The University of Maryland Medical System’s (UMMS) Corporate Internal Audit Group (CIAG) provides an independent appraisal function to UMMS and its subsidiaries by examining and evaluating the organization’s activities and internal control structure. We assist the Audit & Compliance Committee Board of Directors, management and employees in the effective discharge of their responsibilities by providing analyses, appraisals, recommendations, counsel and information concerning the adequacy and effectiveness of internal controls.   

To provide for the independence and objectivity of our work, the CIAG reports functionally to the Chairman of the Audit & Compliance Committee and administratively to the UMMS President & Chief Executive Officer (CEO). Similarly, CIAG does not have direct responsibility for nor authority over any of the activities we review and can not engage in management activities that would normally be reviewed by an internal audit.

To provide value added, risk based auditing and consulting services designed to independently review and assess operational, compliance, financial and information technology (IT) controls throughout UMMS. Our charter is reviewed and approved by the Board of Directors.

CIAG performs audits included on the Annual Audit Plan that address financial, operational, compliance and information technology risks. Each fiscal year CIAG prepares an Audit Plan for approval by the Audit & Compliance Committee Board of Directors. The means by which the Annual Audit Plan is determined include, but are not limited to:

• Annual Risk Assessment
• Regular meetings with Hospital and Corporate Leadership
• Requests from the Audit & Compliance Committee and management
• Prior audit results and trends regarding governance, risk, and compliance management issues and goals
• Information from external sources such as the external auditors
• Federal and local oversight or regulatory trends
• New or significant UMMS initiatives
• Known or suspected high risk financial, operational or compliance, or matters

The audits that we perform are designed to provide management with analyses, recommendations, consulting and industry data and leading practices that will assist management with enhancing their processes and reducing the organization’s exposure to risk.  The internal audit process does not in any way relieve management or any other persons in the organization of the responsibilities assigned to them. Responsibility for complying with policies and procedures as well as correcting deficiencies rests with the respective administrators and management.

To accomplish our work effectively, the CIAG is authorized by the President & CEO and the Audit & Compliance Committee of the Board of Directors to have full, free, and unrestricted access to all Medical System functions, records, property, and personnel.