A meeting of the Audit and Risk Management Committee of the Board of Trustees convened at 10:32 a.m. Friday, December 4, 2020, on the Purdue University campus in West Lafayette, Indiana. The meeting was held in Stewart Center, Room 214, to allow for social distancing amid the COVID-19 pandemic. Restrictions were placed on the number of observers in the room, and other members of the media and the public who wished to observe the meeting virtually were provided such instructions. Everyone in the room was wearing a mask.
All members of the Committee were present in person or, where specifically noted, by means of electronic communication pursuant to the Electronic Meeting Policy: Vanessa Castagna, chair; JoAnn Brouillette; and Theresa Carter (virtually). All other trustees were present: Sonny Beck; Michael Berghoff; Malcolm DeKryger; Michael Klipsch; Gary Lehman; Noah Scott (virtually); and Don Thompson (virtually).
Officers and administrators in attendance were: Mitch Daniels, president; Jay Akridge, provost and executive vice president for academic affairs and diversity; Chris Ruhl, chief financial officer and treasurer; Jim Almond, senior vice president, assistant treasurer, and assistant secretary; Steve Schultz, general counsel; Trent Klingerman, deputy general counsel (virtually); Janice Indrutz, corporate secretary and senior executive assistant to the Board (virtually); Ron Elsenbaumer, chancellor of Purdue University Fort Wayne (virtually); and Tom Keon, chancellor, Purdue University Northwest (virtually).
I. APPROVAL OF MINUTES
Upon proper motion duly made and seconded, the Committee voted unanimously to approve the minutes of its meeting convened on October 2, 2020, and executive sessions convened on October 21, 2020, and November 18, 2020.
II. ADOPTION OF UPDATED COMMITTEE CHARTER
Trustee Castagna stated that the Committee had solicited input from Treasurer Ruhl, Ms. Peg Fish, senior director of audits, and General Counsel Schultz in an effort to update its charter from 2009. She said significant updates were made to the Committee’s mission and more detail was added with regard to the Committee’s responsibilities. Updates also included changing the name of the Committee to the Audit and Enterprise Risk Committee.
Upon proper motion duly made and seconded, the Audit and Risk Management Committee voted unanimously to request full Board approval of its revised charter as follows:
I. MISSION AND PURPOSE
The mission and purpose of the Audit and Enterprise Risk Committee (“Committee”) is to assist the Board of Trustees (the “Board”) of The Trustees of Purdue University (the “University”) in fulfilling its responsibility for oversight of (i) the integrity of the University’s financial statements and related reporting processes, (ii) the establishment and operation of internal control functions, including an independent internal audit office consistent with University bylaws (the “Bylaws”), (iii) compliance with applicable laws, regulations and University policies, including but not limited to those pertaining to ethical conduct, and (iv) mechanisms maintained by the University to monitor, manage and mitigate risks associated with its education, research and engagement missions.
Consistent with this mission and purpose, the Committee will discharge the responsibilities and duties described in Section IV below.
In discharging its oversight role, the Committee is empowered to investigate any matter brought to its attention, with full access to all books, records, facilities and personnel of the University, and the Committee has the authority to engage and determine funding for independent counsel and other advisors as it determines necessary to carry out its duties as permitted by law.
Although it does not plan or conduct audits or independently verify that the University’s financial statements are complete and accurate and are in accordance with generally accepted accounting principles, the Committee receives regular reports from the University’s auditors and will annually review and approve the University’s audit plan for the coming year and the consolidated financial statements for the preceding fiscal year.
The Committee shall be composed of three or more trustees as determined by the Board. All members of the committee shall be able to read and understand financial statements at the time of their appointment.
The members of the Committee shall be determined by the Board. The Committee Chair shall be selected by the Board’s Chair.
The Committee shall meet at least two times annually and may meet more frequently as circumstances dictate, whether in person or by means of electronic communication pursuant to the Board’s Electronic Meeting Policy. At each of the two aforementioned semi-annual meetings, the Committee will meet with the internal audit function, the external auditor and amongst themselves in separate executive sessions to discuss any matters that the Committee or each of these groups believe should be discussed privately.
IV. RESPONSIBILITIES AND DUTIES
The Committee, in carrying out its responsibilities, believes its policies and procedures should remain flexible in order to best react to changing conditions and circumstances. The Committee should take appropriate actions to set the overall tone for quality financial reporting, accounting, sound business risk practices and ethical behavior. The following shall be the principal responsibilities and duties of the Committee:
1. Serve as an independent and objective body to monitor the University's financial reporting process and internal control system.
2. Discuss with University administration, the internal auditors and the external auditor the adequacy and effectiveness of the accounting and financial controls; the policies and procedures to assess, monitor and manage risk; the investment policies, practices and programs; and the legal and ethical compliance programs.
