Internal Audit

Audit Committee Charter

Reviewed and approved: October 19, 2018

I. Purpose

The purpose of the Audit, Risk and Compliance Committee (ARCC) is to assist the Board of Trustees in fulfilling its responsibilities related to:

  • Adequacy and effectiveness of systems of internal control
  • Integrity of the university's financial statements and other financial reporting
  • Independence and performance of the external and internal audit functions
  • Sufficiency of the university's process to manage business and financial risk
  • Adequacy of the university's process to ensure regulatory compliance

The Committee's duties do not replace or duplicate established management responsibilities and delegations. Instead, the Committee serves in an advisory capacity to guide the direction of management's actions and sets broad policy for ensuring accurate financial reporting, sound risk management, and ethical behavior.

II. Organization

1. Charter

At least annually, this charter shall be reviewed and reassessed by the Committee and any proposed changes shall be submitted to the Board of Trustees for approval.

2. Members

The ARCC shall be a standing committee of the Board of Trustees. The number of members is set within the Board of Trustees Procedural Policies. Each ARCC member must be independent of management of the university and free of any relationship that would impair such independence. Members may not receive consulting, advising or other fees from the university. If possible, at least one member should be a financial expert, and the other members should be able to understand financial information and statements. A financial expert is someone who has an understanding of generally accepted accounting principles and financial statements; experience in applying such principles; experience in preparing, auditing, analyzing or evaluating financial information; experience with internal controls and procedures for financial reporting; or an understanding of the audit, risk, and committee function.

3. Meetings

The ARCC shall meet no fewer than four (4) times a year. The Committee will invite members of management, auditors, legal counsel, and others to attend the meetings and to provide pertinent information as requested. The ARCC may request to meet privately with the Chief Audit Executive (CAE) from the Office of Internal Audit. Minutes of the meetings shall be maintained.

III. Responsibilities

The ARCC's principal duties and responsibilities shall be the following:

1. Internal Controls

A. Monitor Controls

Monitor internal control systems at the university through reports of the activities of the internal and external auditors.

B. Internal Control Review

Review with management and the CAE the adequacy and effectiveness of the university's business, financial and information systems controls. Recommend new or enhanced controls or procedures as needed.

C. Whistleblowing Procedures

Oversee the university's mechanisms for receiving, resolving, and retaining records of complaints regarding accounting, internal control, and auditing matters. Receive briefings from management or the CAE regarding any significant complaints or misuse of State property.

2. Financial Reporting

A. External Communications

Review the audit engagement letter and other significant audit related communications from the Office of the State Auditor and any other external auditors as applicable. The Office of the State Auditor will be directed to copy the Committee on any such communications.

B. Consultations with Auditors

Be available to meet with the State Auditor, his/her staff, and other external auditors for consultation purposes or to discuss judgments about the quality, not just the acceptability, of the university's accounting principles and underlying estimates in its financial statements.

C. Financial Reporting

Review and forward with recommendations to the full Board significant management initiatives involving financial statements and financial reporting matters.

3. External and Internal Audit Functions

A. Internal Audit Operations

Review and approve the Internal Audit Charter, audit schedules, goals, annual plans, and the annual financial report. Confirm with the CAE efforts to coordinate the work of the Office of Internal Audit, the Office of the State Auditor, and other external auditors to ensure complete audit coverage, reduce duplication of work, and use audit resources effectively.

B. Audit Reports

Review internal audit reports and summaries of external and internal audit activities.

C. Consultations with Auditors

Review and resolve any significant disagreement between management and the Office of the State Auditor, the Office of Internal Audit, or other external auditors in connection with the preparation of the financial statements or with other audits.

D. Request of Audits and Other Reviews

Request supplemental reviews or other audit procedures by the Office of Internal Audit, the Office of the State Auditor, or other advisors. The university shall provide appropriate funding as determined by the Committee for payment to advisors.

E. Communication

Provide a direct channel of communication to the full Board for the Office of Internal Audit and the Office of the State Auditor.

F. Chief Audit Executive

Consult with the Chancellor regarding the selection and removal of the CAE.

4. Institutional Risk Management

A. Risk Management

Annually review management's processes with respect to institutional risk management and meet with the individual(s) responsible for institutional risk management as needed.

B. Compliance

Annually review management's processes with respect to compliance and meet with the individual(s) responsible for compliance as needed.

C. Legal Matters

Consult with the General Counsel to review any legal matters that may have a material impact on the university.

The ARCC may modify or supplement these duties and responsibilities as needed.