BP 7-01 – Audit Committee Authority and Charter

State Board for Community Colleges and Occupational Education


BP 7-01

APPROVED: June 13, 2007
EFFECTIVE: July 1, 2007
REVISED: February 8, 2023
RETITLED: February 8, 2023

REFERENCE(S): Board Bylaws; The Institute of Internal Auditors’ (IIAs’) International Professional Practices Framework (IPPF)

APPROVED:

/ S.R. Heath, Jr. /
The Honorable S.R. Heath, Jr., Chair

POLICY STATEMENT

The Board Audit Committee (Committee) is a committee of the State Board for Community Colleges and Occupational Education (Board). This policy defines the purpose and authority of the Committee, as well as the Internal Audit Charter.

SCOPE

This policy applies to all members of the Audit Committee and System Internal Audit in the Colorado Community College System, including its Colleges (CCCS or System).

DEFINITIONS

“Fiduciary Responsibilities” include assessing risk and addressing matters including financial statement reporting, internal controls, compliance with applicable laws, regulations, Board Policies, and System Procedures. These responsibilities are to include fraud prevention and detection.

“Financial Expert” is an individual who possesses one or more of the following:

  • An understanding of “Generally Accepted Accounting Principles” (GAAP) and financial statements;
  • The ability to assess the general application of such principles in connection with the accounting for estimates, accruals, and reserves;
  • Experience preparing, auditing, analyzing, or evaluating financial statements that present a breadth and level of complexity of accounting issues that are generally comparable to the breadth and complexity of issues that can reasonably be expected to be raised by the Colorado Community College System’s financial statements, or experience actively supervising one or more persons engaged in such activities;
  • An understanding of internal controls; and/or
  • An understanding of audit committee functions.

These attributes may be acquired in one or more ways:

  • Education and experience as a principal financial officer, principal accounting officer, controller, public accountant or auditor, or experience in one or more positions that involve the performance of similar functions;
  • Experience actively supervising a principal financial officer, principal accounting officer, controller, public accountant or auditor, or person performing similar functions;
  • Experience overseeing or assessing the performance of public accountants with respect to the preparation, auditing, or evaluation of financial statements; and/or
  • Other experience relevant to audits, investigations, or financial operations.

COMPOSITION OF BOARD MEMBERS AND QUALIFICATIONS

  • The Committee shall be appointed by the Chair of the Board and approved by the Board.
  • The Committee shall consist of at least three Board members and the Chancellor, who will serve as a non-voting member.
  • At least one member of the Committee will be a Financial Expert, as defined in this policy. In the event the Board does not have a member who meets the qualifications of a financial expert, this shall not nullify the authority, activities, or actions of the Audit Committee.
  • The Chair of the Board shall appoint, and be approved by the Board, one of the members of the Audit Committee as its Chair.

AUTHORITY OF THE COMMITTEE

The Committee has the authority to authorize audits and investigations through the operation of the System Office Internal Audit Department. To allow for independent analysis and investigation, the Committee shall delegate audit and investigation oversight to the System Office’s Director of Internal Audit. The Committee may retain independent auditors, legal counsel, accountants, or others, as it deems necessary, to assist it in the conduct of any audit or investigation.

While the Audit Committee has the responsibilities and powers set forth in this policy, it is not the Committee’s duty to plan or conduct audits or to determine that the System’s financial statements are complete, accurate, and in accordance with generally accepted accounting principles. System Office executive leadership is responsible for the preparation, presentation, and integrity of the System’s financial statements and for the appropriateness of the accounting principles and reporting policies used. The independent auditors contracted by the Colorado Office of the State Auditor are responsible for auditing the System’s financial statements.

DUTIES OF THE AUDIT COMMITTEE CHAIR

The Chair shall:

  • Provide the Board with reports on the activities of the Internal Audit department.
  • Ensure the Audit Committee is provided training to fulfill its role.
  • Ensure the budget for the Internal Audit Department is presented to the Board for approval annually as well as any recommendations for spending needs to fulfill its mission.
  • Regularly charge the Committee with reviewing the Audit Committee and Internal Audit Department Charter.
  • Report whistleblower complaints as necessary to the Board Chair, in compliance with Board Policy 3-71, Whistleblower Protection Policy.
  • Be informed by the Vice Chancellor of Administration and Finance of personnel actions related to the Director of Internal Audit; including appointment, compensation, and termination.
  • Approve the risk-based internal audit plan and review progress towards the annual audit plan.
  • Make appropriate inquiries of management and the Director of Internal Audit, to determine whether there is inappropriate scope or resource limitations.
  • Review Financial Reporting with management and the independent auditor at the completion of the annual audit:
    • The annual financial statements, management’s discussion and analysis, related footnotes, compliance report, findings, and auditors’ report.
    • All alternative treatments of financial information that have been discussed with management.
    • Critical accounting policies and practices that are in place.
    • All significant written communications between the auditor and management such as management letter comments and the schedule of unadjusted differences.
    • Any significant changes required in the independent accountant’s audit plan.
    • Other matters related to conduct, which should be communicated to the Committee under generally accepted auditing standards.
  • External Audit:
    • Review the scope and approach of the annual audit with the independent auditors.
    • Assess the external auditor’s process for identifying and responding to key audit and internal control risks.
    • The external auditor shall have direct access to the Committee and shall meet privately, without members of management present, at least once during the course of the audit.
    • Receive communication directly from the external auditor regarding any matters that arose during the course of their audit.

