Vendor and Services
Corporate Internal Audit Group (CIAG)
The Corporate Internal Audit Group has been established to provide an
independent appraisal function to the University of Maryland Medical System (UMMS) and its subsidiaries by examining
and evaluating the organization's activities and internal control structure.
The primary objectives of the Corporate Internal Audit Group are:
- To assist the UMMS Audit Committee, UMMS Board of Directors (and its subsidiaries), management
and employees in the effective discharge of their responsibilities by
providing analyses, appraisals, recommendations, counsel and information
concerning the adequacy and effectiveness of the organization's internal
control structure; and
- To promote effective internal control at a reasonable cost.
Mission and Scope of Work
The mission of the Corporate Internal Audit Group is to provide independent,
objective assurance and consulting services designed to add value and
improve the organization's operations. It helps the organization accomplish
its objectives by bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of risk management, control, and governance
The scope of work of the Corporate Internal Audit Group is to determine
whether the organization's network of risk management, control, and governance
processes, as designed and represented by management, is adequate and
functioning in a manner to ensure:
- Risks are appropriately identified and managed.
- Interaction with the various governance groups occurs as needed.
- Significant financial, managerial, and operating information is accurate,
reliable, and timely.
- Employees' actions are in compliance with policies, standards, procedures,
and applicable laws and regulations.
- Resources are acquired economically, used efficiently, and adequately
- Programs, plans, and objectives are achieved.
- Quality and continuous improvement are fostered in the organization's
Opportunities for improving management control, profitability, and the
organization's image may be identified during audits. They will be communicated
to the appropriate level of management.
The senior director, in the discharge of his/her duties, shall be accountable
to the UMMS Audit Committee, UMMS Board of Directors (and its subsidiaries), and management to:
- Provide an annual assessment on the adequacy and effectiveness of
the organization's processes for controlling its activities and managing
its risks in the areas set forth under the mission and scope of work.
- Report significant issues related to the processes for controlling
the activities of the organization and its affiliates, including potential
improvements to those processes, and provide information concerning
such issues through resolution.
- Periodically provide information on the status and results of the
annual audit plan and the sufficiency of department resources.
- Coordinate with and provide oversight of other control and monitoring
functions (risk management, compliance, security, legal, ethics, environmental,
To provide for the independence of the Corporate Internal Audit Group,
its personnel report to the senior director, who reports functionally
to the audit committee and administratively to the chief executive officer
in a manner outlined in the above section on Accountability. It will include
as part of its reports to the audit committee a regular report on internal
Definition of Internal Control
Internal control is broadly defined as a process, affected by the UMMS
Board of Directors, management and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives in the following
- Effectiveness and efficiency of operations (including safeguarding
- Reliability of financial reporting.
- Compliance with applicable laws and regulations.
Internal control consists of five interrelated components. They are derived
from the way management runs a business, and are integrated into the management
process. The components are:
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
With stringent regard for safekeeping and confidentiality, the Corporate
Internal Audit Group will have full, free and unrestricted access to all
activities, records (in both paper and electronic format), property and
personnel necessary to accomplish the stated purpose. The Corporate Internal
Audit Group is also provided identical levels of access to all subsidiaries
of UMMS as well as third parties performing services delegated to them
by UMMS. Access to contracted third parties will be handled in accordance
with contractual terms.
To permit the rendering of impartial and unbiased judgment essential
to the proper conduct of audits, the Corporate Internal Audit Group will
be independent of the activities it audits. The Corporate Internal Audit
Group will not have direct responsibility for, nor authority over, any
of the activities reviewed and will not engage in activities that would
normally be reviewed by internal auditors. This directive will not preclude
the Corporate Internal Audit Group's proactive involvement with management
in planning processes, committees or special assignments that have been
approved by both the UMMS Chief Executive Officer and UMMS Audit Committee.
The internal audit review and appraisal process does not in any way relieve
other persons in the organization of the responsibilities assigned to
them. Responsibility for complying with policies and procedures as well
as correcting deficiencies rests with the respective administrators and
The senior director of the Corporate Internal Audit Group reports directly
to both the UMMS Audit Committee and the UMMS Chief Executive Officer.
The UMMS Audit Committee reviews and concurs in the appointment, replacement,
reassignment or dismissal of the senior director of the Corporate Internal
Audit Group. This organizational structure is designed to allow the Corporate
Internal Audit Group to be independent and to effectively accomplish its
Responsibilities of Corporate Internal Audit Group
The Corporate Internal Audit Group will:
- Conduct work in accordance with the Standards for the Professional
Practice of Internal Auditing and Code of Ethics promulgated by the
Institute of Internal Auditors as well as other professional auditing
standards that may be applicable.
- Annually develop and execute a work plan that is reviewed and approved
by the UMMS Audit Committee.
- Provide management with a preliminary written report of the results
and recommendations of each audit, analyses, review or investigation
performed. Final reports will contain management's response to recommendations
and will be distributed to the Board of Directors and applicable members
- Follow-up on management's response to The Corporate Internal Audit
Group's recommendations to determine if agreed upon internal control
improvements have been implemented. Reports of management's action will
be distributed to the UMMS Audit Committee.
- Coordinate audit efforts with independent or external auditors, as
well as any examinations performed by regulatory agencies.
- Investigate known or suspected acts of fraud involving Company funds,
property and employees in coordination with the Compliance Officer and
appropriate internal legal counsel.
- Follow-up on all external auditor or regulatory reports and recommendations.
- Conduct an annual review of UMMS's Chief Executive Officer and senior
management's business expense transactions.
- Conduct special projects or studies as requested by the Board of Directors
or the UMMS Audit Committee.
- Meet with the UMMS Audit Committee at least quarterly to discuss workplan
activities and findings. Identify significant departures from the approved
work plan and reasons. Every quarter submit a report to the UMMS Audit
Committee summarizing the results of audit activities and identifying
significant audit findings and recommendations.
UMMS management will:
This page was last updated on:
- Provide the Corporate Internal Audit Group with full support and cooperation
at all levels of operations.
- Provide the Corporate Internal Audit Group complete access to all
records, property and personnel relative to the performance of their
duties and responsibilities.
- Ensure the Corporate Internal Audit Group has an adequate budget and
staffing to perform its responsibilities.
- Provide a written response to the Corporate Internal Audit Group reports
- Promptly inform the Corporate Internal Audit Group of known or suspected
cases of a criminal nature involving Company funds, property and employees.
- Annually review and revise the Corporate Internal Audit Group Charter
July 19, 2011.