16.1 Institution Audit Staff, BoR Audit Staff, State Dept. of Audits & Accounts, 3rd-Party Audits
Of the thirty-five USG institutions,twenty-two have a budgeted internal audit department. The institutional chief auditor ICA at each institution has a direct reporting relationship to the president of their institution and to the USG Chief Audit Officer (CAO). Board Policy 7.10.2 and the USG internal audit charter specifies the duties and responsibilities associated with the ICA reporting relationships. The institutional president and the CAO approve institutional audit charters. Further duties of the CAO and the ICAs are specified in the internal audit charter and in the CAO’s internal audit manual.
The ICA at each institution submits an audit plan to the USG Office of Internal Audit and Compliance (OIAC) in accordance with guidance published by the USG Chief Audit Officer. Based upon this input and a risk-based audit model, the Office of Internal Audit and Compliance develops a system-wide audit plan. The implementation of the system-wide audit plan is coordinated with the institutional internal audit plans and with external assurance providers to ensure major risks are addressed while minimizing duplication of effort and disruption of auditee operations. The USG Chief Audit Officer has the authority to direct the ICAs to audit specific functions at their institutions. Additionally, each ICA submits engagement reports to the OIAC for summary reporting to the Board and for the annual report to the BOR Committee on Internal Audit, Risk, and Compliance.
16.1.1 Institutional Audit Staff
Those institutions with a budgeted audit department include:
- Albany State University
- Atlanta Metropolitan State College
- Armstrong Atlantic State University
- Augusta State University
- Clayton State University
- Columbus State University
- Dalton State College
- Fort Valley State University
- Georgia College and State University
- Georgia Gwinnett College
- Georgia Health Sciences University
- Georgia Highlands College
- Georgia Institute of Technology
- Georgia Perimeter State College
- Georgia Southern University
- Georgia State University
- Kennesaw State University
- Savannah State University
- Southern Polytechnic State University
- The University of Georgia
- University of West Georgia
- Valdosta State University
Institutional audit functions may be comprised of a dedicated audit function, a shared auditor model where one audit professional is assigned to an internal audit role at two institutions, or a regional model where an audit shop of one or more audit professionals is assigned to multiple institutions.
The ICAs meet at least annually with the USG Chief Audit Officer to discuss audits, audit findings, and other issues relevant to the USG Internal Audit function.
ICAs are responsible for performing appropriate audit procedures to verify corrective action of each issue rated material within sixty (60) days of the issue being reported as closed/resolved by the institution’s management. OIAC auditors shall verify corrective action for those institutions without an institutional internal audit function.
16.1.2 Board of Regents Audit Staff
The USG OIAC supports the Board of Regents, system administration, and institutional administration in the effective discharge of their responsibilities. The OIAC is responsible for providing an objective appraisal of the University System’s governance, risk management, compliance and control activities as well as providing advisory services for management throughout the USG.
The USG Chief Audit Officer reports directly to the Chancellor and indirectly to the BOR Committee on Internal Audit, Risk, and Compliance (Committee).
16.1.3 State Department of Audits and Accounts
The Department of Audits and Accounts, as part of the legislative branch of state government, is the external independent auditor of the University System. The Department of Audits and Accounts conducts financial audits, compliance audits, performance audits, and vulnerability assessments or reviews and makes recommendations for improving financial and management controls within the USG. The Department of Audits and Accounts reviews USG’s internal control structure and operations to determine the scope of the examination and reliability of the entity’s financial data. The internal audit function contributes to the internal USG control structure with its emphasis on monitoring and oversight.
Current state law per Georgia Title 50-6-3 states:
The Department of Audits and Accounts shall audit all state institutions. No official of the state shall have authority to employ or hire any other auditing agency.
Georgia Title 50-6-6 states in part:
It shall be the duty of the Department of Audits and Accounts to thoroughly audit and check the books and accounts of…the several units of the University System of Georgia.
Final reports are copied to the Vice Chancellor for Fiscal Affairs, the USG Chief Audit Officer, and the pertinent BOR Committee Chairs. ICAs, or OIAC auditors for institutions without CIAs, perform appropriate audit procedures to verify that corrective action has taken place for all material weaknesses.
This verification should be performed for each material weakness no later than sixty (60) days after the material weakness has been reported as closed/resolved by institution management. Any unfavorable exceptions are reported to the OIAC and the Vice Chancellor for Fiscal Affairs.
16.1.4 Third-Party Audits
Third-party audits may be conducted by various audit agencies. These agencies may include, but are not limited to:
- Defense Contract Audit Agency
- Georgia Department of Administrative Services Process Improvement
- Georgia Student Finance Commission
- Health and Human Services (HHS)
- Internal Revenue Service
- Medicare and Medicaid Audits
- Office of Inspector General (Georgia)
It is the responsibility of local institution officials, either the campus auditor or, if none exists, the chief business officer (CBO), to be cognizant of third-party audits and associated issues. Institutional management shall notify the ICA, OIAC, and the Vice Chancellor for Fiscal Affairs of any third-party audits and shall provide a copy of a final audit report.