June 7, 2018


MEMORANDUM


TO: The Audit, Compliance, and Risk Committee:


Babur B. Lateef, M.D., Chair

Robert M. Blue

Mark T. Bowles

L. D. Britt, M.D.

Margaret F. Riley, Faculty Member

Frank M. Conner III, Ex Officio

Adelaide Wilcox King, Faculty Consulting Member


and


The Remaining Members of the Board:


Whittington W. Clement

Elizabeth M. Cranwell

Thomas A. DePasquale

Barbara J. Fried

John A. Griffin

Robert D. Hardie

Maurice A. Jones

John G. Macfarlane III

Tammy S. Murphy

James B. Murray Jr.

James V. Reyes

Jeffrey C. Walker

Brendan T. Nigro, Student Member


FROM: Susan G. Harris


SUBJECT: Minutes of the Meeting of the Audit, Compliance, and Risk Committee on June 7, 2018


The Audit, Compliance, and Risk Committee of the Board of Visitors of the University of Virginia met, in Open Session, at 11:15 a.m., on Thursday, June 7, 2018, in the Upper West Oval Room of the Rotunda. Dr. Babur Lateef, Chair, presided.


Present: Frank M. Conner III, L.D. Britt, M.D., Margaret F. Riley, and Adelaide Wilcox King


Monitoring by telephone: Mark T. Bowles


Absent: Robert M. Blue


Barbara J. Fried and James B. Murray Jr. also were present.


Present as well were Melody S. Bianchetto, W. Thomas Leback, Roscoe C. Roberts, Colette Sheehy, and Robert M. Tyler.


James S. Matteo, Gary S. Nimax, Carolyn D. Saint, and Eric M. Sandridge were the presenters. Mr. Sandridge participated by telephone.


Dr. Lateef opened the meeting. After acknowledging the telephone participants and reviewing the agenda, he gave the floor to Ms. Saint.


Action Item: Risk-Based Audit Plan for FY 2019 – FY 2020


Ms. Saint said research shows auditors moving towards real time assurance and reporting significant changes from year to year in the magnitude of the risks facing their organizations. Given this environment, the Audit Department is moving towards real time assurance through a flexible audit plan that can allocate resources and coverage to ensure the University is addressing changing risks.


Dr. Britt and Dr. Lateef requested an audit of funds flow and financial controls for the Health System. Dr. Lateef also asked for a return of investment review of the ToPs Hires program in the School of Medicine.


On motion duly seconded, the committee approved the following resolution and recommended it for Board approval:


AUDIT DEPARTMENT FY 2019 – FY 2020 AUDIT PLAN


RESOLVED, the Audit Department FY 2019 - FY 2020 Audit Plan is approved as recommended by the Audit, Compliance, and Risk Committee.


Action Item: Revised Audit and Compliance Charters


Ms. Saint said the Audit Department and the institutional compliance function were merged into the Office of Audit and Compliance in September 2017 to better address compliance risks. The Audit and Compliance charters have been updated to reflect this reorganization.


On motion, the committee approved the following resolutions and recommended them for Board approval:


AUDIT DEPARTMENT CHARTER

RESOLVED, the updated Audit Department Charter, dated June 7, 2018, is approved as recommended by the Audit, Compliance, and Risk Committee.


INSTITUTIONAL COMPLIANCE CHARTER


RESOLVED, the updated Institutional Compliance Charter, dated June 7, 2018, is approved as recommended by the Audit, Compliance, and Risk Committee.




Auditor of Public Accounts (APA) Audit Entrance Meeting for Fiscal Year 2018


Ms. Bianchetto said the audit has been initiated and introduced Mr. Sandridge, Director of Higher Education Programs for the Virginia Auditor of Public Accounts. Mr. Sandridge said the audit will be completed around the first of November and will be presented at the December Board meeting. It has two main objectives. It will issue an opinion on the University’s financial statement and will determine if the University is properly recording financial information to the Department of Accounts for inclusion in the State’s financial statements. The audit team will also perform work in support the statewide single audit of federal funds, which is required each year to receive federal funds. Student financial aid will be in cycle this year for review at the statewide level. Mr. Sandridge said there will be a report on internal controls and compliance, and a review of risks throughout the University including fraud risk.


Enterprise Risk Management (ERM) Program: FY 2018 Report and FY 2019 Program Goals


Mr. Matteo reviewed the accomplishments for FY 2018, the risk heat maps, and the FY 2019 goals. FY 2018 accomplishments include engaging Board committee chairs in ERM discussions, strengthening risk mitigation plans, creating new key risk lists for the Academic Division and Health System, and updating the ERM Charter. While there were no changes in the key risks on the Academic Division’s heat map, there was some movement in the inherent risks. The only change in the Health System’s heat map was the addition of a risk around industry consolidation. FY 2019 program goals include the further onboarding of the College at Wise, building a risk interaction map, and migrating ERM data to the Governance, Risk and Compliance (GRC) system.


Written Reports


Dr. Lateef asked if there were any questions about the written reports. He referenced the report on the Ufirst project and said its launch date has been delayed until January. Dr. Britt asked why the project was delayed. Mr. Murray said the software wasn’t ready. Mr. Lateef said the project is being closely monitored given its risk and cost. A number of guidelines have been established to ensure the January deadline is met. As of this date, the project is on schedule.


The chair adjourned the meeting at 12:05 p.m.


SGH:wtl

These minutes have been posted to the University of Virginia’s Board of Visitors website: http://bov.virginia.edu/committees/181