The Corporate Internal Audit Group has been established to provide an independent appraisal function to the University of Maryland Medical System (UMMS) and its subsidiaries by examining and evaluating the organization's activities and internal control structure. The primary objectives of the Corporate Internal Audit Group are:

  1. To assist the UMMS Audit Committee, UMMS Board of Directors (and its subsidiaries), management and employees in the effective discharge of their responsibilities by providing analyses, appraisals, recommendations, counsel and information concerning the adequacy and effectiveness of the organization's internal control structure; and
  2. To promote effective internal control at a reasonable cost.

Mission and Scope of Work

The mission of the Corporate Internal Audit Group is to provide independent, objective assurance and consulting services designed to add value and improve the organization's operations. It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The scope of work of the Corporate Internal Audit Group is to determine whether the organization's network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:

  • Risks are appropriately identified and managed.
  • Interaction with the various governance groups occurs as needed.
  • Significant financial, managerial, and operating information is accurate, reliable, and timely.
  • Employees' actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
  • Resources are acquired economically, used efficiently, and adequately protected.
  • Programs, plans, and objectives are achieved.
  • Quality and continuous improvement are fostered in the organization's control process.

Opportunities for improving management control, profitability, and the organization's image may be identified during audits. They will be communicated to the appropriate level of management.


The senior director, in the discharge of his/her duties, shall be accountable to the UMMS Audit Committee, UMMS Board of Directors (and its subsidiaries), and management to:

  • Provide an annual assessment on the adequacy and effectiveness of the organization's processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.
  • Report significant issues related to the processes for controlling the activities of the organization and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.
  • Periodically provide information on the status and results of the annual audit plan and the sufficiency of department resources.
  • Coordinate with and provide oversight of other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, external audit).


To provide for the independence of the Corporate Internal Audit Group, its personnel report to the senior director, who reports functionally to the audit committee and administratively to the chief executive officer in a manner outlined in the above section on Accountability. It will include as part of its reports to the audit committee a regular report on internal audit personnel.

Definition of Internal Control

Internal control is broadly defined as a process, affected by the UMMS Board of Directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  • Effectiveness and efficiency of operations (including safeguarding of assets).
  • Reliability of financial reporting.
  • Compliance with applicable laws and regulations.

Internal control consists of five interrelated components. They are derived from the way management runs a business, and are integrated into the management process. The components are:

  • Control Environment
  • Risk Assessment
  • Control Activities
  • Information and Communication
  • Monitoring


With stringent regard for safekeeping and confidentiality, the Corporate Internal Audit Group will have full, free and unrestricted access to all activities, records (in both paper and electronic format), property and personnel necessary to accomplish the stated purpose. The Corporate Internal Audit Group is also provided identical levels of access to all subsidiaries of UMMS as well as third parties performing services delegated to them by UMMS. Access to contracted third parties will be handled in accordance with contractual terms.

To permit the rendering of impartial and unbiased judgment essential to the proper conduct of audits, the Corporate Internal Audit Group will be independent of the activities it audits. The Corporate Internal Audit Group will not have direct responsibility for, nor authority over, any of the activities reviewed and will not engage in activities that would normally be reviewed by internal auditors. This directive will not preclude the Corporate Internal Audit Group's proactive involvement with management in planning processes, committees or special assignments that have been approved by both the UMMS Chief Executive Officer and UMMS Audit Committee.

The internal audit review and appraisal process does not in any way relieve other persons in the organization of the responsibilities assigned to them. Responsibility for complying with policies and procedures as well as correcting deficiencies rests with the respective administrators and management.

The senior director of the Corporate Internal Audit Group reports directly to both the UMMS Audit Committee and the UMMS Chief Executive Officer. The UMMS Audit Committee reviews and concurs in the appointment, replacement, reassignment or dismissal of the senior director of the Corporate Internal Audit Group. This organizational structure is designed to allow the Corporate Internal Audit Group to be independent and to effectively accomplish its purpose.

Responsibilities of Corporate Internal Audit Group

The Corporate Internal Audit Group will:

  • Conduct work in accordance with the Standards for the Professional Practice of Internal Auditing and Code of Ethics promulgated by the Institute of Internal Auditors as well as other professional auditing standards that may be applicable.
  • Annually develop and execute a work plan that is reviewed and approved by the UMMS Audit Committee.
  • Provide management with a preliminary written report of the results and recommendations of each audit, analyses, review or investigation performed. Final reports will contain management's response to recommendations and will be distributed to the Board of Directors and applicable members of management.
  • Follow-up on management's response to The Corporate Internal Audit Group's recommendations to determine if agreed upon internal control improvements have been implemented. Reports of management's action will be distributed to the UMMS Audit Committee.
  • Coordinate audit efforts with independent or external auditors, as well as any examinations performed by regulatory agencies.
  • Investigate known or suspected acts of fraud involving Company funds, property and employees in coordination with the Compliance Officer and appropriate internal legal counsel.
  • Follow-up on all external auditor or regulatory reports and recommendations.
  • Conduct an annual review of UMMS's Chief Executive Officer and senior management's business expense transactions.
  • Conduct special projects or studies as requested by the Board of Directors or the UMMS Audit Committee.
  • Meet with the UMMS Audit Committee at least quarterly to discuss workplan activities and findings. Identify significant departures from the approved work plan and reasons. Every quarter submit a report to the UMMS Audit Committee summarizing the results of audit activities and identifying significant audit findings and recommendations.

Management Responsibilities

UMMS management will:

  • Provide the Corporate Internal Audit Group with full support and cooperation at all levels of operations.
  • Provide the Corporate Internal Audit Group complete access to all records, property and personnel relative to the performance of their duties and responsibilities.
  • Ensure the Corporate Internal Audit Group has an adequate budget and staffing to perform its responsibilities.
  • Provide a written response to the Corporate Internal Audit Group reports submitted.
  • Promptly inform the Corporate Internal Audit Group of known or suspected cases of a criminal nature involving Company funds, property and employees.
  • Annually review and revise the Corporate Internal Audit Group Charter as necessary.