I. Purpose: The primary purpose of the Audit and Risk Committee (the "Committee") is oversight. The Committee shall assist the Board of Trustees (the "Board") in fulfilling its responsibility to:

a. Oversee and evaluate the performance of the Institute’s independent auditors;

b. Oversee the Institute’s financial reporting, internal controls, and financial management to ensure the integrity of the Institute’s financial statements;

c. Oversee compliance with laws, regulations, and policies such as the Institute’s Business Ethics and Conflict of Interest policies;

d. Oversee and promote development of broad enterprise risk management practices.

II. Organization:

a. Review of charter. This charter shall be reviewed and reassessed by the Committee at least annually, and any proposed changes shall be submitted to the Board for approval.

b. Membership/structure/quorum. The Committee shall consist of five or more members appointed by and serving at the pleasure of the Chair of the Board. The Chair of the Board shall appoint the Chair of the Committee. The Chair of the Board and the President shall be members ex officio of the Committee. Committee members (other than the President) shall be independent and these members, or their immediate relatives, shall not hold a salaried position with the Institute nor be employed by any entity that provides services for a fee to the Institute. The members of the Committee should be financially literate, and at least one shall be knowledgeable, by training and experience, in generally accepted accounting principles (GAAP), the preparation of financial statements and the principles of internal controls. A quorum for any meeting of the Committee shall consist of a majority of its voting members.

c. Staff designee. The Chief Financial Officer, General Counsel, Chief Compliance Officer and Controller shall be staff to the Committee.

d. Meetings. The Committee shall meet at least three times annually. To foster open communication, the Committee shall meet with management and the independent auditors in separate executive sessions. The Committee shall also encourage discussion as part of each meeting. Members of the Committee shall be invited to attend Budget and Finance Committee meetings.

e. Agenda, minutes and reports. The Chair of the Committee, in collaboration with the staff designee(s), shall be responsible for establishing the agendas for meetings of the Committee. An agenda, together with relevant materials, shall be sent to the Committee members in advance of each meeting. Minutes for all meetings shall be 2 of 4 prepared in draft form by the staff designee(s) and reviewed by the Chair, and shall be approved by the Committee members at the following meeting. The minutes shall be distributed periodically to the full Board. The Committee shall make regular reports to the Board.

III. Authority and responsibilities: The Committee’s primary role and responsibility is oversight as set forth in this Charter. The Committee does not assume operational responsibilities, financial statement preparation, or provide assurance of accuracy or compliance (these rest with management); nor does the Committee provide auditing (this rests with the independent auditor). The Committee’s primary responsibilities are as follows:

a. Independent Audit:

1. Annually recommend to the Board the appointment, retention, and, if appropriate, termination of the independent auditor;

2. Prior to the start of the audit, review and approve the terms of the independent auditor’s engagement, and scope of the annual audit, and pre-approve any audit related and permitted non-audit services (including the fees and terms thereof) to be provided by the independent auditor;

3. Review and confirm the independence of the independent auditor annually by obtaining and reviewing a report from the independent auditor delineating all relationships between the independent auditor and the Institute and discussing with the independent auditor any such disclosed relationships and their impact on the independent auditor’s independence and by obtaining the auditor’s assertion of independence in accordance with professional standards;

4. Require proper rotation of the lead and concurring audit partners commensurate with industry best practices;

5. Annually review a report from the independent auditor describing the auditing firm’s internal quality-control procedures and any material issues raised by the most recent quality-control review of the firm, or by any inquiry or investigation by governmental or professional authorities, within the preceding five years, with respect to one or more independent audits carried out by the firm, and any steps taken to mitigate any such issues;

6. Review with the independent auditor any problems the auditor has encountered performing the audit and any management letter provided and the Institute’s response to that letter, and matters that the independent auditor is required to communicate to the Committee;

7. Conduct executive sessions, as needed, with the independent auditors, Chief Financial Officer, and General Counsel in conjunction with regularly scheduled meetings or as necessary;

8. Meet at least annually with management to discuss management’s evaluation of the work performed by the independent auditor. The Committee shall evaluate annually the performance of the independent auditor; 3 of 4

9. Review with management and the independent auditor any complex and/or unusual transactions;

10. Review with management and the independent auditor issues related to judgments made involving valuation of assets and liabilities and commitments and contingencies;

11. Review with management and the independent auditor the annual financial statements and audit report on Federal Awards required under OMB Uniform Guidance, and the results of the audits;

12. Review with management the recommendations of the independent auditor, including any audit problems, difficulties, and management’s response; and

13. Recommend to the Board for its approval the annual financial statements and any audits performed.

b. Financial Reporting and Internal Controls:

1. Monitor the effectiveness of the Institute’s internal control systems, including through regular executive sessions, whether internal control recommendations identified by the independent auditors have been implemented by management;

2. Review with management and the independent auditor, significant accounting and reporting issues, including recent professional and regulatory pronouncements, understand their impact on the financial statements, and ascertain that all such issues have been considered in the preparation of the financial statements;

3. Review with management and the independent auditor key functional activities of the Institute, including legal, tax, or regulatory matters that may have a material impact on the financial statements and any material notices, reports or inquiries received from regulators or government agencies;

4. Meet annually with management to review any issues or judgmental areas relating to material disclosures in the Institute’s Federal, State(s) and Local filings;

5. Review with management and approve all related-party transactions; and

6. Establish procedures for receiving, retaining, and treating complaints received by the Institute regarding accounting, internal accounting controls, or auditing matters and the confidential, anonymous submission by Institute employees regarding questionable accounting or auditing matters. Review any submissions that have been received, the current status, and the resolution, if one has been reached.

c. Compliance:

1. Monitor and report to the Board that an appropriate Business Ethics Policy for all staff, faculty and volunteers exists, and review the policy annually and the effectiveness of the procedures established to monitor compliance;

2. Monitor and report to the Board results of Conflicts of Interest Policy disclosures for all trustees, staff, faculty, and volunteers, and review the policy 4 of 4 annually and the effectiveness of the procedures established to monitor compliance;

3. Confer with the General Counsel as requested by the General Counsel or by the Committee, at least annually, and review the General Counsel's reports with respect to the Corporation's programs for compliance with law and regulatory requirements;

4. Review with management all material legal and ethical compliance issues;

5. Obtain advice and assistance from internal and/or external legal, accounting and other advisors, as deemed necessary;

6. Ascertain through inquiry and other appropriate means that management is communicating the importance of the organization’s values, business conduct policies, and internal controls; and

7. Review policies and procedures to ascertain management’s compliance with IRS Code Section 4958 (Excess Benefit Transactions and Intermediate Sanctions).

d. Enterprise Risk Management:

1. Ensure that the Institute’s Enterprise Risk Management program is robust and oversee management’s execution of the program; and

2. Review the Institute’s major risk exposures and evaluate the steps management has taken to monitor and mitigate such exposures. Ensure that the appropriate Board committees are engaged in such oversight.

e. Self-Evaluation:

1. Conduct an annual self-evaluation of the performance of the Committee, and the Committee’s effectiveness and compliance with this charter.

Approved by the Audit Committee: April 13, 2018

Approved by N&G Committee: May 11, 2018

Approved by Board of Trustees: May 11, 2018