A meeting of the Audit and Risk Management Committee of the Board of Trustees convened at 9:38 a.m. on Friday, February 8, 2019, in Room 326 of Stewart Center on the campus of Purdue University in West Lafayette, Indiana.

All members of the Committee were present: Thomas Spurgeon, chair; JoAnn Brouillette; Vanessa Castagna; and Malcolm DeKryger. All other trustees were present: Sonny Beck; Michael Berghoff; Michael Klipsch; Gary Lehman; Daniel Romary; and Don Thompson.

Officers and administrators in attendance were: Mitch Daniels, president; Jay Akridge, provost and executive vice president for academic affairs and diversity; Bill Sullivan, treasurer and chief financial officer; Jim Almond, senior vice president, assistant treasurer, and assistant secretary; Steve Schultz, general counsel; Janice Indrutz, corporate secretary and senior executive assistant to the Board; Ron Elsenbaumer, chancellor of Purdue University Fort Wayne; and Tom Keon, chancellor of Purdue University Northwest.

I. APPROVAL OF MINUTES

Upon proper motions duly made and seconded, the Committee voted unanimously to approve the minutes of its last meeting on December 7, 2018, and an executive session of the Committee on December 3, 2018.

II. APPROVAL OF ANNUAL REPORT OF THE SENIOR DIRECTOR OF AUDITS

Ms. Peg Fish, senior director of audits, discussed the 2018 annual report of the Internal Audit Office which had been provided to the Committee for review. Ms. Fish informed the Committee that the 2018 calendar year audit plan was developed with eight staff members but finalized with six. She was proud to report that each staff member had met continuing education requirements in accordance with the International Professional Standards of Internal Auditing and said each audit was conducted in accordance with the Standards.

Ms. Fish highlighted that 79% of the staff’s time was directed to audit work, with the remaining time directed to the university’s anonymous reporting program, external audits, enterprise risk management, other initiatives, professional development, and research. She told the Committee that the Internal Audit Office had also collaborated with ITaP Security and Policy to define and communicate key controls that collectively addressed standards and best practices for the security of the university’s data. Ms. Fish compared the 2018 annual report to the 2018 audit plan and reported that 51 of 71 planned audits had been completed or were in process at year-end, with 17 having been incorporated into the 2019 audit plan.

Ms. Fish was pleased to report that Purdue continued its commitment to providing an environment in which individuals may report suspected fraud, waste, or abuse of university assets in addition to non-compliance. She reviewed the Internal Audit Charter, which, she said, reflected the commitment of the Internal Audit Office to the Board of Trustees and the university. Ms. Fish concluded her report by acknowledging the Internal Audit staff for their dedication and professionalism, and she also acknowledged the vision and direction of the Board of Trustees, President Daniels, executive leadership, and management teams throughout the university.

Trustee Spurgeon congratulated Ms. Fish and her staff on a job well done with fewer staff members. Trustee DeKryger remarked that the credentials of the Internal Audit staff brought him a lot of comfort. Treasurer Sullivan commented that he was very pleased by the way in which the university community took the audits seriously, promptly, and responsibly, which he attributed to the university community’s respect for Ms. Fish.

Upon proper motion duly made and seconded, the Audit and Risk Management Committee voted unanimously to recommend full Board approval of the annual report. A copy of the annual report was filed with the minutes.

III. DISCUSSION OF AUDIT PLAN FOR CALENDAR YEAR 2019

Ms. Fish briefly discussed the audit plan for the 2019 calendar year which had been provided to the Committee for review. She highlighted the importance of flexibility, as the Internal Audit Office wished to be prepared to respond to requests from the university community. She stated that the audit plan communicated the breadth of planned audit activities within six audit classifications (compliance, financial, information systems application, information systems infrastructure, and integrated), and the plan called for 66 audits system-wide, which were summarized on page 3 of the report. Ms. Fish referred to the COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework and said its components and principles would be applied to each audit.

Trustee Lehman asked Ms. Fish if the university had the opportunity to network with peer institutions to become aware of unrecognized risks or benchmark audit procedures. She responded that higher education was the best industry for sharing such information, and she named groups with which the Internal Audit Office collaborated, including the Big Ten, the Institute of Internal Auditors, and the Association of College and University Audits. A copy of the audit plan was filed with the minutes.

IV. ADJOURNMENT

By consent, the meeting adjourned at 9:49 a.m.

V. EXECUTIVE SESSION

An executive session of the Committee convened at 12:00 p.m., with all members of the Committee and all other members of the Board in attendance. Ms. Peg Fish, senior director of audits, was also in attendance. Pursuant to IC 5-14-1.5-6.1(b), it is hereby certified that the Committee discussed no subject matter in this executive session other than the subjects set forth in the notice and deferred formal action to a future public meeting.