Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
pwc.com
University of California Audit and Communications Plan
www.pwc.com
For the Year Ending
June 30, 2016
Attachment 1
PricewaterhouseCoopers LLP, 488 South Almaden Blvd, San Jose, CA 95110 T: (408) 817 3700, F: (408) 817 5050, www.pwc.com/us
Members of The Regents Committee on Compliance and Audit University of California
May 2, 2016
Dear Members of the Committee on Compliance and Audit:
We are pleased to have the opportunity to meet with you on May 10, 2016 to present our
2016 Audit Plan for the University of California (the “University”). This report presents to
you our audit and communications plan as well as a summary of our understanding of
expectations and responsibilities between us, our audit approach, service deliverables, audit
and reporting timetable and other matters. Discussion of our plan with you ensures our
engagement team members understand your concerns, and that we agree on mutual needs
and expectations to provide the highest level of service quality. Our plan has been developed
to provide the University with an efficient, high quality audit which addresses the key risks
and business issues of the organization.
The higher education environment continues to be complex, with increasing expectations
about performance, accountability, and value from many different constituents, including
students, parents, regulators, donors, and federal and state governments. Our goal has and
continues to be understanding and delivering upon your expectations and providing you with
the best possible service and value.
In addition, we have included our most recent thought leadership publications that we
believe you will find helpful – Perspectives in Higher Education 2015, which provides a
summary of the more pressing issues impacting the higher education sector, as an
attachment to this plan.
We are pleased to be again serving as the University’s independent auditor. We appreciate
the opportunity and look forward to meeting with you to present this report, address your
questions and discuss any other matters of interest to the Committee on Audit and
Compliance. Please feel free to contact Michael Schini at (408) 817-4345 or Michael
MacBryde at (415) 498-7140 with any questions you may have.
Very truly yours,
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 3
Contents
Executive Summary.................................................................................................... 4
Our Audit Objectives ...................................................................................................7
Business, Regulatory and Other Changes Impacting Our Audit ............................. 8
Our Audit Approach and Risk Assessment ............................................................. 10
Our Deliverables ........................................................................................................ 13
Client Service Team Composition ............................................................................ 14
Multi-location Audit Coordination ........................................................................... 17
Audit Timeline .......................................................................................................... 20
Mutual Understanding of Responsibilities .............................................................. 21
Communications and Planned Interactions ........................................................... 23
Materiality and Independence ................................................................................. 24
Perspectives on Fraud Risk ...................................................................................... 25
Proposed Fees ........................................................................................................... 27
Required Communications with the Audit Committee .......................................... 28
Appendix A 2016 Service Commitments ..................................................................................... 32
Appendix B Audit Strategy ........................................................................................................... 35
Appendix C Approach for Areas of Significant Risk ................................................................... 39
Appendix D
Relevant Pronouncements and External Guidance................................................ 43
Appendix E
Perspectives in Higher Education 2015
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 4
Executive Summary This executive summary is provided to highlight the key points in this service plan such as our
assessment of significant risks and new events impacting the 2016 audit. The remainder of
our service plan provides additional detail on these items as well as the PwC client service
team, an overview of our top-down, risk-based audit approach, our audit responses to
significant risk, and our plan for continuous, two-way communication and reporting to the
Committee and management. The University of California system and its stakeholders expect
us to deliver a high quality audit and that is our number one goal as your auditor. PwC has a
significant focus on audit quality and continuous improvement in our audit processes-- we
are continually standardizing, simplifying and automating through technology to enhance
audit quality while improving the experience for you as well.
You also expect an audit that makes the best use of your time. So as we enter our planning
activities for the 2016 audit, we look at how we can audit more efficiently while delivering
quality and keeping you apprised of the audit and financial reporting impacts caused by
changes to your organization, operating environment, regulatory developments and new
accounting standards.
Current year considerations--what’s new for 2016
As you know, we were formerly the auditors of the University of California but have not
served in this role for the past two years. Although we have had a two year break in service,
we have brought back a significant number of members from our past team who will allow us
to build upon things that have worked well in previous years and enhance our approach from
lessons learned. The commonality of our team leadership will allow a smooth transition back
to PwC. On the other hand, we will commit to bring a fresh perspective to our audit from
selected new team members and also enhancements in the PwC audit approach over the past
two years.
Our efforts will include (some of which we have already begun to perform):
Building upon our previously obtained understanding of the University’s processes,
controls and relationships throughout the University to reduce management’s time
supporting the audit. In fact, we have already begun to coordinate the 2016 audit with
the many stakeholders and locations and plan to utilize work across teams to avoid
duplication in procedures performed.
Enhancing our project management tools and techniques to manage our audits most
effectively.
Ensuring continuous communication with management throughout the audit process to
avoid late surprises.
Focusing on phasing of our audit work throughout the year to balance the workload and
reduce year-end crunch.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 5
Accelerating our Uniform Guidance federal award audit procedures to better leverage the
compliance work into our financial statement audit and to ensure a succinct conclusion to
the Uniform Guidance audit.
Incorporating information technology (IT) and data management tools to improve our
engagement management capabilities allowing us to be more efficient on the
engagement.
Significantly upgrading our audit documentation capabilities through technology to
standardize audit procedures and documentation templates which also allows us to be
more efficient.
Looking forward: The impact of business, regulatory and financial
reporting changes
We will continue to bring a forward looking perspective to the audit and adapt it to the
changing facts and circumstances in your business and regulatory environment. Below we
highlight some of the changes that will impact your audit from 2016 and beyond.
Regulatory developments, such as the impact of the first full year of compliance with the
Uniform Guidance. For 2016, OMB's Uniform Guidance requires all entities that receive
federal funding to implement a formal control framework (such as COSO) and requires
that, as part of our audit, the implementation of this framework is tested. As new
documentation becomes available, we will review it, perform walkthroughs and provide
feedback where appropriate. This also impacts the controls we identify and are required
to test to ensure that the organization meets its compliance requirements over the use of
federal funds.
Two other changes will impact the 2016 audit process. The first expands the scope for
independent auditors, requiring the independent auditor to test at least one Type B
program (non-research or non-student financial aid programs that are less than a
prescribed materiality). The second expands the information required to be included on
the data collection form that will impact the procedures we are required to perform.
Significant IT implementations, such as UCPath, will continue to impact our audit scope.
During and after implementation, we will continue to hold discussions and perform
procedures, as applicable, to ensure the effectiveness of IT controls and consider the level
of reliance we can derive for audit support.
Significant transactions have accounting and reporting implications. We will advise you
of the accounting and reporting impacts of such transactions so you can make more
informed decisions and eliminate surprises.
There are numerous new Governmental Accounting Standards Board (GASB)
pronouncements that will require implementation in 2016 and beyond. In fiscal year
2016, the University has implemented GASB 72, ‘Fair Value Measurement and
Application’ and GASB 80, ‘Blending Requirements for Certain Component Units’ which
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 6
we cover in more detail in section ‘Assessing New Accounting Pronouncements’. For all
future pronouncements, refer to Appendix D. We will continue to work with you to
implement and assess the impacts of these new GASB pronouncements on your financial
reporting as part of our audit plan.
Our transition timeline
Using the information we have gained during our recent discussions with management,
leveraging our prior knowledge of the University, as well as including recurring team
members, we believe we are in a position to “hit the ground running” with respect to the 2016
audit.
Our accelerated transition plan will ensure we are fully coordinated with each location as well
as the Office of the President (UCOP) over the next 60 days. We emphasize close
coordination with you and continuous communication throughout the transition. In addition,
by remaining flexible throughout the transition process and deploying resources
appropriately we will make sure the process is as seamless as possible. We will work with
management to ensure that our audit is well planned and executed to ensure a smooth and
“no surprises” transition.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 7
Our Audit Objectives As the University’s auditor, we are responsible for reporting on numerous financial statements. In performing our audits for 2016, our primary objectives are as follows:
■ Perform an audit of the University of California consolidated financial statements,
University of California Retirement System financial statements, including the University
defined benefit retirement plans, University retirement savings program and report on the
University of California Retirement Plan’s Schedule of Cash Contributions, University’s
Captive Insurance Company, bond opinion related to UCLA Medical Center debt
agreement and each of the five University Medical Centers, in accordance with generally
accepted auditing standards (GAAS) and, as applicable, Government Auditing Standards
(GAS). In connection with our audits, we will obtain reasonable rather than absolute
assurance about whether the financial statements are free of material misstatement,
whether caused by error or fraud.
■ Perform an audit of the University’s compliance with federal award requirements (OMB
Uniform Guidance) in accordance with GAS.
■ Communicate in writing to management and the Committee all material weaknesses and significant deficiencies identified during the audit. In addition, communicate in writing to management all deficiencies in internal control, of consequence, over financial reporting identified during the audits.
■ Complete other communications required under professional standards to the Committee on a timely basis.
In meeting these objectives, we will do the following:
■ Consult with management on a timely basis regarding accounting and financial reporting issues and ensure all matters of significance are reviewed and discussed at the Office of the President and relevant location level.
