The Committee on Risk and Audit has oversight responsibility for monitoring: the University’s process for identifying, assessing, managing and reporting key risks; the compliance by the University with legal and regulatory requirements and the policies of the Corporation; the adequacy of the University's systems of internal controls; the integrity of Brown University’s external financial reporting; the quality, security and integrity of the University’s information and technology; and the independence and performance of the University's internal and external auditors.
RESPONSIIBILITIES AND DUTIES
The Committee shall have unrestricted access to members of the administration and other employees of the University, as well as all information relevant to the carrying out of its responsibilities. The Committee shall have the power to conduct or authorize investigations into any matters within the Committee's scope of responsibilities.
The Committee shall, with the assistance of the administration, the auditors and legal counsel, as the Committee deems appropriate, review and evaluate the Committee's:
- powers and responsibilities; and
The Committee shall be empowered to retain, at the University's expense, independent counsel, accountants or others for such purposes as the Committee, in its sole discretion, determines to be appropriate to carry out its responsibilities.
B. Risk Management
The Committee will review the University's process for identifying, assessing, managing, monitoring, and reporting key risks that might impair the achievement of Brown's strategic goals and objectives.
The Committee will monitor the administration's progress with respect to risk identification, prioritization, assessment, actions plans and monitoring.
The Committee will review the assignment of specific risks to Corporation Committees for oversight.
On an annual basis the Committee shall receive, review and accept risk management plans prepared by the administration in areas appropriate and relevant to the charge of the Committee. The Committee will also receive, review and accept risk management plans accepted by other Corporation Committees.
C. Compliance with Laws, Regulations and Policies
The Committee shall review with the administration actions taken to ensure compliance with applicable laws and regulations, as well as policies which may be established by the Corporation.
The Committee shall review with the University's General Counsel any legal compliance matters and litigation that could have a significant, or material adverse impact on the University.
The Committee shall periodically review the University's code of conduct and ethics to ensure that it is adequate and current.
The Committee shall periodically review the University’s conflict of interest policy and annually review the summary of conflict of interest disclosure statements completed by Corporation members, officers and others; and as appropriate, review any related supporting documentation.
D. Internal Controls
The Committee shall review at least annually, with the administration, internal audit and the external auditors, if deemed appropriate by the Committee, the effectiveness of or weaknesses in the University's internal controls, including computerized information system controls and security, the overall control environment and accounting and financial controls.
The Committee shall obtain, from the external auditors, their recommendations regarding internal controls and other matters relating to the accounting procedures and the books and records of the University, and review the correction of controls deemed to be deficient.
The Committee shall review:
- the appointment, performance and replacement of the senior internal auditing executive, and the activities, organizational structure and qualifications of the persons responsible for the internal audit function;
- the internal audit plan, staffing and budget; and
- material findings of internal audit reviews and the administration’s response, including any significant changes required in the internal auditor’s audit plan or scope and any material difficulties or disputes with the administration encountered during the course of the audit.
The Committee shall review the administration's procedures for the receipt, retention and treatment of complaints received by the University regarding accounting, internal accounting controls or auditing matters.
The Committee shall review major financial risk exposures and the guidelines and policies which the administration has put in place to govern the process of monitoring, controlling and reporting such exposures.
E. Financial Reporting
The external auditors are ultimately accountable to the University and the Committee. The Committee shall evaluate and recommend to the University the selection and, where appropriate, the replacement of the external auditors.
The Committee shall:
- review the scope, plan and procedures to be used on the annual audit, as recommended by the external auditors;
- review the results of the annual external audits; and, as to the Brown University financial statement audit and the A-133 audit, accept the reports provided by the external auditors;
- review and discuss significant estimates and judgments underlying the financial statements, including the rationale behind those estimates, as well as the details on material accruals and reserves and the University's accounting policies;
- review all critical accounting policies and practices as brought to its attention by the administration and/or the external auditors; and
- review the Form 990 in advance of being provided to the full board and filing with the IRS. In addition, the Committee will be informed about the adequacy of other required tax filings and compliance processes.
The Committee shall meet at least annually with the administration, the senior internal auditing executive, the chief risk officer, and the external auditors, in executive sessions to discuss any matters that the Committee, or each of these groups, believes should be discussed privately.
F. Information and Technology
The Committee will review the University’s process for aligning information technology with University goals as it relates to governance, data, security, and other risks; and will periodically meet with the Chief Information Officer and others as appropriate.
G. Annual Self-Assessment of Committee Performance
The Committee shall conduct a self-assessment of its performance annually.
The Committee shall consist of the Treasurer, ex officio, and no fewer than five current members of the Corporation, and up to three individuals who are not current members of the Corporation, each of whom must be independent of the administration, as well as the University and each of its affiliates. At least one member of the Committee shall have accounting or related financial management expertise, as the Corporation interprets such qualification in its judgment.
The Committee shall be staffed by the Executive Vice President for Finance and Administration.