Audit Charter




The mission of the Internal Audit Division (IAD) is to support the University in the successful achievement of its strategic goals.  This is accomplished by serving as an independent partner to University leadership, faculty, and staff in the identification and balancing of their units’ risks through objective, flexible, and proactive audit and consultation services.  IAD provides independent evaluation of the effectiveness of risk management, control, and governance processes and makes recommendations for improvement.



IAD’s scope of work includes assessing whether:

    • Risks are appropriately identified and managed across the University
    • University governance processes support the organization’s strategies and objectives
    • Financial, process, and information technology controls are effective and efficient
    • Policies, regulations, rules, and other guidance and training are consistent in their information, effective, and do not create undue bureaucracy or inefficiencies
    • University units are compliant to University, UNC General Administration (UNC-GA), State, and Federal requirements, related processes are administered correctly, and issues are recognized and addressed properly and promptly
    • Significant financial, managerial, and operating information is accurate, reliable, secure, and timely
    • Actions of University personnel are in compliance with policies and applicable laws and regulations
    • University resources are acquired economically, used efficiently, and adequately protected
    • Quality and continuous improvement are fostered in the University’s processes



All internal audit activity must be free from undue influence or interference in the selection of activities to be examined, determination of the scope or methodology of work, and in communication of the results in accordance with the international standards of independence as set forth by the Institute of Internal Auditors (IIA).

The Director of Internal Audit (Director) reports functionally and administratively directly to the Chancellor.  The Director is also accountable to the Board of Trustees (BOT) through its Audit, Risk Management and Finance Committee (Committee) as required by the University of North Carolina (UNC) Board of Governors (BOG) and the IIA standards.   The Director communicates and interacts directly and independently with the Committee.  In addition, the Director has informational reporting accountability to the Executive Vice Chancellor and Provost and the Vice Chancellor for Finance and Administration.



The Director has the responsibility to ensure IAD achieves the following:

    • Maintain compliance with North Carolina General Statute (GS) Chapter §116-40.7 (which establishes the independent audit function at state universities); NC GS Chapter §143, Article 79, The NC Internal Audit Act; and audit-related requirements from the UNC BOG
    • Establish a risk assessment process to support the development of a risk-based audit plan and a risk-based approach to individual engagements
    • Submit, at least annually, a risk-based audit plan to the Chancellor and the Committee for approval and implement that audit plan
    • Continually re-evaluate the audit plan based on changing conditions and emerging issues and revise as necessary to ensure that the highest risk items are  given priority
    • Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the organization
    • Appropriate and necessary interactions with the various external audit-related governance groups occur as needed, including interactions with UNC-GA, the state’s Council of Internal Audit, Office of the State Auditor (OSA), Office of the State Controller, and the State Bureau of Investigation
    • Appropriate and necessary interactions with the various internal audit- and investigation-related units occur as needed, including interactions with Office of the General Counsel, University Police Department, Employee Relations, Office of Information Technology, and Student Conduct
    • Investigate suspected fraudulent activities and notify the Chancellor, the Committee, and other management of any significant results; assist OSA or other external investigators with investigation of allegations as necessary
    • Issue audit reports or engagement letters as appropriate to the Chancellor and other management summarizing the results of audit or consulting activities
    • Report recent activities and high-risk issues to the Committee at regular quarterly meetings
    • Perform consulting services, beyond internal auditing’s assurance services, to assist management in meeting its objectives and to proactively address issues
    • Coordinate with other control and monitoring functions both internal and external regarding areas such as risk management, compliance, security, legal matters, environmental health, and external audits and investigations
    • Keep the Chancellor, the Committee, the Executive Vice Chancellor and Provost, and the Vice Chancellor for Finance and Administration informed of emerging trends and successful practices in the internal auditing profession
    • Educate the campus-community on University policies, State and Federal regulations, best practices, and the importance of effective internal controls
    • Participate on various committees, task forces, and system development projects to provide guidance, proactively address potential issues and internal control weaknesses, improve inefficiencies, and increase effectiveness
    • Evaluate and assess significant University functions and new or changing services, processes, operations, major systems, and control processes coincident with their development, implementation, and/or expansion
    • Develop and maintain a continuous improvement and quality assurance program covering all aspects of IAD’s activities
    • Internal audit activity is governed by adherence to The Institute of Internal Auditors’ Mandatory Guidance, which includes the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing, and the Definition of Internal Auditing



The Director is authorized to:

    • Have direct and unrestricted access to senior management and the BOT
    • Have (and delegate to the IAD staff as appropriate) unrestricted, independent access to all personnel, units, functions, records, and property relevant to the performance of engagements and risk assessment activities
    • Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives
    • Obtain the necessary assistance of personnel in units of the organization where they perform audits as well as other specialized services from within or outside the organization as needed

The Director and staff of the IAD are not authorized to:

    • Perform any operational duties for the organization or its affiliates
    • Initiate or approve accounting transactions external to the IAD
    • Make decisions that are the responsibility of management

Approved by the NC State University Board of Trustees
Audit, Risk Management and Finance Committee
September 21, 2017