■ Coordinate efforts with management to ensure that all significant financial statement components are subject to sufficient audit coverage.
■ Evaluate changes in the University, risk profile and internal controls to determine the nature, timing and extent of our testing of controls and substantive tests.
■ Provide relevant expertise to facilitate the resolution of important issues.
■ Report the results of our work to management and the Committee, including constructive observations relating to the University’s financial processes and controls.
We note that the campus foundations have separate audits of their financial statements and the auditor’s reporting on those foundations is directed to the individual foundation audit committees. Accordingly, this Audit and Communications Plan is not focused on the specifics of the campus foundations.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 8
Business, Regulatory and Other Changes
Impacting Our Audit
Our 2016 audit plan has been updated to reflect our prior years' experience, changes in the
University and current regulatory developments. In forming our 2016 audit plan, we factored
in our experience from our most recent 2013 audit of the University, including further
enhancing our risk-based approach to the audit and our scoping of significant locations and
accounts. We have also taken a "fresh look" at our audit approach and considered areas of the
audit that we can perform more efficiently, while still achieving the same effectiveness. We
actively keep current with the University through the actions detailed below:
Monitoring Regulatory Developments
■ Continuing to monitor developments in federal and state hospital reimbursement mechanisms and their potential effect on the University's Medical Centers;
■ Monitoring developments in government contracting regulations and their potential effect on federal contracts held by the University;
■ Identifying other regulatory developments which could either affect our audit procedures under a risk-based approach or have longer term implications; and
■ Working with management to assess the impact of future technical pronouncements on the University's various financial statements.
Capital Spend / Significant IT Implementations
■ Monitoring capital and IT spend for audit implications--with the continuing amount of
capital spending, including significant new construction and IT projects (e.g., UCPath,
EPIC), we will obtain an understanding of the University’s capital spending programs,
evaluate the risks and controls associated with the various programs, and assess the design
of those controls. We also consider and evaluate any IT system changes and their impact
to our audit scope and consider discrete testing of these expenditures.
Advising on Significant Transactions
■ We will provide input to management on the potential accounting impact and reporting
treatment for significant transactions such as Merced 2020 and UCLA’s sale of its royalty
interest connected with a leading prostate cancer medication, Xtandi to Royalty Pharma.
This will help management make informed decisions and eliminate surprises.
Assessing New Accounting Pronouncements
Understanding the effect of new GASB standards--the GASB continues to be active in
standard setting and has a full agenda of projects as detailed in Appendix D. The University is
implementing two new GASB pronouncements in fiscal year 2016, GASB 72, ‘Fair Value
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 9
Measurement and Application’ and GASB 80, ‘Blending Requirements for Certain
Component Units’. Refer below for a summary of these two new pronouncements.
Statement No. 72, ‘Fair Value Measurement and Application’ GASB Statement No. 72, Fair Value Measurement and Application, establishes a hierarchy of
inputs to valuation techniques used to measure fair value. That hierarchy has three levels.
Level 1 inputs are quoted prices (unadjusted) in active markets for identical assets or
liabilities. Level 2 inputs are inputs—other than quoted prices—included within Level 1 that
are observable for the asset or liability, either directly or indirectly. Finally, Level 3 inputs are
unobservable inputs, such as management’s assumption of the default rate among underlying
mortgages of a mortgage-backed security. This Statement requires additional analysis of fair
value if the volume or level of activity for an asset or liability has significantly decreased. It
also requires identification of transactions that are not orderly. This Statement requires
disclosures to be made about fair value measurements, the level of fair value hierarchy, and
valuation techniques. Governments should organize these disclosures by type of asset or
liability reported at fair value. It also requires additional disclosures regarding investments in
certain entities that calculate net asset value per share (or its equivalent).
The requirements of this Statement will enhance comparability of financial statements among
governments by requiring measurement of certain assets and liabilities at fair value using a
consistent and more detailed definition of fair value and accepted valuation techniques. This
Statement also will enhance fair value application guidance and related disclosures in order to
provide information to financial statement users about the impact of fair value measurements
on a government’s financial position.
Statement No. 80, ‘Blending Requirements for Certain Component Units’ GASB Statement No. 80, Blending Requirements for Certain Component Units, improves
financial reporting by clarifying the financial statement presentation requirements for certain
component units. This Statement amends the blending requirements established in
paragraph 53 of Statement No. 14, The Financial Reporting Entity, as amended. This
Statement amends the blending requirements for the financial statement presentation of
component units of all state and local governments. The additional criterion requires
blending of a component unit incorporated as a not-for-profit corporation in which the
primary government is the sole corporate member. The additional criterion does not apply to
component units included in the financial reporting entity pursuant to the provisions of
Statement No. 39, Determining Whether Certain Organizations Are Component Units.
The requirements of this Statement enhance the comparability of financial statements among
governments. Greater comparability improves the decision usefulness of information
reported in financial statements and enhances its value for assessing government
accountability.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 10
Our Audit Approach and Risk Assessment
Our Audit Strategy is based on:
■ The use of a top-down, risk-based approach to planning and conducting the audit; and
■ The application of well-reasoned professional judgment.
These principles allow us to develop and execute our audit strategy in an effective and efficient manner.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 11
Significant Risks
The designation of significant risks which is required by the professional auditing standards, ensures that we place appropriate emphasis and testing on those areas most likely to cause a material financial reporting misstatement. Accordingly, as part of our audit planning, we identify certain audit areas as subject to significant risk of material financial reporting misstatement in the financial statements based on our knowledge of the University and the industries in which it operates. Such audit areas are subject to inherent or specific risks and complexities, critical accounting policies and/or significant judgments and estimates, as further described in the University’s consolidated financial statements, and are key considerations as we develop our current year audit approach. We identified the following significant risks:
Management override of controls - This is a required significant risk on all audit engagements. We perform testing on the appropriateness of journal entries and other adjustments, significant accounting estimates, and significant and/or unusual transactions to address this risk.
Fraud risk in revenue - As discussed in this document, in the section titled, Perspectives on Fraud Risk and Responsibilities, we have a presumption to consider the fraud risk in revenue as significant, which includes grants and contracts, educational activities and patient service revenue.
Valuation of alternative investments - The University has complex investments that are recorded at fair value. The underlying assumptions used to value certain of these investments may be judgmental and subject to risk that amounts received in settlement differ significantly from fair value measurements.
For further information on the implications on our audit associated with these risks, refer to Appendix C.
Elevated Risks
In addition to the significant risks identified above, we have identified the areas below that are not considered significant risks but are areas of focus during the audit due to materiality of the balance or complexity/judgment involved in the accounting. Such audit areas are subject to material accounting policies and/or judgments and are considerations as we develop our current year audit approach. For the current year, these consist of the accounting, reporting and controls over construction.
Lastly, we have additional areas of audit emphasis, which are those areas where we do perform procedures due to their size, complexity or judgment. These include:
■ Accounting and reporting for actuarially determined estimates (retirement plans and retiree health benefit obligations).
■ Accounting for receivables and allowances such as pledges and medical center receivables.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 12
■ Determination of which entities are to be included as component units under GASB reporting guidelines due to their significance and the nature of the University's relationship with the entities.
■ Notes, bonds payable and commercial paper liabilities.
■ Presentation and disclosure of the financial statements.
■ Treatment of related party transactions with the University, as applicable to the separately-issued financial statements of the medical centers and benefit plans.
Uniform Guidance Reporting and Compliance Risk
Although not considered a significant risk from a financial reporting standpoint, we also focus
our audit procedures on regulatory compliance, including healthcare reimbursements, federal
grants, and continued focus on compliance processes and controls over the University's
federally sponsored research and financial aid programs. These procedures are performed in
connection with our OMB Uniform Guidance audit due to the reputational risk and potential
legal ramifications associated with non-compliance.
Additional procedures are required for performing an audit of compliance with requirements
applicable to each major federal program in accordance with GAS. At the time of preparing
this report, we expect that two major programs (research and development and student
financial aid) will be subject to our OMB Uniform Guidance audit for the year ending
June 30, 2016. We expect that one or two additional programs requiring audit as part of the
2016 Uniform Guidance work will be identified as part of the preparation of the 2016
Schedule of Expenditures and Federal Awards.
Refer to Appendix B for a summary of how we develop our audit strategy and
execute our audit.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 13
Our Deliverables
As part of our service to the University, we provide advice on emerging accounting and reporting issues and provide certain other services. Refer to the table below for a listing of services we expect to provide. Prior to commencing any other services, we are required to obtain preapproval from the Committee or the Committee's designee pursuant to the University’s preapproval policy for its independent auditor.
