STATEMENT OF AUDITING STANDARDS 112 (SAS112)STATEMENT OF AUDITING STANDARDS 112 (SAS112)Communicating Internal Control Matters Identified in an AuditCommunicating Internal Control Matters Identified in an AuditUC Riverside June 2007UC Riverside June 2007 1

" Today's  audit environment  encourages  transparency and

accountability. Therefore, an integrated

campuswide effort is  needed  to  effectively

steward the funds entrusted to UCR.”

Chancellor Córdova

2

1- Why SAS1121- Why SAS1122- What is SAS1122- What is SAS1123- Impact of 3- Impact of SAS112 SAS112 4- Internal Control4- Internal Control5- Minimizing risk5- Minimizing risk -Sponsored -Sponsored Project AdminProject Admin -Dept. operations-Dept. operations6- What to do?6- What to do?

AGENDAAGENDA

3

WorldCom WorldCom Enron Enron

- American Institute of Certified - American Institute of Certified Public AccountantsPublic Accountants

For non-profit organizations For non-profit organizations (UCR)(UCR)

- SAS 112- SAS 112

Why SAS112?Why SAS112?

- United States Federal Law and SEC- United States Federal Law and SEC For Public CompaniesFor Public Companies

-Sarbanes–Oxley (SOX):-Sarbanes–Oxley (SOX):Requires Requires

conducting an conducting an assessment of the assessment of the effectiveness of effectiveness of internal controls internal controls by management, by management,

to be audited and to be audited and approved by the approved by the company’s company’s independentindependent accountantsaccountants

SAS112 is our SOXSAS112 is our SOX

4

Northwestern University (2003). Fine = $5.5m

Harvard University (2004). Fine = $2.6m

Florida International University (2005). Fine= $11.5m

University of Alabama Birmingham (2005). Fine =$3.4 m

Non-Compliance Fine$ - Contract & GrantsNon-Compliance Fine$ - Contract & Grants

Mayo Foundation (Mayo Clinics). Fine = $6.5m

University of California (2002). Fine =$1.8 m

5

What is SAS112?What is SAS112?Establishes standards for communicating internal Establishes standards for communicating internal control issues relating to:control issues relating to:

-integrity of financial reportingintegrity of financial reporting-compliance with applicable laws and regulationcompliance with applicable laws and regulation

Establishes standards that classifies Establishes standards that classifies communicated control issues as:communicated control issues as:

- control deficiencies- control deficiencies - significant deficiencies - significant deficiencies - material weaknesses- material weaknesses

SAS112 standards have been adopted SAS112 standards have been adopted by the federal agencies and the by the federal agencies and the Government Audit Standards has been Government Audit Standards has been updated to incorporate SAS112updated to incorporate SAS112

6

Impact of SAS 112 on UCRImpact of SAS 112 on UCR

Due to significant changes in the evaluation of control exceptions

and more stringent audit standards, UCR is more likely to encounter

control issues being identified and reported

- - Increased scrutiny- Larger audit samples

- More evidence and documentation required during audits

-Lower audit materiality thresholds

SAS 112 requires disclosure of deficiencies to Regents and

others7

Impacts of deficiencies and weaknesses disclosures:Impacts of deficiencies and weaknesses disclosures:

-negative impact on reputation -negative impact on reputation -increased internal and external audits-increased internal and external audits-audit disallowances, fines and penalties-audit disallowances, fines and penalties-potential impact on resource allocation-potential impact on resource allocation-negative impact on sponsored project funding-negative impact on sponsored project funding

8

Control Issues withControl Issues with - Ledger reconciliation & review- Ledger reconciliation & review - Certified effort reports- Certified effort reports - Cost Transfers- Cost Transfers - Expenditure monitoring- Expenditure monitoring - Budget variance analysis- Budget variance analysis - Cash handling/ Revenue monitoring - Payroll processing- Payroll processing - Timekeeping & billing- Timekeeping & billing - Fiscal Year End Processes - Fiscal Year End Processes

Generally, internal controls Generally, internal controls at UCR are in order and adequate, at UCR are in order and adequate,

but there are departments,but there are departments,functions and areas where functions and areas where

we noted….we noted….

9

Internal Control

Internal control is broadly defined as a process, effected by the UC

Regents, management and other personnel, designed to provide

reasonable assurance regarding the achievement of objectives in the

following categories:

•Effectiveness and efficiency of operations.

•Reliability of financial reporting. •Compliance with applicable laws and

regulations.

INTERNAL CONTROL

INTERNAL CONTROL

101

Who is responsible for implementing internal controls?

11

PrincipalPrincipalInvestigatorInvestigator

&&Project Project

PersonnelPersonnelDepartments Departments

(Chair/ (Chair/ Director, Director,

MSO, Staff)MSO, Staff)

CentralCentral Offices Offices

((Accounting, Audit & Accounting, Audit & Advisory Services, Advisory Services,

AP&B, OR,AP&B, OR,etc.)etc.)

