Whereas it is a primary function of the University of Connecticut Board of Trustees and University of Connecticut Health Center Board of Directors (hereinafter referred to collectively as the “Board”) to ensure effective control of the administration and operations of the University of Connecticut and University of Connecticut Health Center (hereinafter referred to collectively as the “University”), the Joint Audit and Compliance Committee (JACC) of the Board of Trustees mandates the establishment of the Office of Audit, Compliance and Ethics (OACE). It shall report functionally to the Chair of the JACC and report for administrative purposes only to the President.
The functions of OACE are prerogatives of the Chief Audit and Compliance Officer, which may not be infringed upon nor otherwise compromised. OACE shall be organized at the discretion of the Chief Audit and Compliance Officer for optimum effectiveness.
OACE will have uninhibited access to all files, documents and related information (except as may be restricted by law).
The purpose of OACE is to provide the Board and the President an independent appraisal of the adequacy and the effectiveness of the University’s system of internal administrative and accounting controls and the quality of performance when compared with established standards. Further, it is established to promote a University-wide culture of compliance and ethics. OACE also serves as the centralized office for compliance with Privacy laws. The primary objective is to assist the Board, the President, and Senior University Administration in the effective discharge of their responsibilities.
Standards and Independence
The audit services function will operate generally within the guidelines of the Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing or other professional guidance as the Chief Audit and Compliance Officer determines appropriate. In addition, where applicable, audit services will follow Generally Accepted Government Auditing Standards (GAGAS).
The compliance function will operate within the guidelines of the various standards for conduct and professional practice for compliance professionals (e.g., Society for Corporate Compliance and Ethics Code of Professional Ethics) as the Chief Audit and Compliance Officer determines appropriate.
OACE staff will be members of appropriate professional associations and will participate in continuing education to remain current with best practices and emerging issues in the areas of audit, compliance and ethics.
OACE staff will be independent in fact and appearance by upholding the principles of integrity, objectivity, confidentiality, and competency. Staff will be independent of the activities or operations they review, they will not engage in any activity which would impair their independence of judgment, and they shall be independent of any other influence or control of any kind.
Scope and Responsibility
In consultation with the JACC, the Chief Audit and Compliance Officer shall plan, implement, report upon, supervise and be responsible for all internal audit activities, consulting services, compliance activities, and associated personnel within the framework of this Charter.
OACE will fulfill its responsibility to the Board and the President by:
- Maintaining audit and compliance activity plans based on an on-going risk analysis which includes consideration of the University’s goals and objectives and the concerns of management and the Board.
- Providing audit and compliance coverage that consistently meets the needs and expectations of management.
- Following up on identified weaknesses, findings, and recommendations from previous audit work and compliance reviews.
- Participating in a program of quality assurance designed to ensure the increasing professionalism of OACE personnel and the work performed.
- Performing consulting services including advisory and related service activities, the nature and scope of which are agreed upon and which are intended to add value and improve the University’s governance, risk management, and control processes without assuming management responsibility. Examples include counsel, advice, facilitation, training, and committee service.
- Promoting awareness of the University’s Code of Conduct, compliance risk, and the objectives of compliance activities through communicating with and educating the University community.
- Developing effective ways to mitigate compliance risk though collaboration with the University community and the implementation of appropriate monitoring plans.
- Acting as a liaison with the State of Connecticut Office of State Ethics and State Auditors of Public Accounts.
The scope of audit and compliance activities will include all controls, reports, and operations of the University. OACE may examine and evaluate the following:
- The reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report information.
- The systems established to ensure compliance with policies, plans, procedures, laws, and regulations that could have a significant impact on the University.
- The means of safeguarding assets and verifying their existence.
- The economy and the efficiency with which resources are employed.
- The extent to which the operations and programs of the University are consistent with its objectives and goals.
- The extent to which information technology governance sustains and supports the University’s strategies and objectives.
- The ethics objectives and activities of the University.
- The potential for fraud and the management of fraud risk.
OACE will help ensure that the University
- Develops and implements effective training programs to ensure that employees are aware of, adhere to and report potential violations of laws, regulations, policies, and procedures;
- Investigates potential violations of laws, regulations, and policies;
- Establishes and publicizes a confidential reporting mechanism to allow University employees and agents to report or seek guidance regarding potential or actual criminal or other non-compliant conduct without fear of retaliation; and,
- Develops innovative and effective ways to collaborate with the University community to mitigate compliance risk.
The results of audit engagements and significant compliance assessments, the conclusions formed, and the recommendations made, are promptly reported to the appropriate personnel at the University, with the JACC, and with senior University administration. OACE will report to the JACC periodically on the status of management’s corrective actions on reported deficient conditions.
Approved by the Joint Audit & Compliance Committee on December 16, 2016.