Audit Opinions ■ Report on the financial statements of the University of California
■ Report on the financial statements of the five Medical Centers
■ Report on the University of California Retirement System
■ Report on the University of California Cash Contributions to the Retirement System
■ Report on the financial statements of the University Captive Insurance Company
■ Bond opinion related to UCLA Medical Center debt agreement
■ Reports in accordance with OMB Uniform Guidance, including:
- Internal Control over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance with Government Auditing Standards
- Compliance with Requirements That Could Have a Direct and Material Effect on Each Major Program and on Internal Control Over Compliance
Internal Control
Observations
■ Report to the Committee on control and process deficiencies and
observations, including material weaknesses and significant deficiencies (Regents Letter)
■ Reports to the campus Chancellors on control and process deficiencies and observations (Chancellor Letters)
Agreed-Upon
Procedures
■ Agreed-upon Procedures related to the University’s Mortgage
Origination Program and Supplemental Home Loan Program
■ Agreed-upon Procedures on Intercollegiate Athletic Departments
(NCAA requirements) for six campuses
Other Services ■ Review of consolidated Form 990-T of the Regents of the University of California and University of California Retirement Plan
■ Reviews in connection with bond offerings
■ Accounting consultations and other assistance associated with emerging accounting and reporting issues and complex transactions
■ Financial reporting observations
Committee
Reporting
■ Audit and communications plan
■ Results of audits and required communications
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 14
Client Service Team Composition
While everyone on our team listed below has relevant industry experience in either higher
education/not-for-profit, healthcare, benefit plans or investments, we wanted to specifically
highlight team members with previous experience serving the University of California as
denoted with an asterisk below.
Mike Schini*
Engagement Partner
Mike Schini*
Partner
Lindsay Alexovich*
Senior Manager
Gwen Spencer*
Partner
Matthew Petroski
Director
Mike Schini*
Partner
Mike MacBryde*
Partner
Billy Kim*
Senior Manager
Ann Kennedy*
Partner
Dan Puts*
Senior Manager
Mike Schini*
Partner
Ralph DeAcetis*
Director
Kevin Mitchell*
Senior Manager
Jeffrey Fox
Partner
Chris Chung*
Director
Thomas Wadsworth*
Director
Mike MacBryde*
Partner
Kevin Mitchell*
Senior Manager
John Mattie* National industry leader Higher Education
Tim Weld* National industry leader Health care
Christa Dewire Quality Review Partner
Jim Henry* Senior Relationship Partner
Retirement
Plans Taxes Financial
Statements Investments Government
compliance
Information
Systems Medical
Centers
Medical Center teams Irvine, Davis, Los Angeles, San Diego, San Francisco Partners:
Mike MacBryde* Dave Merriam* Sara Hyzer Managers:
Kevin Mitchell* Billy Kim*
Rick Wang* Alex Daly Tanya Suryoutomo
Campus teams Berkeley, Davis, Irvine, Los Angeles, Merced, Riverside, San Diego, San Francisco, Santa Barbara, Santa Cruz Partners:
Mike Schini* Mike MacBryde* Jill Tregillis Bacon* Dave Merriam* Suzanne Fradette Sara Hyzer Managers:
Billy Kim*
Sara Mijares*
Jessica Kennedy*
Richard Pineda*
Brett Baker
Scott Dudzik
Morgan Wilson
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 15
Key Engagement Team Members
In selecting our team, we focused on those team members with significant, relevant industry
experience in areas that are important to the University – the Medical Centers and the benefit
plans. We also made every effort to select team members with prior experience serving the
University of California as highlighted in the table above. All partners and managers have
relevant higher education and/or healthcare experience from past university audits and, in
almost all cases, other relevant experience.
Mike Schini, Engagement Leader and Signing Partner
Mike leads and directs our overall engagement team and will sign our audit opinion. He is your primary point of contact and speaks for the firm for all technical decisions and matters related to the audit. Mike will meet regularly with the Committee and be in frequent contact with Office of the President management.
Mike MacBryde, Coordinating Audit Partner & Medical Center Audit Partner
Mike MacBryde will work to support Mike Schini and the overall University engagement team
by focusing on identifying and implementing ways to enhance the effectiveness and efficiency
of the audit. In addition, Mike will lead the Medical Center audit teams and be the focal point
through which all Medical Center matters are addressed and resolved. Mike and the Medical
Center teams will work closely with Mike Schini on specific Medical Center-related issues as
they arise.
Ann Kennedy, Investments Audit Partner
Ann will resume leading the PwC audit team that serves the Office of the Chief Investment Officer. This team is responsible for performing all audit procedures over the investment portfolios managed by the Office of the Chief Investment Officer. Ann and her team will work closely with Mike Schini on investment issues that may affect the University and UCRS audits.
Jeffrey Fox, IT Controls Partner
Jeffrey will lead the IT Controls team. This team is responsible for addressing risks associated with your IT systems and controls, as well as identifying areas within your IT environment that can assist with enhancing the quality and efficiency of our audit.
Christa Dewire, University Quality Review Partner
Christa will serve as the Quality Review Partners of the University. In this role, she will provide an independent view of the engagement team's judgments related to auditing and technical accounting matters. She will independently assess the audit plan and its execution, including the quality of the financial statements and the appropriateness of our reports.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 16
Relationship Support
Jim Henry, Senior Relationship Partner and PwC’s U.S. Leadership Team Member
A member of the firm’s U.S. Leadership Team and Strategy Committee and current Market Managing Partner for PwC’s Northern California practice, Jim will resume serving as the Senior Relationship Partner on the University engagement. Jim provides the University with access to an independent leadership resource.
John Mattie, PwC’s U.S. Higher Education Leader and Tim Weld, PwC’s U.S. Healthcare Leader
John and Tim will be resources to you and your engagement team on complex industry issues
as well as to be available to the Committee and management to discuss national trends and
hot topics.
Use of Specialists
The University operates in a highly complex environment, requiring additional expertise beyond traditional audit resources. During the course of the audits, we will utilize our functional experts to evaluate key areas of your business risks— such as the valuation of self-insured risks and insurance accruals, the valuation of pension and postemployment benefit obligations, valuation of certain investments, and third party settlements. Drawing upon their best practice knowledge, our team will provide points of view related to your business, industry and regulatory compliance.
These specialists also will ensure that we have the right resources to achieve our audit objectives. Accordingly, our PwC engagement team will include the following specialists who will work with our audit teams and management at your business units to assist us in executing our audit:
Area of expertise Description of service
Financial Services Valuation Assistance with the evaluation of the fair value of investments and related disclosures
Self Insurance Review of actuarially determined balances and actuarial models involving self insurance reserves
Compensation and Benefit Plans
Review actuarial assumptions related to compensation programs and benefit plans
Healthcare Reimbursements Review third party account transactions subject to complex rules and interpretation
Information Technology Review and testing of IT and application controls
Healthcare Compliance Provide guidance to Medical Center audit teams and the University regarding healthcare compliance requirements
Regulatory Compliance Review the University's Uniform Guidance report and provide perspective on federal agencies' monitoring and expectations of award recipients
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 17
Multi-location Audit Coordination
PwC has adopted a consistent approach for our audit procedures at all University and University related entities. We have developed standardized reporting templates and common audit programs and approaches to achieve consistency and effectiveness. As a result, our reporting structure allows for local teams who understand the unique aspect of each entity but who work within the framework of a common reporting structure.
We have taken the following steps to ensure the overall quality of audit engagement:
■ Prepared and communicated a centrally determined audit scope and plan.
■ Established a framework for continuous communications throughout our engagement teams.
■ Adherence to engagement timelines to achieve your reporting objectives.
■ Achieved continuity across the majority of engagement team from our most recent audit of fiscal 2013.
The multi-location engagement team is aligned to the University's geographical organization and mirrors the management control structure of your organization. This structure, coupled with centralized engagement management, leverages the expertise of our local professionals who can respond directly to questions at each location. The following depicts the organization and flow of information among the different component audit teams.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 18
Office of the President and Office of the Chief Investment Officer– Audit procedures are performed as necessary at these locations in order to opine on the financial statements of the University. We also take into consideration in our audit scope for these locations the requirements of the medical centers audits, the UCRS audit and the audits of the campus foundations. In particular, the investment work we perform at the Office of the Chief Investment Officer has a wide-sweeping impact on the various University components.
Medical Centers and UCRS - As described throughout this document, we perform audits of the stand-alone financial statements for the five medical centers and the University Retirement System which consists of multiple benefit plans. We rely on those stand-alone audits for purposes of the audit of the University’s consolidated financial statements and fiduciary fund financials.
Campuses – We perform specific audit procedures at the campus locations as needed to achieve sufficient coverage to express an opinion on the University's financial statements. We are in the process of determining which locations we will be attending and will update the Committee when that is complete.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 19
Foundations – The audits of the ten campus foundations are performed by separate foundation audit teams. However, as the combined financial statements of the campus foundations are presented discretely in the University’s financial statements, we coordinate with and rely upon the work performed by the campus foundation teams.
Regardless of the extent of audit procedures performed at a location, each location has an assigned partner and manager. Accordingly, our engagement teams have established local points of contact to facilitate the completion of scheduling and planning to support local audit requirements as well as discussion of issues of local interest.