MEETINGS

In meeting its responsibilities, the Committee shall perform duties to include those noted within the following areas:

  • The Committee shall meet four times per year, or more frequently as circumstances require.
  • The Committee may include other ad hoc individuals, to include, but not limited to, the following: System Office leadership; Contracted auditors; System Office auditors; and/or other personnel employed by the Colorado Community College System.
  • The Committee will periodically meet with members of System Office leadership separately, in executive session, pursuant to Colorado law, to discuss matters relevant to the Audit Committee’s charge.

FINANCIAL COMPLIANCE AND OPERATIONAL FUNCTIONS

  • Review any matters involving a conflict of interest or matters involving a breach of ethics if they involve personnel at a management level within the System.
  • Review and recommend for approval procedures for the receipt, retention, and treatment of whistleblower complaints received by the System.
  • Review, on a periodic basis, summary information documenting complaints submitted relating to accounting, internal controls, misuse, abuse, or misappropriation of resources and inappropriate personnel activity regardless of action taken or outcome of such action.
  • Review facts related to any fraud or misconduct committed by employees or senior management of the System Office or of the Colleges.
  • Review and evaluate the effectiveness of the System’s process for assessing significant risks or exposures and the steps management has taken to monitor and control such risks.
  • Inquire of management, internal audit, and the external auditor about risks facing the System.
  • Provide oversight of the Director of Internal Audit and the activities of the internal audit department.
  • Ensure the adequacy of procedures to protect confidentiality of information obtained through the activities of the internal audit department.
  • Periodically review Committee effectiveness.

OTHER RESPONSIBILITIES

Report regularly to the full Board any issues that arise with respect to:

  • The quality or integrity of the System’s financial statements, not to duplicate communications and activities reported through the external audit.
  • The System’s compliance with legal or regulatory requirements.
  • The performance of the internal audit function.
  • Any other matters in the Committee’s performance of its duties that the Committee views important to present to the full Board.

INTERNAL AUDIT CHARTER

PURPOSE AND MISSION

The purpose of the Colorado Community College System’s (CCCS’s) Internal Audit Department is to provide independent, objective assurance and consulting services designed to add value and improve CCCS’s operations. The internal audit department’s mission is to provide independent examination and analysis of the activities of the thirteen Colleges and the System Office. Internal audit also performs required audits of the recipients of Colorado Technical Act and Perkins funds. The internal audit department helps CCCS accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.

STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING

The internal audit department will govern itself by adherence to the mandatory elements of The Institute of Internal Auditors’ (IIAs’) International Professional Practices Framework, including the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing, and the Definition of Internal Auditing. The Director of Internal Audit will report periodically to senior management and the audit committee regarding the internal audit department’s conformance to the Code of Ethics and the Standards.

AUTHORITY

The Director of Internal Audit will report functionally to the audit committee and administratively (e.g., day-to-day operations) to the Vice Chancellor for Finance and Administration.

The Director of Internal Audit will have unrestricted access to, and communicate and interact directly with, the audit committee, including in private meetings without management present.

The audit committee authorizes the internal audit department to:

  • Have full, free, and unrestricted access to all functions, records, property, and personnel pertinent to carrying out any engagement, subject to accountability for confidentiality and safeguarding of records and information.
  • Allocate resources, set frequencies, select subjects, determine scopes of work, apply techniques required to accomplish audit objectives, and issue reports.
  • Obtain assistance from the necessary personnel of CCCS, as well as other specialized services from within or outside CCCS, in order to complete the engagement.

INDEPENDENCE AND OBJECTIVITY

The Director of Internal Audit will ensure that the internal audit department remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of audit selection, scope, procedures, frequency, timing, and report content. If the Director of Internal Audit determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to appropriate parties.

Internal auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively and in such a manner that they believe in their work product, that no quality compromises are made, and that they do not subordinate their judgment on audit matters to others.

Internal auditors will have no direct operational responsibility or authority over any of the activities audited. Accordingly, internal auditors will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgment, including:

  • Assessing specific operations for which they had responsibility within the previous year.
  • Performing any operational duties for CCCS or its affiliates.
  • Initiating or approving transactions external to the internal audit department.
  • Directing the activities of any CCCS employee not employed by the internal audit department, except to the extent that such employees have been appropriately assigned to auditing teams or to otherwise assist internal auditors.

Where the Director of Internal Audit has or is expected to have roles and/or responsibilities that fall outside of internal auditing, safeguards will be established to limit impairments to independence or objectivity.

