TERMS OF REFERENCE
The Audit Committee should receive and review regular reports reflecting both a ‘top-down’ and a ‘bottom-up’ approach to identifying and managing risk at the University.
With respect to Business Risks and Compliance matters, the Committee should ensure compliance with statutory financial reporting and disclosure requirements with respect to:
The Audit Committee shall:
- Review significant recommendations made by the Auditor General and/or External Auditor and Internal Auditor regarding internal controls and ensure Management fulfills its responsibility with respect to the integrity of financial information systems and internal controls.
- Obtain reasonable assurance that Management information systems (MIS) are reliable and internal controls are appropriate and adequate. For this purpose, the Committee may wish to direct the Auditor General’s and Internal Auditor’s examinations to particular areas; the Committee may request the External and/or Internal Auditor to undertake special examinations.
- Determine whether systems are in place to identify and monitor major business and other risks.
- Review the general control environment, organizational structure and delegation of authority.
The Audit Committee review should also include the prevention or detection of Management override or compromise of the internal control system.
Enterprise Risk Management
In 2009, UBC adopted an Enterprise Risk Management (ERM) framework to support strategic and operational decision-making. The Office of ERM has been leading the implementation and works with the Executive Team, and academic and administrative units across the University to facilitate the identification process of risks and assist with the development of relevant risk mitigation strategies.
The Audit Committee directs the ERM initiative; the ERM Steering Committee is comprised of executive and senior members: Provost & VP Academic, Deputy Vice-Chancellor & Principal, VP Finance, Resources & Operations, VP Students, VP Human Resources and the Director Internal Audit.
The Audit Committee receives an annual report from Risk Management Services. All risk management functions are covered, including:
- Risk Management Services
- Health, Safety & Environment
- Insurance Management
- Enterprise Risk Management Update (semi-annual)
- IT Services / Information Technology