For further discussion of our audit strategy refer to Appendix B.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 20
Audit Timeline
We have developed the following reporting timeline that facilitates the University meeting all of its legal and regulatory requirements. As you can see below, this timeline spans the entire year and represents our commitment to the University throughout the year.
Key Procedures Performed Timing of Procedures
Transition
■ Meet with management to introduce PwC teams and update our
understanding at the in-scope locations
■ Review predecessor auditor’s work papers
■ April - May 2016
■ May 2016
Planning and Audit Management
■ Meet with management to understand the University's activities
and assess risk; and obtain update of operating plans and activities
■ Ongoing throughout the year
■ Assess key audit risks and materiality ■ April 2016
■ Complete understanding of controls and preliminary scoping
of accounts, processes and locations
■ April – May 2016
■ Meet with the Committee to discuss service plan ■ May 2016
■ Coordinate with PwC engagement teams and issue instructions for
the audits of the University and Medical Center financial
statements and benefit plans and Uniform Guidance testing
procedures
■ April – May 2016
Execution and Audit Management
■ Provide consultations on major issues and developments ■ Ongoing throughout the year
■ Perform testing of key monitoring, internal accounting and
management controls
■ May – June 2016
■ Evaluate nature, timing and extent of substantive procedures based
on controls testing
■ May – June 2016
■ Perform substantive audit procedures at interim for both financial
statements and Uniform Guidance audits
■ May – June 2016
■ Perform substantive audit procedures at year end for both financial
statements and Uniform Guidance audits
■ August – October 2016
Completion and Audit Management
■ Issue audit opinions and related financial statements ■ October 2016
■ Meet with the Committee to communicate results of year-end audit
and internal control recommendations
■ November 2016
■ Agreed-upon Procedures related to the sale of Mortgage
Origination Program and Supplemental Home Loan Program loans
■ October 2016
■ Agreed-upon Procedures on Intercollegiate Athletic Departments ■ November 2016
■ Issue Report on Uniform Guidance Compliance ■ February 2017
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 21
Mutual Understanding of Responsibilities
PwC Responsibilities
Our responsibility is to express opinions, based upon our audits, on the University's consolidated financial statements, the University of California Retirement System financial statements; and the five Medical Center financial statements. We conduct our audits in accordance with GAAS and GAS. Those standards require that the auditor obtain reasonable rather than absolute assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. Accordingly, a material misstatement may remain undetected. Also, an audit is not designed to detect error or fraud that is immaterial to the financial statements. An audit includes obtaining an understanding of internal control sufficient to plan the audit and to determine the nature, timing and extent of audit procedures to be performed. An audit is not designed to provide assurance on internal control or to identify all significant deficiencies. However, as your auditor, we are responsible for ensuring that Committee is aware of any significant deficiencies or material weaknesses that come to our attention.
Our responsibility with respect to other information in documents containing audited financial statements is to read such information and consider whether the information or the manner of its presentation is materially inconsistent with information appearing in the basic financial statements.
Our responsibility with respect to Committee communications is to convey those matters that have come to our attention as a result of the performance of our audit.
Our audit does not relieve management of its responsibilities with regard to the financial statements.
We also are responsible for issuing several agreed upon procedures reports, for purposes of
the Mortgage Origination Program and Supplemental Home Loan Program as well as agreed
upon procedures at six of the ten campuses covering the National Collegiate Athletic
Association Bylaws. These agreed upon procedures engagements and resulting reports are
performed in accordance with the attestation standards established by the American Institute
of Certified Public Accountants. These procedures do not constitute an examination, but
rather are procedures designed in conjunction with the specified parties receiving the reports.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 22
Management’s Responsibilities
As part of the audit process, management is responsible for the following:
■ Preparing the University’s, Medical Centers’, and benefit plans’ financial statements in accordance with generally accepted accounting policies.
■ Establishing and maintaining effective internal control over financial reporting.
■ Identifying and ensuring that the University complies with the laws and regulations applicable to its activities.
■ Making all financial records and related information available to PwC.
■ Providing PwC with a letter that confirms certain representations made during the audits.
■ Adjusting the financial statements to correct material misstatements and affirming to PwC in the representation letter that the effects of any uncorrected misstatements aggregated by PwC during the current engagement pertaining to the latest period presented are immaterial, both individually and in the aggregate, to the financial statements taken as a whole.
Committee’s Responsibilities
As part of the audit process, the Committee is responsible for the following:
■ Oversee the reliability of financial reporting including the effectiveness of internal control
over financial reporting.
■ Review and discuss the annual financial statements for the University, the Medical Centers
and the benefit plans and determine whether they are complete and consistent with
operational and other information known to Committee members.
■ Understand significant risks and exposures and management's response to minimize those
risks.
■ Understand the audit scope and approve audit and non-audit services.
PwC 2016 Audit and Communications Plan 23
Communications and Planned Interactions
Our Communications Plan with Management
We communicate with management both in writing and verbally continuously throughout the year. Examples of our ongoing communications include:
■ Issues identification and resolution
■ Meetings with management at Office of
the President, Office of the Chief
Investment Officer, local campuses and
Medical Centers
■ Planning and scoping discussions
■ Internal Audit planning and coordination
■ Discussions of interim audit findings
■ Review of draft financial statements
■ Year-end clearance meetings
Our Communications Plan with the Committee
Our communications with the Committee are designed to comply with standards established by the American Institute of Certified Public Accountants.
Our formal communications will occur via periodic meetings with the Committee at various stages during the year. As part of these meetings we will communicate with the Committee our service approach and audit plan, and our views on risks and controls, including those over financial reporting and governance. In addition, we will present the results of our audits upon completion.
In addition to our scheduled meetings, we are also available, at any time, to respond to Committee members' questions.
Our Interaction with Internal Audit
Although our objectives and responsibilities are necessarily different from those of Internal Audit, the efforts of both our organizations are very much complementary and provide a combined program of balanced audit coverage for the University. We will meet with Internal Audit to update our understanding of their recent activities and discuss our risk assessment and audit approach.
We consider Internal Audit to be an effective and important element in the University’s overall internal control environment. We complete certain procedures when relying on their work, as follows:
■ Review on a timely basis Internal Audit reports and management responses.
■ Understand the Internal Audit plan, including the nature, timing and extent of work.
■ Consider the impact of Internal Audit findings on our audits.
PwC 2016 Audit and Communications Plan 24
Materiality and Independence
Materiality
We consider both quantitative and qualitative factors in our assessment of materiality. We also assess the metrics used by the users of the financial statements in determining the appropriate base for calculating materiality.
Materiality is defined as ‘the magnitude of an omission or misstatement of accounting information that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement.’
We identify and assess the risk of material misstatement at:
■ The overall financial statement level, and
■ In relation to classes of transactions, account balances and disclosures.
Our determination of materiality is a matter of professional judgment, and is affected by our perception of the financial information needs of users of the financial statements. Therefore, the benchmark we use to calculate materiality varies based on the audit being performed.
For the University’s consolidated financial statements, we use total expenditures as our benchmark. Industry practice is to apply a percentage of 1% to 3% of this benchmark of total expenditures to calculate overall materiality.
For the University’s medical centers’ financial statements, we use total operating revenues as our benchmark. Industry practice is to apply a percentage of 1% to 3% of this benchmark of total operating revenues to calculate overall materiality.
For the University’s benefit plans, we will use either total assets or net assets as our benchmark. Industry practice is to apply a percentage of 0.5% to 3% of these benchmarks to calculate overall materiality.
Independence
As auditors of the University, we are subject to a variety of standards to ensure our independence, including American Institute of Certified Public Accountants, Governmental Accountability Office and internal PwC standards. Our quality control processes include confirmation of independence by professional staff and training and are established to ensure our continuing independence.
We hereby confirm our independence of the University for the fiscal year ending June 30, 2016. We will reconfirm our independence at the completion of our June 30, 2016 audits for the University.
PwC 2016 Audit and Communications Plan 25
Perspectives on Fraud Risk
We have a responsibility to plan and perform our audits to obtain reasonable assurance about
whether the financial statements are free of material misstatement, whether caused by error
or fraud. In order to fulfill that responsibility, as part of our audits, we are required to gain an
understanding of the risk of material misstatement due to fraud at the University and
perform certain procedures to respond to the fraud risks identified.
The oversight responsibilities of senior management and the Committee and PwC’s
responsibilities are outlined below.
Management Responsibilities ■ Design and implement programs and controls to prevent,
deter and detect fraud (antifraud programs)
■ Ensure that the University's culture and environment
promote honesty and ethical behavior
■ Perform a risk assessment that specifically includes the risk
of fraud addressing incentives and pressures,
opportunities, and attitudes and rationalization
■ Assess management override of controls and communicate with the Committee
Conditions Generally Present
Incentive/Pressure
Reason to commit f raud
Attitude/Rationalization
Character or set of ethical values that allow
a person to knowingly and intentionally commit
a dishonest act
Opportunity
Circumstances exist such as the absence
of controls, ineffective controls or ability
for management to override controls
that allow f raud to occur
Why
Commit
Fraud?
