An Overview: The Role of the Audit Committee in Monitoring, Oversight, and Compliance

1. An Overview: The Role of the Audit Committee in Monitoring, Oversight, and Compliance Derry Harper, Inspector General and Director of Compliance June 18, 2010 www.flbog.edu

2. Duties & Responsibilities: SUS • Per the Audit and Compliance Committee Charter, the Audit Committee is responsible for: • receiving and reviewing university audit reports; • identifying trends in such reports and confirming adverse trends are addressed by the university; • initiating inquiries if the Committee has reasonable cause to believe a UBOT is unwilling or unable to provide an appropriate response to an audit finding. (Emphasis added)

3. Duties & Responsibilities: SUS (con’t.) • directing the Inspector General to conduct an investigation into substantiated allegations of waste, fraud, or financial mismanagement within a state university if the Board determines that a UBOT is unwilling or unable to do so.

4. Duties & Responsibilities: SUS (con’t) • University Board of Trustees Powers and Duties, BOG Regulation 1.001(6)(g): • Each UBOT shall establish policies and procedures for the performance of annual internal audits of university finances and operations. All reports of such audits must be submitted to the BOG via the Inspector General. (Emphasis added.)

5. Types of Audit Reports Received • Financial and Operational Audits conducted by the Auditor General • Independent audited financial statements of Direct Support and Health Services Support Organizations, and Form 990s • Audits of federal award, contracts & grants received by universities (Florida Single Audit Act)

6. Internal Audit Reports • UBOT Powers and Duties Regulation requires all eleven universities to submit internal audit reports conducted by university auditors. • BOG SUS Management Information System Regulation [3.007] establishes the State University System Data Collection Process.

7. The Inspector General’s Role • As directed by the Audit Committee, the IG reviews each audit report to: • Identify adverse trends • Follow-up with universities regarding findings and corrective actions • Provide comments and suggestions to Chancellor and Board Senior Staff for enhancing internal controls.

8. Institutional Compliance Program • Broadly Defined: • A program that has been reasonably designed, implemented, and enforced so that it will generally be effective in preventing and detecting violations of law. • Program must evidence the organization’s “due diligence” in seeking to prevent and detect violations of law.

9. The Brogan Doctrine • Step 1: Establish Compliance Program • Identify Project Owner or Champion • Establish a Steering Committee • Step 4: Establish Systematic Compliance Program • Develop Compliance Matrix • Training • Monitoring • Identify areas of non-compliance • Corrective Action Plan Process • Step 2: Identify Key Objectives • List Key Objectives • Prioritize Key Objectives • Step 3: Identify Key • Compliance Risk Areas • Brainstorm and assess high risk areas • Assign high risk areas to process owner

10. Florida Constitution U.S. Constitution BOG/Chancellor State Statutes Federal Statutes BOG Policy Regulations, Policies & Procedures Charters BOG Internal Operating Policies & Procedures BOG Regulations External Policies & Procedures External Policies & Procedures???? Compliance Matrix - Schema

11. Regulation Compliance Project (RCP) • The RCP was launched Fall 2009: • 89 BOG Regulations to be reviewed or analyzed • Access database created to record analyses • To date, approximately 25% analyzed • IG will review reports and make recommendations to Senior Staff for enhancing and improving existing procedures.

12. Next Steps • BOG Compliance Steering Committee - comprised of Senior Staff from all units • SUS Compliance Work Group – comprised of representatives from four universities • Each work group will assist the IG in developing a recommendation for the establishment of a compliance program for the Board Office and the State University System.