PARPARTNETNERSRSHIPHIP

Control Units Control Units (Deans/VC(Deans/VC & CFAO)& CFAO)

12

$0$10,000,000$20,000,000$30,000,000$40,000,000$50,000,000$60,000,000$70,000,000$80,000,000

FY03/04 FY04/05 FY05/06

State Agencies

Private

Local GovernmentFederal Government

Source FY03/04 FY04/05 FY05/06

1 Year % Increase/D

ecrease

2 Year % Increase/Decrea

se

Federal Government $36,970,256 $47,197,544 $53,447,911 13% 45%

Local Government $1,553,189 $1,936,147 $2,217,444 15% 43%

Private $14,358,686 $14,711,554 $13,544,906 -8% -6%

State Agencies $5,788,019 $5,985,849 $4,950,031 -17% -14%

Total $58,670,150 $69,831,094 $74,160,292 6% 26%Source: 2005-06 Annual Report on Contract & Grant ExpendituresSource: 2005-06 Annual Report on Contract & Grant Expenditures

Growth in Direct Contract and Grant ExpendituresGrowth in Direct Contract and Grant ExpendituresFiscal Year 2003/04 to Fiscal Year 2005/06

(a)

(a) 26% increase from FY03/04 13

UCR’s Challenge

Increasing extramural support while managing risk

Our GoalFacilitating Faculty Success!

14

efforteffortreportingreporting

cost transfers

overdraft

review of monthly

statements

cost sharing

physical inventory

sub-recipientmonitoring

award close-out

POTENTIALPOTENTIAL RISKS RISKS IN C&GIN C&GAREAAREA

15

FALL 2006

16

C&G Risk: Effort Reports

Symptoms of deficiencies Incomplete or missing reports Late reporting

Major area of concern for Federal Government

Current Efforts New on-line system coming

Resolution of deficiency Remove unsubstantiated costs

17

C&G Risk: Cost Transfers Symptom of Deficiency

High volume Late transfers (may require revised effort reports)

Improper documentation and/or allocation methodology

Major area of concern for Feds Current Efforts

Enhancing Business Rules Resolution of deficiency

Reversal of charges18

C&G Risk: Award Closeout

Symptom of Deficiency Delinquent Financial Reports Delinquent Technical Reports

Area of concern for Feds Current Efforts

Improving notification process Resolution

Future funding withheld for specific awards

Funding to institution withheld 19

Minimizing Risks in Sponsored Project Administration

Training C&G Workshops (to be expanded) Ethics Awareness

Tools Enterprise Reporting System Ledger Recon/Review System

(coming soon) Policies

C&G Manual UCR Research Administration Roles

& Responsibilities (in development)20

Minimizing Risks in Sponsored Project Administration

Timely review of monthly statements Budget to Actual

Anticipate unspent balances or overdrafts Review payroll transactions Regularly meetings/discussion between PIs

administrative staff Immediately report discrepancies

Communication Timely resolution

21

Minimizing Risks in Sponsored Project Administration

Timely return of certifications: Effort Reports Cost sharing Reports Impacts Financial Reports and Award

Close-Out Monitor Sub-recipient’s progress on

project compared to billing statements Potential impact on award close-out

Timely submission of Technical Reports

22

SAS112-Campus DepartmentsSAS112-Campus Departments

General Internal Controls to Minimize RiskGeneral Internal Controls to Minimize Risk

23

Minimizing Risk-Departmental

Department Head: Oversees and is integrated into the financial

management process Ensures proper controls and monitoring procedures

are in place Ensures financial reports are accurate and

meaningful Ensure SAAs, transactors and reviewers are

appropriately trained and supported in their key business process roles

24

Minimizing Risks-Departmental

Timely reconciliation and review of monthly ledgers Budget to Actual review

Analysis of causes for variances Review of payroll transactions by financial staff

and responsible manager Regular review of financial reports by

department manager and business officer Evidence of ledger reconciliation and review

Timely resolution of errors Frequent and late cost transfers can be a

symptom of a deficiency

25

Minimizing Risks-Departmental

Ensure sufficient segregation of duties No one person should have complete control over

the key processing functions for financial transactions

Provides for prevention and detection Errors Inappropriate activities

Post Audit Notification (PAN) Reviews Payroll/Personnel System and UCRFS

transactions Timely Adequate

26

What to do:What to do:

•TrainingTraining

1- Self-report1- Self-report

2-Assistance2-Assistance

Everyone is responsibleEveryone is responsible

•Control AssessmentControl Assessment

When issues are identified:When issues are identified:

3-Escalate/Remediate3-Escalate/Remediate

4-Proactive Approach4-Proactive Approach

When control issues When control issues or policy non-complianceor policy non-complianceare recurring and systemicare recurring and systemic::

It will be transparent It will be transparent and there will be consequencesand there will be consequences

27

Contacts

Gretchen Bolar, Vice Chancellor-Academic Planning & Budget gretchen.bolar@ucr.edu

Bobbi McCracken, Asst. Vice Chancellor-Financial Services bobbi.mccracken@ucr.edu

Mike Jenson, Director-Audit & Advisory Services michael.jenson@ucr.edu

Bruce Morgan, Asst. Vice Chancellor-Office of Research bruce.morgan@ucr.edu

Toffee Jeturian, Asst. Director-Audit & Advisory Services rodolfo.jeturian@ucr.edu

Marc Guerra, Director-Financial Control & Accountability marc.guerra@ucr.edu

28