Attitude/Rationalization
Fraudulent Financial
Reporting
Misappropriation
of Assets
Attributes Contributing to Increased Fraud Risk
Size, complexity and ownership attributes of the University
Type, signif icance, likelihood and pervasiveness of the risk
Types of Fraud
PwC 2016 Audit and Communications Plan 26
Committee Considerations ■ Evaluate management’s identification of fraud risks, implementation of antifraud measures, and creation of appropriate “tone at the top”
■ Ensure that senior management implements appropriate fraud deterrence and prevention measures to better protect investors, employees and other stakeholders
■ Investigate any alleged or suspected wrongdoing brought to its attention
■ Challenge management in the areas of non-routine, related party and inter-company transactions
PwC’s Role ■ Plan and perform the audit to provide reasonable assurance that the financial statements are free of material misstatement, whether caused by fraud or error
■ Evaluate whether the University's programs and controls that address identified risks of material misstatement due to fraud have been suitably designed and placed in operation
■ Evaluate management’s process for assessing effectiveness of antifraud programs and controls
■ Evaluate fraud of any magnitude on the part of senior management and the impact on the control environment
PwC’s Procedures In order to fulfill our responsibilities related to fraud, we plan to perform the following procedures:
■ Inquiries of management, the Chair of the Committee, Internal Audit and others related to knowledge of fraud or suspected fraud, the fraud risk assessment process and how fraud risks are addressed by the University
■ Disaggregated analytical procedures, primarily over revenue
■ Incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures to be performed annually
■ Identify and select journal entries and other adjustments for testing
■ Evaluate estimates ad assumptions used by management that could have a material impact on the financial statements
■ Review Internal Audit reports and remain alert for matters that are indicators of fraud
PwC 2016 Audit and Communications Plan 27
Proposed Fees
The University is an important client of PwC, and our fees reflect our commitment to our
long-term relationship with the University. Our deep understanding of higher education
organizations and more specifically, of the University, enable us to perform the audit
efficiently and within a compressed timeframe. These factors contribute to a competitive,
cost effective audit. Our proposed fees listed below are inclusive of all out-of-pocket expenses.
Deliverable June 30, 2016 Fee
Consolidated Audit 1 ,405,050$
Federal Grants and Contracts 47 6,200$
NCAA Agreed-Upon Procedures 17 1,690$
Consolidated Form 990T 10,551$
Medical Center Audits 1 ,620,050$
Retirement Plan Cash Contributions 5,695$
UCLA Medical Center Bond Opinion 2,232$
Retirement System Audits 247 ,37 5$
Mortgage Origination Program Agreed-Upon Procedures 37 ,510$
Captive Insurance Company 56,420$
T otal 4,032,7 7 3$
PwC 2016 Audit and Communications Plan 28
Required Communications with the Audit
Committee
Matter to be communicated Auditor’s response
Relationships between PwC (or any affiliates of the Firm) and the University(and its affiliates) and other matters that might reasonably be thought to bear on independence
We carefully monitor the independence of our team members. Should we become aware of an independence breach or new circumstance that would affect our ability to complete the audit, we will inform you immediately.
There were no relationships or other matters identified that might reasonably be thought to bear on independence.
Communications plan Our communications plan described above provides an overview of the form, timing and expected general content of communications with management and the Committee on Compliance and Audit.
Significant issues discussed with management prior to appointment or retention
There were no significant issues discussed with management in connection with the appointment of PwC.
Terms of the audit engagement The terms of the audit engagement, including the objective of the audit and management's and our responsibilities, are set forth in our engagement letter dated April 20, 2016.
Obtain information relevant to the audit
We will inquire of the Committee on Compliance and Audit about whether it is aware of matters relevant to the audit and about the risks of material misstatement.
Summary audit strategy We will communicate to the Committee on Compliance and Audit the planned audit strategy, including the timing of the audit and the significant risks identified. Matters included in the overall audit strategy include, among other matters, involvement of specialists and the extent of use of the work of internal audit. Refer to Appendix B for a summary of our overall audit strategy.
PwC 2016 Audit and Communications Plan 29
Matter to be communicated Auditor’s response
Perspectives on fraud risks We will inquire of the Committee on Compliance and Audit to obtain its views on the risk of fraud and whether the Audit Committee has knowledge of any fraud, alleged fraud, or suspected fraud affecting the entity.
We will discuss how the Committee exercises oversight of the entity’s assessment of the risks of fraud and the entity’s antifraud programs and controls (specifically as it relates to the potential for management to override controls).
As you are aware, an audit conducted in accordance with generally accepted standards is designed to consider the risk of fraud that could be material to the financial statements, but it is not designed to detect all instances of fraud. From time to time, we may became aware of immaterial instances of fraud through our inquiries or other procedures. To the extent such instances are significant, we will inquire of management to ensure that these matters have been reported to you under existing reporting protocols. We will inform you of any matters of fraud that is potential material to the financial statements or those that may involve members of senior management.
30
© 2016 PricewaterhouseCoopers LLP. All rights reserved. In this document, "PwC" refers to PricewaterhouseCoopers LLP, a Delaware
limited liability partnership, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a
separate legal entity. This document is for general information purposes only, and should not be used as a substitute for consultation with
professional advisors.
Appendix A
Appendix A
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 32
2016 Service Commitments
To provide a high quality and efficient audit, we must understand the University's needs and expectations. Our ongoing meetings with management and the Committee are a key part of the audit process in ensuring we obtain that understanding. Below is a summary of those key ongoing expectations and our related responses based on initial discussions with management of the University and our existing knowledge of the University. We welcome your feedback regarding our performance at any point.
Our service commitments for the 2016 audit
In preparing for this year's audit, we have listened to your input on what is most important to you as it relates to your needs and expectations for the audit. Below are the commitments we are making to you related to delivering a quality audit in accordance with professional standards. Throughout the year, we plan to revisit these commitments and evaluate our progress with you and welcome your feedback on how we can best work together.
What we heard about your needs and expectations
Our commitment to the University of California
Engagement team Assign industry focused resources and maintain team continuity of senior team members at key locations
Provide direct access to Jim Henry, Senior Relationship Partner, PwC industry leaders John Mattie and Tim Weld and other specialists, as needed throughout the year
Audit performance
Conduct a 2016 audit debrief with the University to co-ensure a successful audit for 2017
Execute a high quality audit with no surprises through effective project management, timely partner and manager involvement throughout the audit process and regular contact with management and the Committee
Work proactively with management on transactions and technical issues
Deliver an audit that reflects the complexities of the University’s business and risks
Optimize the work of Internal Audit by understanding its activities and sharing our external audit scope with them
Coordination, communication and project management
Communicate proactively and continuously with management and the Committee
Hold regular status update meetings with Peggy Arrivas and Ruth Satorre throughout the year/ weekly meetings with all team leads during year-end
Meet with the Internal Audit teams to discuss significant findings and upcoming plans
Meet with IT management throughout your organization to further our understanding of the University’s activities, communicate the status of our audits and to assist us with the identification of issues and risks
Work closely and meet regularly with our component audit engagement teams to monitor accounting issues arising and ensure timely issuance of deliverables
Actively coordinate with all locations to eliminate duplication of efforts by providing the results of certain audit procedures that are performed at Office of the President to these teams, as applicable
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 33
What we heard about your needs and expectations
Our commitment to the University of California
Seek feedback regarding our performance from the Committee on Compliance and Audit, senior management and other key accounting/finance personnel at least annually
Business insights Overview
Hold quarterly business strategy and update meetings with Nathan Brostrom
Hold periodic regulatory and compliance update calls with Sheryl Vacca
Through IT Audit Partner Jeffrey Fox and other specialists, provide views on the University’s IT implementations including the effectiveness of controls within core applications
Share industry leading practices to assist the University with the development of a global set of IT controls that can be leveraged across campuses and medical centers
Help implement new GASB pronouncements that will be effective in 2016 or near future
Share audit observations and thought leadership around process improvement ideas and regulatory matters
Invite management to attend technical training sessions as well as relevant industry-specific seminars
Share insights with the Committee gathered from our Center for Board Governance
Provide access to PwC specialists who bring valuable input to topics important to the University such as in the areas of IT, investments, pensions, workers compensation and medical center receivables
New Health Economy
Leverage our Healthcare thought leadership and bring our healthcare leaders to the University Medical Centers including, at your request, participating in CEO/CFO periodic meetings
Invite Medical Center CFOs to PwC’s Academic Medical Center CFO Roundtable Emerging Technical Issues Briefings
Leverage Martha Garner, who serves as National Technical Accounting Director for Higher Education and
Healthcare and has been exclusively servicing higher education and healthcare entities in her national role for more
than 25 years, to provide technical advice and advice on emerging GASB pronouncements and ensure the timely
resolution of technical issues for the University
Annual Regulatory Update
Ralph DeAcetis (our Higher Education and Uniform Guidance Regulatory Managing Director) will provide a briefing on the latest developments from Office of Management and Budget, the Department of Education, and other key federal initiatives that may impact the University’s federal award programs.
