Appendix B ‐ Charter of the Compliance and Audit Committee

Adopted July 20, 2016
Amended March 16, 2017
Amended January 25, 2018

A. Purpose. The Compliance and Audit Committee shall provide strategic direction and oversight, make recommendations to the Board, and take action pursuant to delegated authority, on matters pertaining to the quality and integrity of the University’s financial reporting systems and controls; the qualifications, performance and independence of the University’s independent financial auditor; the function and performance of the University’s compliance, internal audit and risk management programs; and the University’s commitment to meeting all applicable legal, regulatory and policy requirements.

B. Membership/Terms of Service. The identity, appointment and terms of service of Committee members shall be as specified in Bylaws 24.4 through 24.6, except that neither the President of the University nor the Chief Financial Officer of the University shall be eligible to serve on the Committee. The Committee may include non‐voting advisory members (in addition to Chancellors) with expertise relevant to the work of the Committee.

C. Consent Responsibilities. The Committee shall be charged with recommending action on the following matters which, on approval, shall be placed on the consent agenda of the Board for approval without discussion, unless removed from the consent agenda by motion of any member for separate consideration. Unless otherwise specified, any approval authority for these matters that falls outside parameters expressly reserved to the Board or a Committee is delegated to the President.

• Approval of the audit scope and plan of the independent financial auditor
• Approval of the annual report of the independent financial auditor
• Approval of the annual internal audit and compliance plans
• Approval of the internal audit charter and any amendments
• Approval of the compliance program charter and any amendments
• Approval of litigation settlements and other settlements of disputed claims in which the amounts paid, or the amounts compromised on monies owed, exceed the authority of the General Counsel or other University or Corporation Officer but is less than $5 million.

D. Other Oversight Responsibilities. In addition to the consent responsibilities assigned to the Committee described above, and to the extent not otherwise within such responsibilities, the charge of the Committee shall include reviewing and making recommendations to the Board with regard to the following matters and/or with regard to the following areas of the University’s business:

• Monitoring University compliance with applicable laws, regulations and policies, including those concerning conflicts of interest and financial disclosure, those presenting a risk of a material financial impact to the University, and those relating to the University’s policies prohibiting discrimination and harassment.
• Developing and implementing the University’s compliance program
• Development of a culture attentive to the University’s commitment to ethics and compliance
• Developing an effective program for receiving, monitoring and investigating complaints of alleged improper governmental activities (i.e. a “whistleblower”program)
• The functional reporting relationship of the Senior Vice President—Chief Compliance and Audit Officer with the Committee
• Operational risk management enterprise wide
• Cyber security risks and management response
• Establishing and overseeing the University’s internal audit program
• Internal Audit compliance with the Institute of Internal Auditors’ (IIA’s) International Standards for the Professional Practice of Internal Auditing
• Establishing an effective environmental health and safety program
• Responding to external inquiries such as state and federal regulatory investigations and audits
• Litigation settlements and other settlements of disputed claims
• Monitoring and assuring governance, risk management, and control environment related to financial controls,operational controls and legal compliance are effective
• Developing and implementing corrective actions for identified deficiencies in financial controls or legal compliance
• The appointment of the external independent financial auditor, the external audit plan and the general delivery of these services
• Resolving any disputes between the independent financial auditor and management
• Assuring that the independent financial auditor has access to the Committee for independent discussions, where appropriate
• Reviewing with the independent auditors matters required to be discussed under external auditing standards
• Overseeing development and regular review of the University’s ethics policies and statements of ethical principles with particular attention to compliance with University policies and applicable laws and regulations
• Monitoring and assuring the independence and accountability of the Chief Compliance and Audit Officer and General Counsel to the Board with regard to ethics, compliance, and risk management issues concerning the Office of the President

The assignment of responsibility to this Standing Committee under Paragraphs C and D signifies that it is the Committee to which matters otherwise appropriate for Board consideration generally will be referred and does not create an independent obligation to present a matter to this Standing Committee or its Subcommittee, to the Board or to any other Committee.

E. Independent Experts. The Committee shall have the authority to retain independent legal counsel, following consultation with the General Counsel, and to retain other independent experts, as necessary to conduct the business of the Committee.

F. Expert Advisors. The Committee shall have the authority to retain independent experts and advisors, as necessary to conduct the business of the Committee. Any advisors not otherwise subject to University policy, shall be subject to the laws and policies applicable to Regents governing compensation and reimbursement of expenses, and shall be subject to conflict of interest disclosure and recusal obligations as specified in the University’s Conflict of Interest Code and other applicable policies.