91622, 10.05 PM
This content matches your MGS Profile.
Charter for Corporate Internal Audit (MIP-16)
MARRIOTT INTERNATIONAL POLICY (MIP)
REVISED: FEBRUARY 18, 2021
Charter for Corporate Inteomal Ault (MIP-16) - Ml Standards
REVIEWED: FEBRUARY 10, 2021
Region & Brand Applicability Table
BRAND NAME
‘Above Property
AC Hotels
Aloft Hotels
‘Autograph Collection
Autograph Collection
Residences
Bulgari
Bulgari Residences
Courtyard
Detta Hotels
Design Hotels
EDITION Hotels
EDITION Residences
Element Hotels
Fairfield
Four Points
Gaylord Hotels
Headquarters
htps:mgscloud mariol.comstandards7id=1835,
AP
EUR
MEA
4 4°86
‘6
ve91622, 10.05 PM
JW Marriott
JW Marriott Residences
Le Meridien
Le Meridien Residences
Marriott Executive Apartments
Marriott Hotels
BRAND NAME
Marriott Residences
Marriott Vacations Club
MOXY Hotels
Protea Hotels by Marriott
Renaissance Hotels
Residence Inn
Ritz-Carlton Reserve
Sheraton Hotels
Sheraton Residences
SpringHill Suites
St. Regis Hotels,
St. Regis Residences
The Luxury Collection
The Luxury Collection
Residences
The Ritz-Carlton
The Ritz-Carlton Club
The Ritz-Carlton Residences
‘TownePlace Suites
Tribute Portfolio
htps:mgscloud mariol.comstandards7id=1835,
Charter for Corporate Intemal Ault (MIP-16) -Ml Standards
v ¥
v ¥
¥ v
v ¥
v ¥
¥ ¥
us! CAN CALA
¥ ¥
v v
v v
¥ ¥
¥ ¥
¥ v
¥ ¥
v ¥
v v
v v
¥ ¥
¥ ¥
v v
v ¥
¥ ¥
¥ ¥
v ¥
v ¥
¥ ¥
v
v
AP
EUR
MEA
2891622, 10.05 PM Charter for Corporate Intemal Ault (MIP-16) -Ml Standards
W Hotels v v v v v
W Residences ¥ v ¥ ¥ v
Westin Hotels v v v v v
Westin Residences v v ¥ v v
APPLIES TO: Architecture & Construction, Communications, Engineering, Event Management, Finance & Accounting,
Fitness & Recreation, Food & Beverage, Front Office, Furniture, Fixtures & Equipment, Golf, Housekeeping,
Human Resources, Legal, Information Protection, Purchasing, Quality Assurance & Guest Satisfaction,
Residential Operations, Retail, Risk Management & Loss Prevention, Sales, Marketing & Revenue Management, Spa,
Technology
Requirements
Applicability: Associates at all brands, all regions Seger
Key Responsibilities:
Policy Owner: (unless otherwise stipulated,
is responsible for policy administration,
Chief Audit Executive (Keri Day)
compliance monitoring, implementation, and
training)
Policy Approver: (unless otherwise
stipulated, is responsible for approval of Audit Committee of the Board of Directors
exceptions)
+ Chief Audit Executive (CAE) and Global Internal Audit Function have oversight responsibilty for the
facilitation of policy updates.
1, Policy Overview
The Internal Audit Department (IAD) is established by Marriott International, Inc. (the "Company" to provide
independent, objective assurance and consulting services designed to ensure maintenance of an adequate and effective
system of internal controls based on the Committee of Sponsoring Organizations of the Treadway Commission (COSO),
and improve the effectiveness and efficiency of the Company's operations. The Intemal Audit Department employs a
systematic, disciplined approach to evaluating and improving the effectiveness of risk management, internal control, and
governance processes, thereby assisting management in the achievement oftheir operational, regulatory, and financial
reporting objectives.
The Internal Audit Department will govern itself in accordance with mandatory guidance of The Institute of Internal
Auditors (The IIA), including the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the
htps:imgscloud marriott. comlstandards?id=1835 ae‘911822, 1005 Pm Charter for Corporate Intomal Aust (MIP-16)- Ml Standards
Professional Practice of Internal Auditing (Standards). This mandatory guidance constitutes principles of the fundamental
requirements for the professional practice of internal auditing and for evaluating the effectiveness of the Internal Auait
Department. In addition, the Internal Audit Department will adhere to the Company's relevant policies and procedures.