Mike MacBryde (your lead Healthcare Partner) will cover healthcare regulatory compliance and reimbursement updates
Appendix B
Appendix B
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 35
Audit Strategy
Developing Audit Strategy
Top-Down Risk Assessment
Our audit approach is based on the application of well-reasoned professional judgment. We identify audit risks first by considering the business and its environment, and then by considering the key risks related to the significant accounts and relevant assertions, locations or business units and significant processes. Key risks are audit risks that require special audit consideration.
Where applicable, we also obtain an understanding of management's risk assessment. The result is the development of an audit strategy tailored to the risk conditions of the University and focused on identifying and testing only those key controls that are relevant to preventing or detecting material misstatements of the financial statements, whether caused by error or fraud.
Risk-Based Scoping Considerations
Fundamental to our top-down, risk-based audit approach is an understanding of:
■ The size and complexity of the business and its components.
■ The existence and effectiveness of entity-level and information technology general controls (“ELCs and ITGCs”) in our determination of the nature, timing and extent of testing.
■ The existence and effectiveness of internal controls.
We scale our audit approach by considering the size and complexity of the business and management's monitoring of controls and business processes. By appropriately scaling the audit, we consider the control environment in which the University operates, which has a pervasive impact on our assessment of the controls necessary to address material risks of misstatement.
Early in the audit process, we assess ELCs and the University’s use of IT. ELCs are controls that may be operational throughout the entire organization, both at a corporate and business unit/management unit level. Our evaluation of the effectiveness of ELCs and the level of precision at which they operate can result in increasing or decreasing the testing that we otherwise would have performed on controls at the process, transaction or application levels. Accordingly, we emphasize the upfront identification and testing of ELCs, which can have a significant impact on the nature, timing and extent of our controls testing.
Generally, IT is a critical element in developing the audit plan. The assessment of IT considers the level and complexity of controls automation, system complexity, platforms used, approach to security and the security architecture, known problems, and the nature and volume of transactions. This understanding assists in determining the approach to auditing the effectiveness of automated controls and ITGCs.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 36
Determining Significant Accounts and Locations
Once we have completed our initial risk assessment and gained an understanding of ELCs and ITGCs, we will determine the most effective and efficient way to obtain audit evidence using well-reasoned professional judgment. This determination begins at the financial statement level by identifying significant accounts and disclosures, considering the relevant assertions related to those accounts and disclosures, and identifying the significant processes and key controls.
Determining Significant Accounts
The determination of whether an account or disclosure is significant to the audit of the financial statements is based on whether there is a reasonable possibility that the account could contain a misstatement that, individually or when aggregated with others, could have a material effect on the financial statements. In addition to quantitative metrics, risk factors such as the following contribute to our determination of the significance of an account or disclosure:
■ Size and composition of the account ■ Accounting and reporting complexities associated with the account or disclosure
■ Susceptibility of misstatement due to errors or fraud
■ Exposure to losses in the account
■ Volume of activity, complexity and homogeneity of the individual transactions processed through the account or reflected in the disclosure
■ Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure
■ Nature of the account or disclosure ■ Existence of related party transactions in the account
■ Changes from the prior period in account or disclosure characteristics
■ Knowledge obtained in prior audits
For those accounts and disclosures deemed significant, we identify relevant financial statement assertions and the significant processes and then identify the key controls which serve to prevent or detect a material misstatement.
Determining Locations
The scoping of locations is based on the risk of material misstatement. In determining the locations or business units at which to perform tests of controls, we assess the risk of material misstatement of the financial statements associated with the location or business unit and correlate the amount of audit attention devoted to the location or business unit with the degree of risk.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 37
Executing Audit Strategy
We execute our audit strategy using the following process:
■ Understanding, evaluating and assessing the design of controls through inquiry, observation, inspection and reperformance, including walkthroughs.
■ Gathering evidence by execution of controls testing through our own work and substantive testing.
■ Evaluating the results of our testing, including reassessing risk and the sufficiency of evidence.
Assessing the Design of Controls We evaluate and assess the design of controls with information obtained from various sources including our interaction with management, knowledge obtained from past audits, performing walkthroughs where deemed appropriate and different combinations of inquiry, observation, and inspection. Our controls testing provides us with evidence of the design and operating effectiveness of controls, including those related to the prevention or detection of fraud. Our controls testing approach is dependent on the work of internal audit and their competence and objectivity. Gathering Evidence
We obtain sufficient competent evidence through a combination of our own audit procedures and reliance placed on the work of internal audit. We ensure an efficient audit by focusing only on those key controls that prevent or detect material misstatements of the financial statements, whether caused by error or fraud. For those identified key controls, we test operating effectiveness. Our method of testing will depend, amongst other things, on the risk of misstatements that the controls are intended to prevent or detect, the inherent risk associated with the related account and assertion, the control's complexity and other factors affecting the risk associated with the control. As the risk of material misstatement increases, the amount of audit evidence needed increases.
We assess the effectiveness of internal control and the nature of risk associated with an account in determining the nature, timing and extent of substantive procedures. The nature and degree of risk is the key determinant in how much additional audit evidence should be obtained from analytical procedures (such as trend or ratio analysis), tests of details (such as vouching third-party source documentation) or a combination of these procedures.
Evaluating Results
Our risk assessment is a pervasive process in which we continuously evaluate the nature, timing and extent of testing and determine whether we have obtained sufficient competent evidence. We evaluate evidence from the work of others, and our independent tests of controls and substantive audit evidence. The results of certain tests may lead to changes in our risk assessment, which may either increase or reduce the procedures performed.
Completion
Prior to the issuance of our audit opinion on the various financial statements, we will perform audit completion activities, including the evaluation of internal control deficiencies; the review of the financial statements, including the adequacy and reasonableness of presentation and footnote disclosures; and the performance of other audit procedures as required by professional standards.
Appendix C
Appendix C
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 39
Approach for Areas of Significant Risk
As described in the Our Audit Approach and Risk Assessment section of this document, our integrated audit approach is a top-down, risk-based approach, and we continually reassess audit risks throughout the audit process.
Higher risk areas, in our judgment, require special audit consideration because of the nature of the risk (higher inherent risk), the likely magnitude of potential misstatements (including the possibility that the risk may give rise to multiple misstatements) and the likelihood of the risk occurring.
We have obtained an understanding of your financial, accounting, business and information system strategies in order to assess audit risks at the University. The following list summarizes audit risks and our approach for the 2016 financial statement audits and the procedures we will perform to reduce the related audit exposure. It is not intended to be a complete listing of all risks or all procedures that we perform in connection with our audits.
Audit Area Risk Factors Audit Implications/ Approach
Valuation of alternative investments
■ Investments may not be valued appropriately.
■ Given the size of the University’s portfolio, that it includes non-readily marketable securities, and the inherent risks and complexity of this area, our audit continues to place significant emphasis on the University's investment portfolio.
■ Valuation of securities, including non-marketable securities, such as private equity funds, real estate limited partnerships and hedge funds, are inherently more complex to value.
■ Obtain an understanding of the processes and procedures in place to ensure the existence and valuation of investments.
■ Test the operating effectiveness of key controls within the investments cycle, including due diligence and monitoring controls.
■ Assess the financial reporting risk inherent in each fund based on the level of transparency into each investment.
■ Consider the experience and expertise of individuals responsible for the accuracy of the fair value of investments.
■ Understand and evaluate service organizations used.
■ Confirm fair values of securities, on a sample basis.
■ Obtain audited/reviewed financial statements for selected non-readily marketable securities.
■ Review all important reconciliations and year end portfolios for evidence of non-recorded transactions and contracts; confirm material pending trades and other liabilities.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 40
Audit Area Risk Factors Audit Implications/ Approach
Fraud risk in
revenue
■ We have a responsibility
to plan and perform our audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.
■ Gain an understanding of the
material risks of fraud at the University and perform audit procedures to address those risks, including management interviews, testing of journal entries, disaggregated revenue analytics and incorporating unpredictability into our audit work.
■ See "Perspectives on Fraud Risk and Responsibilities" section of this document.
Grants and
contract revenue; and educational activities
The University receives
significant funding from various agencies. The University must continue to comply with compliance regulations of federal agencies.
■ Obtain sponsored research contracts
to gain comfort on the existence of the revenues received.
■ Test compliance with allowable cost principles for federally funded sponsored research programs in accordance with OMB Uniform Guidance, “Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal awards” and other specific grant requirements.
■ Perform analytical review of revenues.
■ Assess and test key compliance controls; test compliance with material compliance requirements applicable to major programs.
Medical Center
patient service revenue
■ Revenue transactions are
not processed in the proper period.
■ The environment surrounding billing, collecting and determining reserves continues to be complex.
■ Accounts may not exist.
■ Perform patient revenue testing,
verifying the existence of patient charges.
■ Supplement our tests with analytical procedures on all key areas.
