the university.
  • Allocate resources, set frequencies, select subjects, determine scope of work, and apply the techniques required to accomplish audit objectives.
  • Provide consulting services to management as deemed appropriate.

The CAE and staff of the Office of Internal Audit are not authorized to:

  • Perform any operational duties for the university or its affiliates.
  • Initiate or approve accounting transactions external to the Office of Internal Audit.
  • Direct the activities of any university employee not employed by the Office of Internal Audit, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.

Standard of Audit Practice

The Office of Internal Audit will govern itself by adherence to the Institute of Internal Auditors' mandatory guidance, which includes the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing (Standards). This mandatory guidance constitutes the fundamental requirements for the professional practice of internal auditing and the principles against which to evaluate the effectiveness of the Office of Internal Audit's performance.