Office of Audit, Compliance & Privacy
Purpose and Scope
The Office of Audit, Compliance & Privacy (OACP) is an independent appraisal activity consisting of two distinct yet related disciplines which examine and evaluate the activities of the University as a service to management and the Board of Trustees. OACP assists management in accomplishing their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal control, and governance processes so that:
- University assets are safeguarded;
- Information is accurate and reliable;
- University policies and procedures and external laws and regulations are followed;
- Resources are used efficiently and economically;
- Operations and programs are being carried out as planned and results are consistent with the University's objectives;
- Significant legislative or regulatory issues impacting the University are recognized and addressed properly.
Reporting Structure and Independence
To provide independence, the Associate Vice President of OACP shall report functionally to the Audit & Compliance Committee of the Board of Trustees and administratively to the University President. OACP employees shall have organizational independence and strive to carry out their responsibilities with professional objectivity.
Authority and Responsibility
OACP is authorized to have full, complete, and unrestricted access to all University records, physical properties, and personnel relevant to an audit, compliance or privacy project. OACP will handle any documents and information obtained or reviewed during an assignment in a prudent and responsible manner.
OACP shall maintain the University's anonymous reporting system whereby stakeholders may report instances of fraud, ethics, or compliance related concerns. OACP shall review all reports received and determine their appropriate disposition.
Internal Auditing shall have the responsibility to:
- Develop a flexible annual audit plan using an appropriate risk-based methodology;
- Submit the annual audit plan to the Audit & Compliance Committee of the Board of Trustees for their input and consideration;
- Plan and perform audits and reviews as noted on the audit schedule;
- Perform special administrative requests, special projects, investigations, and consulting services as requested by management and deemed high risk by the Associate Vice President;
- Make recommendations for improvements to the systems of risk management, internal control, and governance processes;
- Report the results of audit work to the appropriate level of management and the Audit & Compliance Committee;
- Provide an annual written report of audit activities to senior management and the Chair of the Audit & Compliance Committee;
- Work with the external auditors and other agencies to seek to avoid redundancies in audit effort;
- Maintain appropriate professional development to ensure the staff has the skills and abilities to perform audit assignments;
- Keep the Audit & Compliance Committee and management aware of emerging trends regarding internal controls, risk management, governance, and internal auditing;
- Strive to comply with the International Standards for the Professional Practice of Internal Auditing and Code of Ethics as issued by the Institute of lnternal Auditing.
Compliance & Privacy shall have the responsibility to:
- Develop and implement a risk-based compliance work plan that addresses highest priority compliance areas;
- Periodically report compliance and privacy related activities to the Chair of the Audit & Compliance Committee;
- Collaborate with distributed compliance partners and senior leadership to improve campus compliance and ethics culture;
- Periodically convene Auburn University's Institutional Compliance Committee to provide broad oversight of university-related regulatory issues;
- Evaluate and respond to allegations of non-compliance and conduct reviews of reported issues; collaborating with Internal Auditing as appropriate;
- Strive to implement the best practices of effective compliance programs as stipulated in the U.S. Federal Sentencing Guidelines;
- Strive to adhere to the Code of Ethics for Compliance and Ethics Professionals as issued by the Society of Corporate Compliance and Ethics.
Approved by the Auburn University Board of Trustees
November 18, 2016