Operations, Audit and Risk Committee Meeting November 18, 2022
The Operations, Audit and Risk Committee met on Friday, November 18, 2022 at 10:15 a.m. in the David Student Union Board Room with Chair Terri M. McKnight presiding.
Present from the Committee
- Terri M. McKnight, CPA, Chair
- Regina Brayboy
- Robert R. Hatten, Esq.
- Kelli Purdy Meadows, CPA
Absent from the Committee
- Lee Vreeland
Present from the University
- Ms. Ashleigh Andrews, Assistant Vice President for Finance and Planning
- Ms. Faith Belote, Director of Internal Audit
- Mr. Bob Colvin, Interim Chief of Staff
- Mr. Andrew Crawford, Chief Information Officer
- Mr. Bryan Donohue, Director of Emergency Management
- Ms. Sarah Herzog, Director of Planning and Budget
- Ms. Rachel Holland, Faculty Staff Representative
- Ms. Jennifer Latour, Vice President for Finance and Planning and Chief Financial Officer
- Mr. Shane Leasure, Associate Director of ITS Systems and Support and Deputy CIO
- Ms. Christine Ledford, Vice President for Administration and Auxiliary Services
- Mr. David Ralph, Informative Technology Internal Auditor
- Ms. Christina Russell, Senior Internal Auditor
- Ms. Peggy Taylor, ARMICS Accountant
- Ms. Adelia Thompson, Interim President
- Ms. Rhonda Wissinger, Executive Administrative Assistant
Public in Attendance
- None
Chair McKnight called the meeting to order and welcomed everyone in attendance. She also thanked Faculty and Staff for all of their hard work.
Approval of September 16, 2022 Minutes
Chair McKnight asked if everyone had a chance to review the Operations, Audit and Risk Committee minutes from September 16, 2022. There being no comments, edits or suggestions, Chair McKnight called for a motion to approve the minutes as presented. Mr. Robert R. Hatten, provided the motion, which was seconded by Ms. Regina Brayboy and the minutes were approved by unanimous vote of the committee.
Internal Audit Report
Ms. Faith Belote, Director of University Audit, reported on the status of the Audit Plan for FY 2022-2023. In October, the What to Expect When Audited Orientation was given to provide a working knowledge of the audit terms and timelines before the audit client’s engagement. The Faculty Recruitment and Succession Planning audit fieldwork is being finalized and the reporting phase has just begun. StarRez Software Application audit planning is underway.
Ms. Belote reported on the summary status of audit issues stating the Maxient Application Software Audit report is in the board materials. There are nine points that are targeted for completion on May 15, 2023. Two Maxient points involve IT governance which will have a university-wide impact. The Disaster Recovery Planning audit follow-up is a work in progress. Four open points are currently targeted for completion by June 1, 2023. Four Laboratory Safety audit points are complete, and ten remain open, targeted for completion by April 1, 2023.
The Fraud, Waste and Abuse Detection, Investigation and Reporting Policy has been adopted by the University Policy Committee. Internal Audit will provide fraud training and promote awareness of the new policy during a segment of the Human Resources New Supervisors Training Program.
The Virginia Occupational Safety and Health (VOSH) Enforcement issued a citation report following an unannounced inspection of the Facilities Management Department and Warehouse that contained violations but none that resulted in fines. The needed improvements have been completed, and the file was closed in November with VOSH’s appreciation of the department’s hard work.
Ms. Jennifer Latour, Vice President for Finance and Planning/CFO introduced Ms. Peggy Taylor, Accountant, to provide a review and scope of the Agency Risk Management Internal Control Standards (ARMICS):
ARMICS Review and Scope
Ms. Peggy Taylor, ARMICS Accountant, reported that ARMICS is mandated by the State comptroller for all State agencies within the Commonwealth of Virginia. It requires agencies to perform an annual assessment of the agency’s fiscal processes. The goal of ARMICS is to ensure the integrity of the information that feeds into the state’s Annual Comprehensive Financial Statements and the safeguarding of state assets. Although each employee is responsible for maintaining internal controls in their area, the Agency Head and Fiscal Officer are ultimately responsible for internal controls. These officers must certify annually that an assessment of internal controls was performed and disclose whether or not any internal control weaknesses were found.
There are two parts to ARMICS: Agency Level Assessment (completed every 3 years) and the Transaction Level Assessment (completed annually). The Agency Level Assessment includes the key components of internal control environment, risk assessment, control activities, information and communication and monitoring activities. The Transaction Level Assessment evaluates the individual fiscal processes that feed into Cardinal, the Commonwealth’s accounting system. ARMICS requires any significant or insignificant weaknesses in internal controls to be reported to the state during the annual certification process. Significant weaknesses also require submission of a corrective action plan.
The State instituted a mandatory online annual certification process beginning with FY21, which requires ARMICS documentation uploads; and is then certified by our agency head (President) and fiscal officer (University Comptroller). Annual certification is on September 30th of each year.
Ms. Jennifer Latour introduced Mr. Shane Leasure, Associate Director of ITS Systems and Support and Deputy CIO to provide an update on the Gramm-Leach-Bliley Act:
Gramm-Leach-Bliley Act (GLBA)
Mr. Leasure reported the Gramm-Leach-Bliley Act is a federal regulation that requires financial institutions to safeguard sensitive customer information and clearly explain their sharing practices. As an institute of higher education, Christopher Newport University offers financial services to its students and therefore must comply. The University has partnered with CampusGuard to provide an assessment of the University’s transaction compliance. It is anticipated that this process will take several months to complete and will result in the appointment of a qualified individual to oversee GLBA.
Appointments to the Administrative/Professional Faculty
Ms. Latour explained this report lists the Administrative Professional Faculty that have been hired since the last Board of Visitors meeting and is for informational purposes only.
There being no further business the meeting adjourned at 11:01 a.m.