2. Policy Statement
This Policy establishes Marriott International's requirements for the Internal Audit Department (IAD). The IAD scope of
‘work includes assurance services which require the examination and evaluation of the adequacy and effectiveness of
the organization's governance, risk management, and internal control processes as well as the quality of performance in
carrying out assigned responsibilities to achieve the organization's stated goals and objectives. This includes:
+ Assessing whether risks relating to the achievement of the Company's strategic objectives are appropriately
identified and managed,
+ The actions of the Company's officers, directors, employees, and contractors are in compliance with the
Company's policies, procedures, and applicable laws, regulations, and governance standards.
+ Assessing control processes related to the reliability and integrity of financial and operating information and the
means used to identify, measure, classify, report and disclose such information,
+ Assessing control processes related to the systems established to ensure compliance with policies, plans,
procedures, laws, and regulations which could have a significant impact on the Company,
+ Assessing control processes related to safeguarding Company assets and, as appropriate, verifying the existence
of such assets,
+ Assessing control processes related to the efficiency and effectiveness with which Company resources are
employed,
+ Assessing control processes related to operations or programs in place to ascertain whether results are consistent
with established objectives and goals and whether the operations or programs are being carried out as planned,
+ Assessing the adequacy of governance and risk management processes, and
+ Evaluating specific operations at the request of the Audit Committee or management, as appropriate,
In addition to the assurance services, the Internal Audit Department may provide consulting services, such as training,
facilitation, process design and other advisory services that add value to the Company and contribute to the
improvement of governance, risk management, and internal controls,
3. Requirements
The Internal Audit Department shall review the Company's system of internal controls while maintaining its
independence from the Company's operations. The Internal Audit Department has no direct responsibilty or authority
over any of the activities or operations of the Company. The department shall not develop and install procedures,
prepare records, or engage in activities which would normally be the responsibility of management and therefore subject
to independent review procedures performed by the department
3.4 The Chief Audit Executive (CAE) reports functionally to the Audit Committee of the Board of Directors, and
administratively to the Chief Financial Officer (CFO).
htps:imgscloud marriott. comlstandards?id=1835 4891622, 10.05 PM Charter for Corporate Inteomal Ault (MIP-16) - Ml Standards
3.2 The CAE will communicate and interact directly with the Audit Committee, including in executive sessions and
between Audit Committee meetings as appropriate.
3.3 The Audit Committee will meet with appropriate management personnel to discuss the annual performance of the
CAE and approve the proposed compensation using processes established by the Compensation Committee.
3.4 Internal auditors will exhibit the highest level of professional objectivity in matters of audit selection, scope and
timing, and while gathering, evaluating, and communicating information about the activity or process being examined.
Internal auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by
their own interests or by others in forming judgments.
3.5 The CAE will confirm to the Audit Committee, at least annually, the organizational independence of the Internal Audit
Department.
3.6 Authorization is granted by the Board for unrestricted access to any of the Company's records (either manual or
electronic), physical locations, and personnel. Documents and information provided to the Internal Audit Department
during an audit or review will be handled in the same prudent manner as by those personnel normally accountable for
them.
