Preamble
The Office of Hopkins Internal Audits (OHIA) aspires to perform its activities in accordance with the Global Internal Audit Standards and applicable Topical Requirements, issued by the Institute of Internal Auditors.
OHIA’s work integrates with and evaluates the governance frameworks of the Johns Hopkins University (JHU) and Johns Hopkins Health System (JHHS), providing assurance and advisory services that support the effective management of institutional risks, the fulfillment of compliance obligations, and the continuous improvement of internal control processes.
Purpose and Mission
OHIA provides independent, objective assurance and advisory services designed to protect and enhance organizational value and improve the operations across the Johns Hopkins Institutions. OHIA’s purpose includes enhancing stakeholder trust and serving the public interest.
OHIA’s mission is to assist the respective Boards of Trustees, Audit Committees, and management of the Johns Hopkins Institutions in achieving organizational objectives by evaluating and improving the effectiveness of governance, risk management, internal control, and key operational, clinical, and compliance processes.
Authority
OHIA provides audit and advisory services to all entities and subsidiaries of Johns Hopkins Institutions.
OHIA has unrestricted access to all records, properties, resources and personnel relevant to subjects under review.
Independence and Organizational Placement
Independence of the internal audit function is critical to its effectiveness. OHIA is established as an independent function within Johns Hopkins Institutions.
The Chief Audit Officer (CAO) reports functionally to the respective Audit Committees of the Boards of Trustees and administratively to executive leadership. The CAO has direct and unrestricted access to the respective Audit Committees.
OHIA has no direct responsibility for, or authority over, operational activities and maintains objectivity in performing its work. Internal audit staff perform their work with impartiality and freedom from undue influence and disclose any real or perceived conflicts of interest.
Scope of Work and Responsibilities
OHIA’s scope of work includes providing independent, objective assurance and advisory services designed to evaluate and improve the effectiveness of governance, risk management, and internal control processes across the Johns Hopkins Institutions.
OHIA performs audits, reviews, and other engagements across all functions, processes, and systems, including clinical, financial, operational, information technology, and compliance areas.
OHIA may provide advisory services and collaborate with management on initiatives, provided such activities do not impair independence.
Standards of Practice and Quality Assurance
OHIA aspires to perform its activities in accordance with the Global Internal Audit Standards issued by the Institute of Internal Auditors. The CAO establishes and maintains a quality assurance and improvement program that includes both internal and external assessments. OHIA aspires to conduct external assessments at least once every five years.
Reporting and Communications
The CAO submits to the respective Audit Committees, for review and approval, an annual risk-based internal audit plan and provides periodic updates as needed.
OHIA reports periodically to the respective Audit Committees and executive management on audit results, significant risks, control deficiencies, and the status of management’s corrective actions.
The CAO communicates significant risks, control issues, and themes identified through audit activities and reports any interference with the scope, access, or resources of the internal audit function.
Resource Requirements and Competence
OHIA maintains sufficient resources, including staffing, budget, and access to specialized expertise to execute its responsibilities and the approved audit plan.
The CAO is responsible for ensuring that audit personnel possess the knowledge, skills, and competencies necessary to perform their work. OHIA staff will maintain appropriate professional certifications and qualifications relevant to their responsibilities.
Confidentiality
OHIA maintains the confidentiality of information obtained during the course of its work and uses such information only as appropriate to fulfill its responsibilities. OHIA complies with applicable laws, regulations, and institutional policies related to the protection of sensitive information.
Coordination with Other Assurance Providers
OHIA coordinates activities with the compliance function, risk management, patient safety/quality, external auditors, and regulatory bodies to leverage assurance coverage, avoid unnecessary duplication, and provide comprehensive reporting to the Audit Committee.
Approval and Amendment
This charter will be reviewed annually by the CAO and the respective Audit Committees. Any material changes require approval by the respective Audit Committees.