Skip to header Skip to Content Skip to Footer

Uncw Audit Risk Compliance Committee Charter

Office of Internal Audit

Below you will find more information about the UNCW Audit, Risk and Compliance Committee Charter.

Effective: February 6, 2025

  1. Purpose

    The purpose of the Audit, Risk and Compliance Committee (ARCC) is to assist the Board of Trustees in fulfilling its oversight responsibilities related to:

    • Adequacy and effectiveness of systems of internal control

    • Integrity of the university’s financial statements and other financial reporting

    • Independence and performance of the external and internal audit functions

    • Sufficiency of the university’s process to manage enterprise, including business, legal, reputational, strategic, and financial, risk

    • Adequacy of the university’s process to facilitate and ensure legal, regulatory, and ethical compliance

    • Compliance with audit and compliance guidelines adopted by the UNC Board of Governors, the UNC System Office, and the North Carolina Office of Internal Audit

    The ARCC’s duties do not replace or duplicate established management responsibilities and delegations. Instead, the ARCC serves in an advisory capacity to guide the direction of management’s actions and sets broad policy for ensuring accurate financial reporting, sound risk management, and ethical behavior.

  2. Organization

    1. Charter. At least annually, this charter shall be reviewed and reassessed by the ARCC and any proposed changes shall be submitted to the Board of Trustees for approval.

    2. Members. The ARCC shall be a standing committee of the Board of Trustees. The number of members is set within the Board of Trustees Procedural Policies. Each ARCC member must be independent of management of the university and free of any relationship that would impair such independence. Members may not receive consulting, advising or other fees from the university. If possible, at least one member should have financial expertise, and the other members should be able to understand financial information and statements. Financial expertise includes: an understanding of generally accepted accounting principles and financial statements; experience in applying such principles; experience in preparing, auditing, analyzing or evaluating financial information; experience with internal controls and procedures for financial reporting; or an understanding of the audit, risk and compliance committee function.

    3. Meetings. The ARCC shall meet no fewer than four (4) times a year. The ARCC will invite members of management, auditors, university legal counsel, and others to attend the meetings and to provide pertinent information as necessary or requested. The Committee will receive reports regarding internal audit, enterprise risk management, compliance, ethics, and information technology governance and security. The ARCC may request to meet or consult privately with the Chief Audit Officer (CAO) from the Office of Internal Audit and/or the General Counsel. Meeting agendas will be prepared and provided in advance to members, along with appropriate briefing materials. Minutes of the meetings shall be maintained.

  3. Responsibilities

    The following shall be the principal duties and responsibilities of the Committee as prescribed by applicable state and UNC System Guidelines and the Global Internal Audit Standards published by the Institute of Internal Auditors:

    1. Internal Controls

      1. Monitor Controls. Monitor internal control systems at the university through reports of the activities of the internal and external auditors. Obtain assurance that the university is performing self-assessments of operating risks and evaluations of internal control on a regular basis.

      2. Internal Control Review. Consider the adequacy and effectiveness of the university’s business, financial, and information systems controls.

      3. Whistleblowing Procedures. Review the university’s mechanisms for receiving, resolving, and retaining records of complaints. Receive briefings from management or the CAO regarding any significant complaints or misuse of State property.

    2. Financial Reporting

      1. External Communications. Receive and review the audit engagement letter, annual financial audit, and other significant audit related communications from the Office of the State Auditor and any other external auditors as applicable. The Office of the State Auditor will be directed to copy the ARCC on any such communications. For any audit finding contained within a report or management letter issued by the Office of the State Auditor, review the university’s corrective action plan and receive a report once corrective action has taken place.

      2. Consultations with Auditors. Be available to meet with the State Auditor, his/her staff, and other external auditors for consultation purposes or to discuss the auditor’s judgments about the quality, not just the acceptability, of any of the university’s accounting principles and underlying estimates in preparation of its financial statements.

      3. Financial Reporting. Receive information on significant management initiatives involving financial reporting matters.

    3. External and Internal Audit Functions

      1. Organizational Reporting. Ensure that the CAO reports to the Chancellor with a clear, recognized reporting relationship to the Committee.

      2. Internal Audit Resources. Review and ensure the Office of Internal Audit has appropriate budget and staff resources.

      3. Internal Audit Operations. Review and approve the Internal Audit Charter, annual risk-based internal audit plan (including any significant changes to the plan), and resource plans. Receive communications from the CAO about the internal audit function and its performance relative to its plan. Ensure a quality assurance and improvement plan has been established and review the results annually. Confirm with the CAO efforts to coordinate the work of the Office of Internal Audit, the Office of the State Auditor, and other external auditors to ensure complete audit coverage, reduce duplication of work, and use audit resources effectively.

      4. Audit Reports. Review internal audit reports and summaries of external and internal audit activities. Ensure that management is devoting adequate attention to issues raised.

      5. Consultations with Auditors. Review and resolve any significant disagreement between management and the Office of the State Auditor, the Office of Internal Audit, or other external auditors in connection with the preparation of the financial statements or with other audits.

      6. Request of Audits and Other Reviews. Request supplemental reviews or other audit procedures by the Office of Internal Audit or other advisors. The university shall provide appropriate funding as determined by the ARCC for payment to advisors.

      7. Communication. Provide a direct channel of communication to the Board of Trustees for the Office of Internal Audit and the Office of the State Auditor.

      8. Chief Audit Officer. Review and provide input to the Chancellor regarding the appointment, replacement, or dismissal of the CAO, including the CAO’s performance evaluation and remuneration.

    4. Enterprise Risk Management and Compliance

      1. Risk Management. Annually review management’s processes with respect to enterprise risk management and meet with the individual(s) responsible for enterprise risk management, as needed.

      2. Compliance. Annually review management’s processes with respect to compliance and meet with the individual(s) responsible for compliance, as needed.

      3. Legal Matters. Consult with the General Counsel to review any risks, compliance, and legal matters that may have a material impact on the university.

    5. Information Technology

      1. Information Technology Governance. Review and discuss audit activity related to information technology matters and address issues of importance in information technology governance at scheduled meetings. Request information and reporting related to the university’s IT governance program, as needed.

      2. Information Security. Ensure that information security is addressed in the annual audit planning and risk assessments that are conducted by the Office of Internal Audit. Include, periodically, an agenda item for emerging information security matters at scheduled meetings. Receive a report, at least annually, on the university’s information security program and information technology security controls from the designated senior officer with information security responsibility.

    The ARCC may modify or supplement these duties and responsibilities as needed.