Audit Services and Institute Compliance (ASIC) is an independent and objective assurance and advisory function that is guided by a philosophy of adding value to improve the operations of the California Institute of Technology (the Institute). It assists the Institute in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization's governance, risk management, compliance, and internal control.
This Charter describes the mission, commitment, authority, independence, accountability, and principal responsibilities of ASIC.
ASIC is committed to:
- Developing and maintaining positive and collaborative relationships with Institute employees and other stakeholders.
- Developing risk-based audit, advisory, and compliance plans aligned with the Institute's goals and objectives.
- Providing high-quality and timely services and advice by maintaining a professional staff with appropriate knowledge, skills, experience, and certifications and by updating technologies, tools, and techniques, as appropriate.
- Maintaining a team-oriented work environment that provides meaningful and challenging assignments, recognizes and rewards outstanding performance, and develops leaders for the Institute.
- Utilizing, when necessary, external resources in a cost-effective manner.
- Coordinating efforts with Institute and other stakeholder control and monitoring functions (i.e. risk management, safety, security, general counsel, ethics, environmental, external audit, etc.).
ASIC activities are governed by policies established by the Board of Trustees through its Audit and Compliance Committee and the President. The scope of ASIC activities is subject to Audit and Compliance Committee review but is not otherwise restricted.
To be effective, it is essential there be mutual cooperation between management, faculty, staff, and ASIC. ASIC, with stringent regard for information safekeeping and confidentiality, and subject to applicable Institute policies, will have access to all Institute activities, records, property, and employees as may be necessary to fulfill its responsibilities.
The Associate Vice President of ASIC reports directly to the President, the Vice President of Administration & CFO, and the Audit and Compliance Committee. ASIC staff has no authority over, or responsibility for, the activities they audit, review, or monitor. In addition, ASIC personnel will not participate in any activity that may compromise their independence or objectivity.
The Associate Vice President of ASIC is accountable for:
- Providing annual assessments on the adequacy and effectiveness of the Institute's processes for controlling its activities and accomplishing its mission.
- Reporting on significant issues relating to control, accountability, or other processes of the Institute, including potential improvements to those processes and resolution of such issues.
- Facilitating the implementation of the Institute's Enterprise Risk Management program, including coordination of internal meetings and communication as well as coordination of presentations to Board Committees.
- Providing information on the status and results of annual plans, including follow-up activities, and the sufficiency of ASIC's departmental resources.
- Establishing appropriate ASIC metrics and reporting results.
- Implementing a quality assurance and improvement program to assess ASIC's activities.
Audit & Advisory Services
ASIC conducts financial, operational, and information technology audits and advisory projects in accordance with approved plans and its established policies and procedures. In addition, ASIC complies with the Code of Ethics and the International Standards for the Professional Practice of Internal Auditing promulgated by The Institute of Internal Auditors, as well as other professional audit and advisory standards which may be applicable to the performance of work assignments.
Services include, but are not limited to:
- Developing and implementing an annual audit and advisory plan using an appropriate risk-based methodology, including topics identified by management and other stakeholders.
- Considering the scope of work of external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the Institute at a reasonable overall cost.
- Examining and evaluating the adequacy and effectiveness of the Institute's systems of internal control.
- Evaluating and assessing new or changing services, processes, operations, and controls coincident with development and implementation.
- Identifying opportunities for reducing costs, improving processes, or enhancing the Institute's reputation.
- Reviewing the reliability and integrity of financial, operational, and information technology controls and the means used to identify, measure, classify, and report such information.
- In conjunction with the Office of General Counsel, assessing compliance with and, as requested, conduct internal investigations into laws, regulations, contract/grant provisions, and internal policies, plans, and procedures.
- Verifying that resources are acquired economically, used efficiently, accounted for accurately, and protected adequately.
- Reviewing operations or programs to ascertain whether results are consistent with established objectives.
- Performing advisory projects that are intended to add value and improve organizational governance, risk management, and/or controls.
- Assisting in the investigation of suspected irregular conduct in conjunction with other Institute resources.
- Evaluating emerging audit trends and implementing best practices.
Institute Compliance Program
ASIC's Institute Compliance Program reflects the Institute's commitment to the highest standards in all of its activities. The program provides an operational framework to ensure compliance is an integral part of the Institute's culture. ASIC proactively helps management, faculty, and staff identify and reduce risks which could adversely affect the Institute.
The Associate Vice President of ASIC is the Institute Chief Compliance Officer. As such, she/he interacts with the President, the Vice President of Administration & CFO, and the Audit and Compliance Committee, through its chair, on major compliance issues and concerns. She/he also interacts with the Office of General Counsel, seeking advice and counsel on compliance and other matters that involve legal issues.
Services include, but are not limited to:
- Developing and implementing an annual risk-based compliance plan for the Institute Compliance Program.
- Assisting in the development of Institute policies or practices to help ensure compliance with Federal, State and Local laws and regulations, and contract/grant provisions.
- Facilitating the establishment of appropriate compliance committees and coordinating Institute-wide compliance activities with such committees or designated liaison personnel.
- Assisting in the development and delivery of compliance related training.
- Promoting compliance awareness.
- Evaluating emerging compliance trends in higher education and government and implementing best practices.
- Administering a Compliance Hotline, in conjunction with the Office of General Counsel, that provides the Campus community with a mechanism to obtain advice and report behavior that may jeopardize the integrity of the Institute.
- Reviewing and, as needed, recommending improvement to the Institute's compliance activities and related policies, procedures, and training.
- Assessing and reporting on the level of compliance with the Institute's compliance program and integrity policies.