3.7 The Audit Committee maintains governance over the Internal Audit function and its role in overseeing the Chief Audit
Executive by performing the following: approving the appointment of the Chief Audit Executive; consulting with
management regarding the performance of the Chief Audit Executive; and approving the compensation of the Chief
Audit Executive
‘Additionally, the Audit Committee:
(1) approves the Internal Audit charter; (2) approves the risk-based Internal Audit plan and significant changes to that
plan; (3) approves the Internal Audit budget and resources necessary to achieve audit plan objectives; (4) receives
communications from the Chief Audit Executive on Internal Audit’s performance related to the Internal Audit plan and
other matters; and (5) makes appropriate inquiries of management and the Chief Audit Executive to determine whether
there are inappropriate scope or resource limitations,
4. Responsibilities
The CAE and the intemal Audit Department associates have the responsibilty to
+ Develop at least annually, an internal audit plan using appropriate risk-based methodology and submit that plan
including resource requirements to the Audit Committee for approval. The CAE will communicate the impact of
resource limitations and significant interim changes to the annual plan to senior management and the Audit
Committee,
+ Implement the audit plan, as approved, including any additional assignments requested by management and the
Audit Committee,
+ Periodically report to senior management and the Audit Committee on the Internal Audit Department's purpose,
authority, and responsibilty, as well as performance relative to its plan. Reporting will also include significant risk
htps:imgscloud marriott. comlstandards?id=1835 se‘911822, 1005 Pm Charter or Corporat ntmal Au (MIP-16)- Ml Standares
exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by
senior management and the Audit Committee,
+ Report to management the result of each audit engagement, including significant control issues, potential
improvements, and management corrective actions,
+ Establish and maintain a system to monitor the disposition of results communicated to management,
+ Keep the Audit Committee informed of emerging trends and successful practices in intemal auditing,
+ Coordinate audit efforts with the independent auditors, and control and monitoring functions (for example, legal,
internal investigations, casino oversight, privacy, information security and intemal control functions),
+ Assist in the investigation of significant suspected fraudulent activities within the organization and notify
management and the Audit Committee of the results, and
+ Report annually to the Audit Committee the results and findings of audits conducted in the current year. The
presentation related to results and finding of audits conducted in the current year will include an opinion as to the
adequacy and effectiveness of the Company's system of business and financial risk management, control, and
governance processes and a review of all significant, unresolved, or uncorrected items identified during the
preceding year.
4.1 Quality Assurance
The Internal Audit Department shall strive to increase its effectiveness by learning and applying improved techniques of
communications, analysis, and problem solving. A quality assurance program, consisting of supervision and internal
reviews will be performed to provide reasonable assurance that the internal audit work conforms to this document and an
evaluation of the Department's conformance with the Definition of Internal Auditing and the Standards and an evaluation
of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the
internal audit activity and identifies opportunities for improvement. In addition, a qualified independent reviewer will
perform an external quality assurance review at least once every five years. The CAE will communicate to senior
management and the Audit Committee on the Internal Audit Department's quality assurance and improvement program,
including results of ongoing internal assessments and the external assessments conducted at least once every five
years,
4.2 Internal Audit Department Associates
The primary resource of the intemal Audit Department is its associates. The motivations, business knowledge, and
technical and interpersonal skills of these associates determine the overall effectiveness of the function within the
Company.
To maintain and improve the function's effectiveness, the CAE will establish the necessary policies and programs to
ensure the successful recruitment, training, supervision, and retention of these associates,
The CAE is also authorized to obtain necessary assistance of associates in the function where au
are being
performed, as well as other specialized services from within or outside the Company.
43 Ad
nal Responsibilities
htps:imgscloud marriott. comlstandards?id=1835 cy‘9118722, 10.05 PM Charter for Corporate Intomal Aust (MIP-16)- Ml Standards
‘Additionally, the CAE is responsible for
+ Assessing the Company's ethical conduct compliance program, including the assessment of ethical culture of the
business and tone set by senior management,
+ Administering the maintenance of the Marriott International Policy Manual (maintained electronically on the
Company's intranet),
+ Overseeing the administration of the Company's processes to address and act on information received through
the Company's Business Integrity reporting systems and/or directly or indirectly reported to the Internal Audit,
Department by the Law Department and/or Internal Investigations, and
+ Assessing, periodically, whether the purpose, authority, and responsibility, as defined in this charter, continue to be
adequate to enable the Internal Audit Department to accomplish its activities.
‘Any changes to this charter require Audit Committee approval
5. Documents Associated with this Policy
+ Periodic SEC Filing Policy (MIP-68)
+ Audit Committee Charter: the Audit Committee Charter can be found in the Documents & Charters section of the
Corporate Investor Relations website at Marriott.com
EFFECTIVE: FEBRUARY 01, 2005 | PUBLISHED: FEBRUARY 01, 2005
I this documents older than December 15, 2022, vist Marriot Global Source to ensure you have the most upte-date version af this
standard,
MARRIOTT CONFIDENTIAL AND PROPRIETARY INFORMATION
‘The contents ofthis material are confidential and proprietary to Martot Intemational, Inc. and may not be reproduced, dsclosed, distributed or
used without the express permission ofan authorized representative of Marriot. Any other use is expressly prohibited.
htps:imgscloud marriott. comlstandards?id=1835 189118722, 10.05 PM Charter for Corporate Inteomal Ault (MIP-16) - Ml Standards
ae