■ Assess the reasonableness of management’s estimates for contractual allowances and bad debts by evaluating the current year’s methodology, assessing the adequacy of the prior year’s estimates and substantive analytics.
■ Utilize our Healthcare Reimbursement Specialists to assist
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 41
Audit Area Risk Factors Audit Implications/ Approach
us in our testing of contractual allowances.
Management
override of controls
■ Financial statements
could be materially misstated.
■ Misappropriation of assets.
■ Evaluate the design and operating
effectiveness of internal controls as well as perform substantive tests of details for significant risk areas including testing journal entries.
PwC 2016 Audit and Communications Plan 42
Appendix D
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 43
Relevant Pronouncements and External
Guidance
GASB Pronouncements
In addition to GASB 72 and 80 that were discussed above, the following GASB
pronouncements are effective in fiscal 2016 but are not expected to have a
significant impact on the University.
GASB Statement No. 73, Accounting and Financial Reporting for Pensions and
Related Assets That Are Not within the Scope of GASB Statement 68, and
Amendments to Certain Provisions of GASB Statements 67 and 68
The requirements of this Statement extend the approach to accounting and financial
reporting established in Statement 68 to all pensions, with modifications as necessary to
reflect that for accounting and financial reporting purposes, any assets accumulated for
pensions that are provided through pension plans that are not administered through trusts
that meet the criteria specified in Statement 68 should not be considered pension plan assets.
It also requires that information similar to that required by Statement 68 be included in notes
to financial statements and required supplementary information by all similarly situated
employers and non-employer contributing entities.
This Statement also clarifies the application of certain provisions of Statements 67 and 68
with regard to the following issues:
Information that is required to be presented as notes to the 10-year schedules of
required supplementary information about investment-related factors that
significantly affect trends in the amounts reported
Accounting and financial reporting for separately financed specific liabilities of
individual employers and non-employer contributing entities for defined benefit
pensions
Timing of employer recognition of revenue for the support of non-employer
contributing entities not in a special funding situation.
The requirements of this Statement will improve financial reporting by establishing a single
framework for the presentation of information about pensions, which will enhance the
comparability of pension-related information reported by employers and nonemployer
contributing entities.
The requirements of this Statement that address accounting and financial reporting by
employers and governmental nonemployer contributing entities for pensions that are not
within the scope of Statement 68 are effective for financial statements for fiscal years
beginning after June 15, 2016 (fiscal 2017), and the requirements of this Statement that
address financial reporting for assets accumulated for purposes of providing those pensions
are effective for fiscal years beginning after June 15, 2015 (fiscal 2016). The requirements of
this Statement for pension plans that are within the scope of Statement 67 or for pensions
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 44
that are within the scope of Statement 68 are effective for fiscal years beginning after June 15,
2015 (fiscal 2016).
GASB Statement No. 76, The Hierarchy of Generally Accepted Accounting
Principles for State and Local Governments
The objective of this Statement is to identify—in the context of the current governmental
financial reporting environment—the hierarchy of generally accepted accounting principles
(GAAP). The “GAAP hierarchy” consists of the sources of accounting principles used to
prepare financial statements of state and local governmental entities in conformity with
GAAP and the framework for selecting those principles. This Statement reduces the GAAP
hierarchy to two categories of authoritative GAAP and addresses the use of authoritative and
nonauthoritative literature in the event that the accounting treatment for a transaction or
other event is not specified within a source of authoritative GAAP. This Statement supersedes
Statement No. 55, The Hierarchy of Generally Accepted Accounting Principles for State and
Local Governments.
The requirements in this Statement improve financial reporting by (1) raising the category of
GASB Implementation Guides in the GAAP hierarchy, thus providing the opportunity for
broader public input on implementation guidance; (2) emphasizing the importance of
analogies to authoritative literature when the accounting treatment for an event is not
specified in authoritative GAAP; and (3) requiring the consideration of consistency with the
GASB Concepts Statements when evaluating accounting treatments specified in
nonauthoritative literature. As a result, governments will apply financial reporting guidance
with less variation, which will improve the usefulness of financial statement information for
making decisions and assessing accountability and enhance the comparability of financial
statement information among governments.
Statement No. 76 is effective for the University for the year ending June 30, 2016.
GASB Statement No. 79, Certain External Investment Pools and Pool
Participants
This Statement addresses accounting and financial reporting for certain external investment
pools and pool participants. Specifically, it establishes criteria for an external investment pool
to qualify for making the election to measure all of its investments at amortized cost for
financial reporting purposes. An external investment pool qualifies for that reporting if it
meets all of the applicable criteria established in this Statement. The specific criteria address
(1) how the external investment pool transacts with participants; (2) requirements for
portfolio maturity, quality, diversification, and liquidity; and (3) calculation and
requirements of a shadow price. Significant noncompliance prevents the external investment
pool from measuring all of its investments at amortized cost for financial reporting purposes.
Professional judgment is required to determine if instances of noncompliance with the
criteria established by this Statement during the reporting period, individually or in the
aggregate, were significant.
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 45
If an external investment pool does not meet the criteria established by this Statement, that
pool should apply the provisions in paragraph 16 of Statement No. 31, Accounting and
Financial Reporting for Certain Investments and for External Investment Pools, as
amended. If an external investment pool meets the criteria in this Statement and measures all
of its investments at amortized cost, the pool’s participants also should measure their
investments in that external investment pool at amortized cost for financial reporting
purposes. If an external investment pool does not meet the criteria in this Statement, the
pool’s participants should measure their investments in that pool at fair value, as provided in
paragraph 11 of Statement 31, as amended.
This Statement establishes additional note disclosure requirements for qualifying external
investment pools that measure all of their investments at amortized cost for financial
reporting purposes and for governments that participate in those pools. Those disclosures for
both the qualifying external investment pools and their participants include information
about any limitations or restrictions on participant withdrawals.
The requirements of this Statement are effective for reporting periods beginning after June
15, 2015, except for certain provisions on portfolio quality, custodial credit risk, and shadow
pricing. Those provisions are effective for reporting periods beginning after December 15,
2015.
The following GASB pronouncements will have an effect on the University
beginning in fiscal 2017 or beyond:
GASB Statement No. 74, Financial Reporting for Postemployment Benefit Plans
Other Than Pension Plans
The objective of this Statement is to improve the usefulness of information about
postemployment benefits other than pensions (other postemployment benefits or OPEB)
included in the general purpose external financial reports of state and local governmental
OPEB plans for making decisions and assessing accountability. This Statement results from a
comprehensive review of the effectiveness of existing standards of accounting and financial
reporting for all postemployment benefits (pensions and OPEB) with regard to providing
decision-useful information, supporting assessments of accountability and interperiod equity,
and creating additional transparency.
Statement No. 74 is effective for the University for the year ending June 30, 2017.
GASB Statement No. 75, Accounting and Financial Reporting for
Postemployment Benefits Other Than Pensions
The primary objective of this Statement is to improve accounting and financial reporting by
state and local governments for postemployment benefits other than pensions (other
postemployment benefits or OPEB). It also improves information provided by state and local
governmental employers about financial support for OPEB that is provided by other entities.
This Statement results from a comprehensive review of the effectiveness of existing standards
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 46
of accounting and financial reporting for all postemployment benefits (pensions and OPEB)
with regard to providing decision-useful information, supporting assessments of
accountability and inter-period equity, and creating additional transparency.
Statement No. 75 is effective for the University for the year ending June 30, 2018. The
University plans to adopt this Statement early for the year ending June 30, 2017.
GASB Statement No. 77, Tax Abatement Disclosures
Tax abatements are widely used by state and local governments, particularly to encourage
economic development. This Statement requires disclosure of tax abatement information
about (1) a reporting government’s own tax abatement agreements and (2) those that are
entered into by other governments and that reduce the reporting government’s tax revenues.
This Statement requires governments that enter into tax abatement agreements to disclose
the following information about the agreements:
Brief descriptive information, such as the tax being abated, the authority under which
tax abatements are provided, eligibility criteria, the mechanism by which taxes are
abated, provisions for recapturing abated taxes, and the types of commitments made
by tax abatement recipients.
The gross dollar amount of taxes abated during the period
Commitments made by a government, other than to abate taxes, as part of a tax
abatement agreement.
Governments should organize those disclosures by major tax abatement program and may
disclose information for individual tax abatement agreements within those programs.
Tax abatement agreements of other governments should be organized by the government that
entered into the tax abatement agreement and the specific tax being abated. Governments
may disclose information for individual tax abatement agreements of other governments
within the specific tax being abated. For those tax abatement agreements, a reporting
government should disclose:
The names of the governments that entered into the agreements
The specific taxes being abated
The gross dollar amount of taxes abated during the period.
Statement No. 77 is effective for the University for the year ending June 30, 2017.