3. Annually review the University’s enterprise risk profile and receive and review an annual report on the University administration’s implementation and maintenance of an appropriate enterprise-wide risk management mechanism. In this connection, the Committee will:
a. Provide oversight of significant risk exposures and control issues, including fraud risks, governance issues, and other matters requested by the Board or brought to the Committee’s attention by University administration or the Director of Audits, and
b. Review and provide advice on the risk management processes established and maintained by the University and receive periodic confirmation from the internal audit function that they are operating as intended.
4. Perform other activities consistent with this charter and the Bylaws that the Board or the Committee determines to be necessary or appropriate from time to time.
5. Oversee the work and other activities of the University’s internal audit function (including but not limited to its maintenance of a confidential, anonymous reporting system in accordance with the Bylaws), periodically review its organizational structure, and ensure its organizational independence via a direct reporting line to the Board.
6. Discuss with the administration and the external auditor the status of internal control recommendations made by the external auditor and the internal audit function. Review the internal reports prepared by the internal audit function.
7. Annually review and recommend changes, if any, to the internal audit charter.
8. Periodically review with the Director of Audits, any significant difficulties, disagreements with management, or scope restrictions encountered in the course of the work of the internal audit function.
9. Review and concur in the appointment, replacement or dismissal of the Director of Audits.
10. Facilitate the oversight and audit responsibilities of the external auditor.
11. Review with the administration and the external auditor critical accounting and reporting principles, practices and procedures selected and applied by the University in preparing its financial documents.
12. Review major changes to the University’s accounting principles and practices as suggested by the external auditor or the administration. Review all material alternative treatments of financial information within generally accepted accounting principles that have been discussed between the external auditor and the administration, including the ramifications of the use of such alternative treatments and disclosures and the treatment preferred by the external auditor.
13. Review separately with each of the University administration, the external auditor and the internal audit function any significant difficulties or disagreements encountered during the course of the annual audit, including any restrictions on the scope of work or access to required information.
Insurance and Risk Management Fund Programs
14. Review with the University administration the various third party insurance and self-insurance program that are maintained to cover claims and losses associated with the operation of the University, its facilities and personnel, and provide assurance to the Board of their adequacy and cost effectiveness.
Data Functionality and Security
15. Review and evaluate practices and procedures designed to maintain the functionality and security of University-wide data and information technology resources.
16. Encourage continuous improvement of, and set the tone for an environment that fosters adherence to, University policies, procedures and practices designed to ensure compliance with laws and regulations pertaining to the University and its operations.
17. The Committee shall review this charter at least annually and update this charter as deemed appropriate.
III. REVIEW OF FY20 AUDITED FINANCIAL STATEMENTS
Treasurer Ruhl began review of the audited financial statements by informing the Committee that the university had received an unmodified opinion from the State Board of Accounts, calling it a clean audit. Ms. Kathy Thomason, comptroller, then walked the Committee through the audited income statement, which, she said, incorporated the entire Purdue system, including Purdue Global. She pointed out that total operating revenues were up from the previous year but total operating expenses were down, and she explained the reasons behind the operating loss. Ms. Thomason was pleased to highlight that the university saw a solid overall increase in net position. She also reviewed the audited balance sheet and illustrated net position changes from 2013-2020, noting that the $1.3 billion growth in equity during that time had served the university well during the COVID-19 pandemic. To conclude review of the audited financial statements, Ms. Thomason informed the Committee that GASB had postponed all planned updates due to the pandemic. A copy of Ms. Thomason’s presentation was filed with the minutes.
Trustee Castagna expressed her belief that the net position increase resulted from the totality of everyone’s efforts across the Purdue system, for which she expressed her appreciation.
IV. ANNUAL RISK MANAGEMENT REPORT
Mr. Mark Kebert, director of domestic and global risk, discussed the 2020 Office of Risk Management Annual Report, a copy of which had been provided to the Committee and other members of the Board. He reviewed key points of the property, liability, and cyber insurance coverages, and, in response to a question from Trustee Castagna, he explained why industry premiums had risen significantly. Mr. Kebert illustrated industry benchmarking and said Purdue continued to benchmark extremely well against the broader industry benchmark. He also illustrated benchmarks specific to property, liability, and cyber insurance. Trustee Thompson asked Mr. Kebert how confident he was in the financial health of the insurers, to which Mr. Kebert said they were all rated A or A+. In response to a question from Trustee Castagna, Mr. Kebert speculated on the insurance market for the coming year. A copy of the Report and Mr. Kebert’s report presentation were filed with the minutes.
By consent, the meeting adjourned at 10:54 a.m.