(a) Internal Auditor.
(1) The Board shall appoint an internal auditor.
(2) The internal auditor shall report directly to the Board on all matters except for those administrative matters that require the decision of the Commissioner.
(3) The Board shall receive the advice and counsel of the Commissioner regarding matters of termination, discipline, transfer, or reclassification or changes in powers, duties or responsibilities of the internal auditor.
(4) The internal auditor shall develop an annual audit plan, conduct audits as specified in the audit plan and document deviations, and discuss audit reports with the Administration and Financial Planning Committee of the Board.
(5) The internal auditor shall provide all audit reports directly to the Board.
(b) Compliance Monitoring.
(1) Definitions. The following words and terms, when used in this section, shall have the following meaning:
(2) Purpose. The purpose of the Board's risk assessment process and compliance methodologies is to maximize the effectiveness of monitoring funds allocated by the Board and data reported to the Board. The agency-wide, risk-based compliance monitoring function is established for:
(3) After considering potential risks and the Board's resources, the Board shall review a reasonable portion of the total funds allocated by the Board and of data reported to the Board. The Board shall use various levels of monitoring, according to risk, ranging from checking reported data for errors and inconsistencies to conducting comprehensive audits, including site visits. Audit methodology shall be commensurate with the assessed risk.
(4) The Board's risk-based approach shall be implemented to address the diversity of institutions of higher education and private or independent institutions of higher education in Texas. The Board shall develop audit and compliance monitoring methodologies, such as Desk Reviews and data analysis, that are commensurate with assessed risk and that are reflective of institutional differences. The Board's risk-based approach to compliance monitoring shall consider the following factors relating to an institution of higher education or private or independent institution of higher education:
(5) The annual compliance monitoring plan that results from the Board's risk assessment shall be presented to the Board's Agency Operations Committee each July, seeking approval of the plan for the following fiscal year. Significant changes to the annual plan that may occur during each fiscal year shall be presented for ratification at the next scheduled Agency Operations Committee meeting.
(6) The Board shall train compliance monitoring staff to ensure that the staff has the ability to monitor both funds compliance and data reporting accuracy. Program staff in other Board divisions who conduct limited monitoring and contract administration shall coordinate with the compliance monitoring function to identify risks and avoid duplication.
(7) If the Board determines through its compliance monitoring function that funds awarded by the Board to an institution of higher education or private or independent institution of higher education have been misused or misallocated by the institution, the Board shall present its determination to the institution's governing board and chief executive officer, or to the institution's chief executive officer if the institution is a private or independent institution of higher education, and provide an opportunity for a response from the institution. Following the opportunity for response, the Board shall report its determination and the institution's response, together with any recommendations, to the institution's governing board or chief executive officer, as applicable, the governor, and the Legislative Budget Board.
(8) If the Board determines through its compliance monitoring function that an institution of higher education has included errors in the institution's data reported for formula funding, the Board:
(9) To the extent not prohibited by law or other external provision, the Board shall eliminate requirements of institutions to conduct audits of funds administered by the Board as defined in this subsection. In conducting the compliance monitoring function, the Board may partner with internal audit offices at institutions of higher education and private or independent institutions of higher education, as institutional resources allow, to examine the institutions' use of funds allocated by, and data reported to, the Board. To avoid duplication of effort and assist the Board in identifying risk, an internal auditor at an institution shall notify the Board of any audits conducted by the auditor or other third party auditors involving funds administered by the Board or data reported to the Board, as defined in this subsection. Such notification shall include a copy of the final audit report being sent to the Board's Director, Internal Audit and Compliance, within 30 days of the date such final audit reports are sent to the institution's governing board and/or chief executive officer, the Texas State Auditor's Office, the Governor's Office, the Legislative Budget Board, or other similar stakeholders. The final audit report should be addressed to: Texas Higher Education Coordinating Board, Director, Internal Audit and Compliance, 1200 East Anderson Lane, Austin, Texas 78752.
(10) Private or independent institutions of higher education must provide to the Board the institution's external audit involving funds administered by the Board. The private or independent institution of higher education's external audit must comply with the Board's rules under this subchapter for auditing those funds.
(11) The Board may seek technical assistance from the state auditor in establishing the compliance monitoring function. The state auditor may periodically audit the Board's compliance monitoring function as the state auditor considers appropriate.
Source Note: The provisions of this §1.13 adopted to be effective February 26, 2004, 29 TexReg 1658; amended to be effective March 4, 2014, 39 TexReg 1360