Page title

Rule 20401: Audit, Compliance, and Risk Management Programs

Main page content

Details

Series

20000: Administration

Date Approved

Date Last Amended

Office(s) Responsible for Rule

System Audit Office 
Office of Systemwide Compliance 
Office of Risk Management 

1.  Title

Audit, Compliance, and Risk Management Programs

2.  Rule and Regulation

Sec. 1  Audit Program.  The Chancellor, as chief executive officer of the U. T. System, is responsible for ensuring the implementation of appropriate audit procedures for the U. T. System. Accordingly, the U. T. System Chief Audit Executive (CAE) prepares an executive summary of all internal audit activity by the U. T. System internal auditors and the institutional internal auditors for the Chancellor, and functions as a primary source of independent and objective information to the Audit, Compliance, and Risk Management Committee (ACRMC) of the Board of Regents. 

1.1  The U. T. System CAE plays an important role in enabling the ACRMC to achieve its objectives for oversight of the Audit Program through:

(a) Providing information regarding risks and issues identified through audit activities.

(b) Facilitating the ACRMC Chairman’s interactions with Institutional Audit Committee Chairs.

(c) Assisting the ACRMC in following leading practices through the establishment of necessary formal meetings, executive sessions, and other important protocols.

1.2  U. T. System Chief Audit Executive’s Responsibilities. The U. T. System CAE is charged with assuring that an effective internal audit function is in place Systemwide. The U. T. System CAE accomplishes this oversight by performing the following:

(a) Establishing methodologies that support conformance with required professional standards. This guidance includes, but is not limited to, annual plan development, prioritization and communication of findings, reporting, audit committee support, and quality assurance activities.

(b) Developing a Systemwide internal audit plan based on a comprehensive risk assessment and coordinating the implementation of the audit plan with the chief audit executives at all U. T. System institutions.

(c) Participating with the institution’s president in the selection of any institution’s CAE to provide recommendation and advice to the ACRMC Chair prior to appointment.

(d) Assessing circumstances surrounding proposed termination of any institution’s CAE to provide recommendation and advice to the ACRMC Chair prior to dismissal.

(e) Participating in the annual performance review for each institution’s CAE.

(f) Providing audit assistance to the Chancellor, the Executive Vice Chancellors, and the Vice Chancellors in the exercise of their responsibilities.

Sec. 2  Compliance Program.  The Chancellor, as chief executive officer of the U. T. System, is responsible for ensuring the implementation of a compliance program for the U. T. System. U. T. System Administration shall adopt a policy further implementing the Systemwide compliance program.

The Systemwide compliance program shall be headed by a Chief Compliance and Risk Officer (CCRO) and is a fundamental part of the management structure of U. T. System Administration. The primary responsibility of the CCRO is developing the infrastructure for the effective operation of the Systemwide compliance program. The CCRO is also responsible for apprising System Administration and the ACRMC of the compliance functions and activities at System Administration, The University of Texas/Texas A&M Investment Management Company (UTIMCO), and each institution.

Sec. 3  Risk Management.  The Chancellor, as chief executive officer of the U. T. System, is responsible for ensuring Risk Management principles are integrated within leadership operation, practice, and activities. Accordingly, the Office of Risk Management (ORM) headed by the CCRO is a fundamental part of the management structure of U. T. System Administration. The primary responsibility of ORM is to provide the Chancellor and leadership with risk information, education, and the forum, when necessary, to encourage consideration of the most important risks. ORM will foster elements of prudent risk management including the structure for Executive Risk discussion, collaboration with risk assessing functions, and resolution of activities that mitigate important risks.

3.  Definitions

None

4.  Relevant Federal and State Statutes 

None 

5.  Relevant System Policies, Procedures, and Forms 

None 

6.  Who Should Know 

Administrators 
Internal Audit 
Compliance 

7.  System Administration Office(s) Responsible for Rule 

System Audit Office 
Office of Systemwide Compliance 
Office of Risk Management 

8.  Dates Approved or Amended 

February 24, 2022
Editorial amendment to Section 1.1(e) made September 25, 2018 
February 27, 2018 
Editorial amendment made May 25, 2017, per Board action on May 9-10, 2017 
Editorial amendments to Sections 1.1(f) and 2.1 made July 13, 2015 
February 12, 2015 
December 6, 2012 
Editorial amendments made March 17, 2008 
December 10, 2004 

9.  Contact Information 

Questions or comments regarding this Rule should be directed to: 
•  bor@utsystem.edu