Internal auditors will:

  • Disclose any impairment of independence or objectivity, in fact or appearance, to appropriate parties.
  • Exhibit professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined.
  • Make balanced assessments of all available and relevant facts and circumstances.
  • Take necessary precautions to avoid being unduly influenced by their own interests or by others in forming judgments.

The Director of Internal Audit will confirm to the audit committee at least annually, the organizational independence of the internal audit department.

The Director of Internal Audit will disclose to the audit committee interference and related implications in determining the scope of internal auditing, performing work, and/or communicating results.

SCOPE OF INTERNAL AUDIT ACTIVITIES

The scope of internal audit activities encompasses, but is not limited to, objective examinations of evidence for the purpose of providing independent assessments to the audit committee, management, and outside parties on the adequacy and effectiveness of governance, risk management, and control processes for CCCS.

Internal audit assessments include evaluating whether:

  • Risks relating to the achievement of CCCS’s strategic objectives are appropriately identified and managed.
  • The actions of CCCS’s officers, directors, employees, and contractors are in compliance with CCCS’s policies, procedures, and applicable laws, regulations, and governance standards.
  • The results of operations or programs are consistent with established goals and objectives.
  • Operations or programs are being carried out effectively and efficiently.
  • Established processes and systems enable compliance with the policies, procedures, laws, and regulations that could significantly impact CCCS.
  • Information and the means used to identify, measure, analyze, classify, and report such information are reliable and have integrity.
  • Resources and assets are acquired economically, used efficiently, and protected adequately.

The Director of Internal Audit will report periodically to senior management and the audit committee regarding:

  • The internal audit department’s purpose, authority, and responsibility.
  • The internal audit department’s plan and performance relative to its plan.
  • The internal audit department’s conformance with The IIA’s Code of Ethics and Standards, and action plans to address any significant conformance issues.
  • Significant risk exposures and control issues, including fraud risks, governance issues, and other matters requiring the attention of, or requested by, the audit committee.
  • Results of audit engagements or other activities.
  • Resource requirements.
  • Any response to risk by management that may be unacceptable to CCCS.

The Director of Internal Audit also coordinates activities, where possible, and considers relying upon the work of other internal and external assurance and consulting service providers as needed. The internal audit department may perform advisory and related client service activities, the nature and scope of which will be agreed upon with the client, provided the internal audit department does not assume management responsibility.

Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during engagements. These opportunities will be communicated to the appropriate level of management.

RESPONSIBILITY

The Director of Internal Audit has the responsibility to:

  • Submit, at least annually, to senior management and the audit committee a risk-based internal audit plan for review and approval.
  • Communicate to senior management and the audit committee the impact of resource limitations on the internal audit plan.
  • Review and adjust the internal audit plan, as necessary, in response to changes in CCCS’s business, risks, operations, programs, systems, and controls.
  • Communicate to senior management and the audit committee any significant interim changes to the internal audit plan.
  • Ensure each engagement of the internal audit plan is executed, including the establishment of objectives and scope, the assignment of appropriate and adequately supervised resources, the documentation of work programs and testing results, and the communication of engagement results with applicable conclusions and recommendations to appropriate parties.
  • Follow up on engagement findings and corrective actions, and report periodically to senior management and the audit committee any corrective actions not effectively implemented.
  • Ensure the principles of integrity, objectivity, confidentiality, and competency are applied and upheld.
  • Ensure the internal audit department collectively possesses or obtains the knowledge, skills, and other competencies needed to meet the requirements of the internal audit charter.
  • Ensure trends and emerging issues that could impact CCCS are considered and communicated to senior management and the audit committee as appropriate.
  • Ensure emerging trends and successful practices in internal auditing are considered.
  • Establish and ensure adherence to policies and procedures designed to guide the internal audit department.
  • Ensure adherence to CCCS’s relevant policies and procedures unless such policies and procedures conflict with the internal audit charter. Any such conflicts will be resolved or otherwise communicated to senior management and the audit committee.
  • Ensure conformance of the internal audit department with the Standards, with the following qualifications:
    • If the internal audit department is prohibited by law or regulation from conformance with certain parts of the Standards, the Director of Internal Audit will ensure appropriate disclosures and will ensure conformance with all other parts of the Standards.
    • If the Standards are used in conjunction with requirements issued by other authoritative bodies, the Director of Internal Audit will ensure that the internal audit department conforms with the Standards, even if the internal audit department also conforms with the more restrictive requirements of other authoritative bodies.

ASSURANCE AND IMPROVEMENT PROGRAM

The internal audit department will maintain a quality assurance and improvement program that covers all aspects of the internal audit department. The program will include an evaluation of the internal audit department’s conformance with the Standards and an evaluation of whether internal auditors apply The IIA’s Code of Ethics. The program will also assess the efficiency and effectiveness of the internal audit department and identify opportunities for improvement. The Director of Internal Audit will communicate to senior management and the audit committee on the internal audit department’s quality assurance and improvement program, including results of internal assessments (both ongoing and periodic) and external assessments conducted at least once every five years by a qualified, independent assessor or assessment team from outside CCCS.