The Trustees of the University of Pennsylvania maintain an institution–wide internal audit and compliance function as an integral component of the governance structure. This function is chartered to provide a program of continuous assessments of the effectiveness of the internal control and compliance environment. Through its annual program of risk-based audits and compliance assessments, the Office of Audit, Compliance and Privacy provides insight on the mitigation of business risk to assist the Board of Trustees and management in fulfilling their roles of governing the University of Pennsylvania. In 1997, the Trustee Committee on Audit and Compliance adopted the Integrated Internal Control Framework (IICF), an adaptation of COSO (Committee of Sponsoring Organizations of the Treadway Commission), for utilization as the foundation of the internal control and compliance environment. IICF is a Framework for assessing and mitigating business risk (strategic, operational, financial, compliance and reputational).
The Office of Audit, Compliance and Privacy serves as a proactive business partner with University of Pennsylvania and Penn Medicine management to upgrade business processes, controls, compliance mechanisms and technologies to:
- Anticipate and aggressively manage business risks;
- Ensure strong stewardship and management accountability at all levels;
- Ensure the integrity of operational and financial information.
Audit, Compliance, and Privacy serves the University of Pennsylvania and Penn Medicine by upholding the highest professional standards; recruiting, training and developing future managers for the institution; providing high quality, cost effective audit and management services; and communicating value-added outcomes to the Board of Trustees and senior management.