Audit Committee Charter
From Appalachian State University Policy Manual
1.1 Appalachian State University (the “University”) has chosen to use the North Carolina Office of the State Auditor (the “State Auditor”) to conduct its annual financial audits. The University of North Carolina (“UNC”) Board of Governors has required that the Board of Trustees of each UNC constituent institution have an active audit committee reporting to the Board of Trustees and UNC Board of Governors, and whose purpose, duties and responsibilities are described below.
2.1 The primary purpose of the Audit Committee (the “Committee”) of the Appalachian State University Board of Trustees (the “Board”) is to assist the Board in fulfilling its oversight responsibilities for (i) integrity of the financial statements of the University, (ii) performance of the University’s internal audit function, (iii) assurance that the University is performing self-assessments of operating risks and evaluation of internal controls on a regular basis and (iv) the University’s information security program.
2.2 The Committee’s duties do not replace or duplicate established management responsibilities and delegations. Instead, the Committee serves in an advisory capacity to guide the direction of management’s actions and sets broad policy for ensuring accurate financial reporting, sound risk management, and ethical behavior.
3.1 Financial Expert
- is someone who has an understanding of generally accepted accounting principles and financial statements
- Director of Internal Audits
4 Policy and Procedure Statements
4.1.1 In discharging its responsibilities, the Committee will have unrestricted access to members of management, employees, and relevant information it considers necessary to discharge its duties. The Committee also will have unrestricted access to records, data, and reports. If access to requested documents is denied due to legal or confidentiality reasons, the Committee will follow a prescribed, Board-approved mechanism for resolution of the matter.
4.2.1 The Committee shall be a standing committee of the Board consisting of at least four (4) members of the Board. Each Committee member must be (i) independent of the University’s administrative and executive officers and (ii) free of any relationship that would impair such independence. The members of the Committee shall be selected in the same manner as other committees of the Board.
4.2.2 If possible, at least one member of the Committee must be a financial expert; the other members should be able to understand financial information and statements. For this purpose, a “financial expert” is someone who has an understanding of generally accepted accounting principles and financial statements; experience in applying such principles; experience in preparing, auditing, analyzing, or evaluating financial information; experience with internal controls and procedures for financial reporting; and an understanding of the audit committee function.
4.2.3 The members should collectively possess sufficient knowledge of audit, finance, higher education, information technology, law, governance, risk, and control. Because the responsibilities of the Committee evolve in response to regulatory, economic, and reporting developments, it is important to periodically re-evaluate members’ competencies and the overall balance of skill on the Committee in response to emerging needs.
4.3.1 The Committee shall meet at least four (4) times a year and may hold additional meetings as circumstances require. The Committee will invite representatives of University administration, auditors, legal counsel, and others to attend meetings and provide pertinent information as necessary. It will also hold private meetings with the University’s Chief Audit Officer (the “CAO”) at least annually. Meeting agendas shall be prepared and provided in advance to members, along with appropriate briefing materials. Minutes of the meetings shall be prepared. Committee members should adhere to the values and ethics established by the University. It is the responsibility of Committee members to disclose any conflict of interest or appearance of a conflict of interest to the Committee.
4.4 Duties and Responsibilities
4.4.1 The principal duties and responsibilities of the Committee shall be as follows:
- UNC Board of Governor Requirements:
- Review the results of the University’s annual financial audit with representatives of the North Carolina Office of the State Auditor (OSA), the CAO and/or appropriate campus official(s), and discuss corrective actions, if needed.
- Review the results of any other audit performed and report/management letter (i.e. investigations, Statewide Federal Compliance Audit Reports, etc.) issued by the OSA with representatives of the State Auditor’s Office, the CAO, and/or other appropriate campus official(s).
- For any audit finding contained within a report or management letter issued by the OSA, review the institution’s corrective action plan and the report of the internal auditor on whether or not the institution has made satisfactory progress in resolving the deficiencies noted, in accordance with North Carolina General Statute 116-30.1 as amended.
