The Audit, Compliance, and Risk Committee shall have oversight responsibility for internal audit, compliance, and enterprise risk management programs for the academic and medical center divisions, as it relates to financial, operational, compliance, strategic, and reputational risks. The committee shall have direct access to internal and external auditors to assess performance, the scope of audit activities, and the adequacy of internal accounting controls. The committee shall review, at least annually, the institution’s risk governance framework including the risk assessment and mitigation strategies. The committee also shall receive periodic reports on other such audit, compliance, and risk matters from the State auditor, senior management, and the institution’s internal audit, compliance, and enterprise risk management leaders. Such leaders shall also have direct access to the board.
