Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objective bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The purpose of Western Carolina University’s (University) Office of Internal Audit (OIA) is to provide independent, objective assurance and consulting services designed to add value and improve University’s operations. The mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. The OIA helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.
Improper governmental conduct includes alleged fraud, misappropriation, mismanagement
or waste of state resources. It also includes alleged violations of state or federal
law, rule or regulation in administering state or federal programs, and substantial
and specific danger to the public health and safety.
The University is subject to external audits, program reviews, and similar activities by various agencies and other organizations. It is the responsibility of the primary contact person for the program or activity being reviewed to notify the Internal Audit Office.
The Office of the State Controller of North Carolina has adopted a Code of Ethics. The Code establishes the standard for the minimum levels of expected behavior and is also intended to serve as a guide for making ethical decisions.
The chief audit executive is responsible for developing a risk-based plan. The chief audit executive takes into account the organization's risk management framework, including using risk appetite levels set by management for the different activities or parts of the organization. If a framework does not exist, the chief audit executive uses his/her own judgment of risks after consideration of input from senior management and the board. The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organization's business, risks, operations, programs, systems, and controls.