Adopted Date: 09-12-1996
This policy applies to the controls, risk management and organizational governance of the University.
The Audit and Compliance Committee will assist and advise the Board of Regents in fulfilling its oversight responsibilities for the University's financial reporting, internal controls, risk management, performance of external and internal auditors, compliance with laws and regulations, and compliance programs. The Audit and Compliance Committee will review all contracts for audit and non-audit services provided by independent public accountants and recommend action to the Board. The internal auditors, external auditors, and Chief Compliance Officer shall have direct access to the Audit and Compliance Committee and the Board.
The Audit and Compliance Committee of the Board of Regents shall consist of one member from each of the Regents' standing committees. The Board President shall appoint members to the Audit and Compliance Committee, and appoint the chair and the vice chair. The Board President shall be an alternate member, serving in the absence of a regular committee member. One member shall be designated as the "financial expert." This Regent shall possess financial expertise, including but not limited to an understanding of generally accepted accounting principles, financial statements, internal controls, and audit functions.
The Audit and Compliance Committee shall meet four or more times a year. At least annually, the Audit and Compliance Committee shall meet separately in executive session with the external auditors and ask for comments on management support of the audit function, quality of audit effort, quality of internal controls, and other areas of concern. As needed, the Audit and Compliance Committee and Board will meet in executive session with the Director of Internal Audit and the Chief Compliance Officer.
The University shall maintain proper financial accounts and records and prepare annual financial statements in accordance with generally accepted accounting principles. The University President and the Executive Vice President for Administration must attest that the annual financial statements accurately reflect the financial position of the University.
External Audits and Reviews
The University's financial accounts and records shall be audited annually by independent public accountants approved by the Higher Education Department and the State Auditor. The Audit and Compliance Committee will recommend to the Board the independent public accountants to conduct the annual audit. The independent public accountants who perform the annual audit are prohibited from providing consulting services to the University. The audit shall be conducted in accordance with generally accepted auditing standards.
The Audit and Compliance Committee will review the audit scope and approach and oversee the audit. To the extent deemed necessary and desirable, the Audit and Compliance Committee will maintain direct and separate avenues of communications with the external auditors. As soon as feasible after the end of the fiscal year, the Board of Regents will review the annual audit report, including the management letter and response, with the external auditors and will take action to approve the report. The report must also be approved by the State Auditor.
In addition to the annual audits conducted by external auditors, other parties, such as federal and state agencies, may conduct financial audits and compliance or regulatory reviews of the University’s projects and programs. In the event that a University department becomes aware of such an audit or review, the department must notify the Director of Internal Audit, and provide the Director with a copy of the final report issued to the University for the audit. The Director of Internal Audit will notify the Audit and Compliance Committee of any significant risks or deficiencies noted in the report.
Internal Audit Department and Compliance Office
Both the Director of the Internal Audit Department and the Chief Compliance Officer report functionally to the Board, and administratively to the University President. The Internal Audit Department and Compliance Office shall be free from interference in determining the scope of internal auditing, compliance reviews, performance of work, or communication of results. The Audit and Compliance Committee will review and approve the annual audit plan and budget submitted by the Director of Internal Audit and the compliance plans submitted by the Chief Compliance Officer. The Committee will receive quarterly reports from the Director of Internal Audit and the Chief Compliance Officer on the status and results of the audit and compliance plans and significant audit and compliance findings. The Audit and Compliance Committee will meet with the Director of Internal Audit and the Chief Compliance Officer to review the University's system of internal controls and the adequacy of accounting, financial, and operational policies and practices on financial and compliance reporting.
Discussions regarding the hiring, performance evaluation, compensation, and termination of the Director of Internal Audit require endorsement of the Audit and Compliance Committee.
Audit Act, § 12-6-3, NMSA 1978; NMAC 126.96.36.199., 188.8.131.52; RPM 3.7 ("Health Sciences Center Institutional Compliance Program"); RPM 7.2 ("Internal Auditing and Compliance")