- Discuss the results of any audit performed by independent auditors and, if there were audit findings, review the institution’s corrective action plan and receive a report of corrective action
- Review all audit reports and management letters of University Associated Entities as outlined in Section 600.2.5.2[R] of the UNC Policy Manual.
- Have a clear and recognized functional reporting relationship with the CAO to enable the CAO to meet privately to discuss professional issues freely with the Committee and its chairperson. The CAO also will report administratively to the Chancellor.
- Receive and review quarterly status updates from the institution’s CAO and internal audit reports that, at a minimum, report material (significant) reportable conditions, management’s corrective action plan for these conditions, and any follow-up reports regarding whether these conditions have been corrected.
- Periodically include an agenda item to hear a presentation from the Chief Information Officer regarding emerging information security matters at its regularly scheduled meetings, in accordance with UNC Policy 1400.2.
- Annually hear a report presented by the Chief Information Officer on the institution’s information security program and information technology security controls, in accordance with UNC Policy 1400.2.
- Receive, review, and approve, at the beginning of the audit cycle, the annual audit plan for the institution’s internal audit function. Developing the annual audit plan should include a consideration of internal control deficiencies as well as the results of the CAO’s consultation with senior management and the Board to obtain an understanding of the University’s strategies, key objectives, associated risks, and risk management processes. Ensure that the internal auditor addresses information security in the risk-based annual audit plan, in accordance with UNC Policy 1400.2.
- Receive and review, at the end of the audit cycle, a comparison of the annual audit plan with internal audits performed by the internal audit department.
- Ensure that internal audit functions are conducted in accordance with professional standards.
- Obtain assurance that the University is performing self-assessment of operating risks and evaluation of internal controls on a regular basis.
- Ensure that the CAO forwards copies of both the approved audit plan and the summary of internal audit results, including any material reportable conditions and how they were addressed, to the UNC System Office in the prescribed format.
- Prepare and forward to the UNC Board of Governors Committee on Audit, Risk Management, and Compliance, an annual summary certification of the work performed by the Committee.
- Institute and oversee special investigations as needed. Receive briefings from management or the CAO regarding fraud, significant complaints or misuse of state property.
- Monitor internal control systems and compliance at the University by reviewing the observations and conclusions of internal and external auditors and the findings of any regulatory agencies.
- Annually review management’s processes with respect to institutional risk management and meet with the individual(s) responsible for institutional risk management as needed.
- Review and approve the internal audit activity charter annually, ensuring that it is consistent with professional standards.
- Ensure that the internal audit activity has a quality assurance and improvement program in place and receive assessment reports annually.
- Ensure that the internal audit activity has an external quality assurance review (“QAR”) every five years. Review the results of the independent QAR and monitor implementation of any recommendations.
- Review and consult with the Chancellor in the appointment, replacement, or dismissal of the CAO.
- Resolve, or assist the Board in resolving, disagreements between management and OSA, the Office of Internal Audits, or other external auditors in connection with the preparation of the financial statements or other audits.
- Engage, in accordance with state laws, rules and regulations, independent counsel or other advisors if and as necessary to carry out its duties. The University shall provide funding as determined by the Committee, subject to the oversight of the Board, for payment to any such advisors that may be engaged by the Committee.
- Perform such other duties and tasks as may be assigned or requested from time to time by the Board.
4.5.1 The Committee, with the assistance of the CAO and University legal counsel, should periodically review and assess the adequacy of this Charter, and propose any suggested revisions or additions to the Board for its consideration. Revisions or additions to this Charter shall be made and effective as approved by the Board.
5 Additional References
7 Contact Information
- Chief Audit Officer, Office of Internal Audits Phone: 828-262-2281
8 Original Effective Date
Adopted by the Board of Trustees of Appalachian State University on September 22, 2006.
9 Revision Dates
- March 22, 2013
- March 16, 2018