The following document outlines the purpose, responsibilities and details of the Audit, Risk and Compliance Committee of the Board of Trustees.
I. Audit, Risk and Compliance Committee Purpose
The Audit, Risk and Compliance Committee of the Board of Trustees is responsible for oversight of the quality and integrity of the University’s accounting, auditing, external financial reporting, information security controls, enterprise risk assessment program, and legal and regulatory compliance practices.
II. Audit, Risk and Compliance Committee Responsibilities
A. Internal Controls
1. Oversee the University’s internal controls through discussions with and reports by management, internal audit and the external auditors.
B. Financial Statements/External Auditors
- Oversee timing and procedures related to the selection of the external auditors. Performance and qualifications of the external auditor will be evaluated annually.
- Review the planned scope of the external financial statements and audits and any subsequent significant changes.
- Oversee independence of the external audit firm that performs the annual financial statements audit, including review of any significant relationships with the University.
- Review with management and the external auditors the consistency and quality of the University’s external financial statements and disclosures; significant accruals; accounting principles employed; significant changes in the selection or application of accounting principles; unusual transactions or highly judgmental areas; alternative accounting treatments within GAAP, ramifications of such use, and the treatment preferred by the public accounting firm.
- Ensure the Chancellor, CFO, and Controller provide necessary certifications along with the annual report.
- Review the results of the annual external audit and the OMB Uniform Guidance audit, including the external auditor’s opinion.
- Review the timeliness and appropriateness of management’s corrective actions in response to significant recommendations made by the external auditors.
- Meet separately with the external auditors, University management, and management of the Internal Audit and University Compliance functions at least annually.
- Consult with management before any external audit firm employee who significantly participates in the University’s annual audits is hired in a senior financial position at the University.
C. Internal Audit
- Review and approve the Internal Audit and University Compliance charter, audit plans, and activities, including any work performed by third parties under their direction.
- Review the Internal Audit Department’s staffing and organizational structure.
- Review metrics and significant findings and recommendations by Internal Audit at least annually, as well as the adequacy of management’s corrective actions.
- Review and approve the hiring, discipline, demotion, or termination of the head of the Office of University Compliance and Internal Audit.
D. University Compliance
- Review the University’s overall level of compliance with government regulations.
- Review the University Compliance Office’s monitoring of area-specific compliance offices.
- Review and approve the University Compliance Office’s audit plans and activities.
- Review the University Compliance Office’s staffing and organizational structure.
- Review significant results of compliance or regulatory audits conducted by the University Compliance Office or by third parties, as well as the adequacy of management’s corrective actions.
- Review the University Compliance Office’s procedures for the receipt, retention, and treatment of complaints received regarding accounting, internal controls, and auditing matters.
- Receive at least annually a summary of calls to the hotline and the related disposition of such matters.
- Periodically review the Code of Conduct for adequacy and approve any significant amendments or revisions to the Code of Conduct. Periodically review the processes for and results of Code of Conduct communications and certifications.
E. Affiliated Organizations
- Review the adequacy of audit coverage of the University’s affiliated organizations.
F. Legal Matters
- Receive reports from the University’s Office of the Vice Chancellor and General Counsel concerning any legal or regulatory matters that may have a material impact on the financial statements, thereby confirming that appropriate senior management (Chancellor and CFO) receive timely, complete reports on legal or regulatory matters that may have a material impact on the financial statements or disclosures for which they are responsible.
G. Forms 990 and 990T
- Review the University’s Form 990 annually, along with significant changes in reporting from the prior year.
- Review of the University’s insurance programs.
I. Enterprise Risk Management
- Oversee the Enterprise Risk Management Program, including the methods adopted to identify and assess institutional risks and measures taken by management to mitigate those risks
- Receive periodic reports from the University’s Executive Enterprise Risk Council (EERC), management, Internal Audit, the University Compliance Office, and area-specific compliance offices regarding University risk assessments and risk mitigation activities undertaken by management.
- Request special reports on any topic at the Committee’s discretion. This responsibility includes the authority to request reports from management and also to engage outside legal counsel or other advisors at the University’s expense.
- Ensure that the University is following the approved conflict of interest policies as adopted by the Board of Trustees.
- Communicating to the Board of Trustees as appropriate.
III. Audit, Risk and Compliance Committee Meetings and Composition
- The Audit, Risk and Compliance Committee meets four times annually. Currently these meetings occur on the morning of the day of each regular Board meeting in October, December, March, and May. The Committee Chair may also call additional meetings as deemed necessary.
- Voting members of the Committee must be independent and members of the University’s Board of Trustees.
- Committee members should be financially knowledgeable. At least one Committee member should have accounting or financial management expertise.
- The Executive Director of Compliance and Audit will act as the primary administrative liaison to the Committee. The administrative liaison will be available to assist the Committee as requested.
- The Committee will periodically evaluate and discuss its own performance relative to its purpose and the responsibilities described in this Charter.
- The Committee will review and assess the adequacy of this Charter at least annually and will submit any proposed changes to the Charter to the Board for approval.