Statement No. 78, Pensions Provided through Certain Multiple-Employer
Defined Benefit Pension Plans
The objective of this Statement is to address a practice issue regarding the scope and
applicability of Statement No. 68, Accounting and Financial Reporting for Pensions. This
issue is associated with pensions provided through certain multiple-employer defined benefit
pension plans and to state or local governmental employers whose employees are provided
with such pensions. Prior to the issuance of this Statement, the requirements of Statement 68
University of California Report to the Committee on Compliance and Audit
PwC 2016 Audit and Communications Plan 47
applied to the financial statements of all state and local governmental employers whose
employees are provided with pensions through pension plans that are administered through
trusts that meet the criteria in paragraph 4 of that Statement.
This Statement amends the scope and applicability of Statement 68 to exclude pensions
provided to employees of state or local governmental employers through a cost-sharing
multiple-employer defined benefit pension plan that (1) is not a state or local governmental
pension plan, (2) is used to provide defined benefit pensions both to employees of state or
local governmental employers and to employees of employers that are not state or local
governmental employers, and (3) has no predominant state or local governmental employer
(either individually or collectively with other state or local governmental employers that
provide pensions through the pension plan). This Statement establishes requirements for
recognition and measurement of pension expense, expenditures, and liabilities; note
disclosures; and required supplementary information for pensions that have the
characteristics described above.
Statement No. 78 is effective for the University for the year ending June 30, 2017.
Statement No. 81, ‘Irrevocable Split-Interest Agreements’ The objective of this Statement is to improve accounting and financial reporting for
irrevocable split-interest agreements by providing recognition and measurement guidance for
situations in which a government is a beneficiary of the agreement. This Statement requires
that a government that receives resources pursuant to an irrevocable split-interest agreement
recognize assets, liabilities, and deferred inflows of resources at the inception of the
agreement. Furthermore, this Statement requires that a government recognize assets
representing its beneficial interests in irrevocable split-interest agreements that are
administered by a third party, if the government controls the present service capacity of the
beneficial interests. This Statement requires that a government recognize revenue when the
resources become applicable to the reporting period.
Statement No. 81 is effective for the University for the year ending June 30, 2018.
Statement No. 82, ‘Pension Issues’ The objective of this Statement is to address certain issues that have been raised with respect
to Statements No. 67, Financial Reporting for Pension Plans, No. 68, Accounting and
Financial Reporting for Pensions, and No. 73, Accounting and Financial Reporting for
Pensions and Related Assets That Are Not within the Scope of GASB Statement 68, and
Amendments to Certain Provisions of GASB Statements 67 and 68. Specifically, this
Statement addresses issues regarding (1) the presentation of payroll-related measures in
required supplementary information, (2) the selection of assumptions and the treatment of
deviations from the guidance in an Actuarial Standard of Practice for financial reporting
purposes, and (3) the classification of payments made by employers to satisfy employee (plan
member) contribution requirements.
Statement No. 82 is effective for the University for the year ending June 30, 2017.
Appendix E
www.pwc.com
Perspectives in higher education 2015
2015
PwC
Table of contents
Introduction ......................................................................................................................................................................... 1
Changing student demographics ........................................................................................................................................ 2
Evolving audit committee practices ................................................................................................................................... 5
Succession planning for executive leadership ................................................................................................................... 7
Regulatory compliance ...................................................................................................................................................... 10
Institutional compliance ................................................................................................................................................... 16
Cybersecurity .................................................................................................................................................................... 20
Information technology .................................................................................................................................................... 22
Shared services: A source for administrative efficiency ................................................................................................. 25
The outlook from Washington ......................................................................................................................................... 28
Contributors ....................................................................................................................................................................... 31
PwC 1
Introduction
The pace of change within higher education continues to intensify. In the past year alone, we have seen the release
of new and proposed financial accounting pronouncements and enhanced federal regulatory requirements, coupled
with increased expectations around overall institutional performance from multiple constituents including
students, parents, faculty, donors, and the government.
In this edition of “Perspectives in higher education,” we have highlighted some of the most pressing challenges—
and the related opportunities—facing colleges and universities. From a financial and regulatory perspective,
institutions continue to debate the topics of implementing shared service centers and other business models and
practices to enhance efficiency, while at the same time examining organizational structures to manage regulatory
compliance. From an operational perspective, other key issues have emerged that demand the attention of
management and the board, including protecting from cyber-related risks and strengthening audit committee
practices.
In this dynamic environment, institutions are being challenged to continue to embrace change and stay focused on
their long-term institutional strategy. In that light, this edition also provides a glimpse into changing student
demographics and how they may impact the strategy and cost of an institution, as well as some thoughts on how to
ensure effective succession planning for executives. Additionally, the federal government continues to challenge
the way education in the United States is delivered and paid for, which is requiring all institutions to rethink their
strategy over the next five to 10 years. In our section on the outlook from Washington, we have highlighted several
of the proposed policy areas where boards and institutions should devote attention.
While each institution has their own unique set of issues, all educational institutions are currently contending with
a number of shared challenges. Notwithstanding the challenges within the industry, the U.S. higher education
system remains the envy of many countries. To maintain this global position, institutions must be proactive in
encouraging dialogue among their many different constituents on how to best position themselves to succeed in the
years ahead.
As a leader in providing audit, tax, and advisory services to the higher education and not-for-profit industry, PwC
has been honored to work with many of the nation’s premier educational institutions in addressing their most
pressing challenges. Our contributors to this paper are working with your peers on regulatory, tax, risk, and
operational issues and are in an excellent position to share trends, insights and perspectives. While this document
is not meant to be comprehensive, it draws upon our understanding of the diverse nature of higher education
institutions that have complex educational, research, and clinical activities, and we hope that it will serve as a broad
platform for discussing these issues.
I invite you to contact me at (646) 471-4253 with any questions or comments you may have.
John A. Mattie
National Higher Education and Not-for-Profit Practice Leader
PwC 2
Changing student demographics
Background
The profile of the today’s typical incoming college freshman is vastly different than that of 50 years ago. What was
predominantly a class of recent high school graduates from the U.S., has evolved into a group highly diversified in
race, age, and country of origin. As a result, individuals who were once considered non-traditional students have
become more and more the “traditional students.”
With the average student profile changing dramatically at many higher education institutions, colleges and
universities are reconsidering many of the practices and services that they provide to their students and alumnae.
The changing student profile has caused colleges and universities to change the way they serve students—including
curriculum adjustments, different lodging and dining options, and a broader level of services. A more diverse class
produces more diverse alumnae. As a result, institutions are changing the way they offer job assistance programs
and how they fundraise.
Educational institutions’ business models continue to be challenged with reducing costs, improving service, and
increasing the value to their students. Changing demographics and declines in high school graduates in the
Northeast and California have institutions concerned for the first time in two decades about attracting and
retaining students.
Impact on educational institutions
As the student profile evolves, institutions are tasked with understanding the impact diversity, demands of
students, and increases in non-traditional learners will have on their overall strategic student profile plan.
Changing demographics
Consider that in the next five years, public and private high school graduates will increase by more than 96,000
students—and in the next 10 years that number will grow to more than 250,000 additional high school graduates.1
With increases at this pace, why are college and university administrators concerned about enrollment at their
institutions? One reason is that the growth in high school graduates is not consistent across the country. The
traditional higher education hubs in the Northeast, Illinois, and California will experience the largest declines in
graduating high school seniors in the next five years. Enrollment in these states will experience a decline in
graduating high school seniors of approximately 3%, or more than 22,000 students.2
More than half of four-year private institutions reported that they were unable to meet their enrollment goals for
the fall of 2014.3 This is clearly impacted by the decline in graduating high school seniors. However, the inability to
meet enrollment goals goes beyond those enrollment numbers.
1 Brian T. Prescott and Peace Bransberger (2012). Knocking at the college door: Projections of high school graduates (eighth edition). Boulder, CO: Western Interstate Commission for Higher Education. Retrieved from http://www.wiche.edu/pub/knocking-8th-and-supplements. 2 Brian T. Prescott and Peace Bransberger (2012). Knocking at the college door: Projections of high school graduates (eighth edition). Boulder, CO: Western Interstate Commission for Higher Education. Retrieved from http://www.wiche.edu/pub/knocking-8th-and-supplements. 3 Noel-Levitz (2014). Fall 2014 New Student Enrollment and Retention Outcomes at Four-Year Institutions. Coralville, Iowa: Noel-Levitz. Retrieved from www.noellevitz.com/BenchmarkReports.
PwC 3
Mobility tracking indicates that more than 50% of first-year students attend a college or university within 100 miles
of their home. These rates increase further when the student is either African American or Hispanic and/or they
are coming from a low-income family.4 The demographics indicate that the fastest growing high school graduates
by ethnicity are Hispanic and Asian.
A 2002 National Center for Education Statistics report indicated that nontraditional students (i.e., students who do
not enter into college in the same year that they completed high school, attends college part-time, works full-time,
or is considered financially independent from their legal guardian) make up 73% of all students enrolled in
undergraduate programs. Additionally, 39% of all undergraduates are 25 years or older. Nontraditional students
tend to attend a college or university close to home.
With trends such as these, it is becoming more difficult for colleges and universities to attract students outside of
their traditional recruiting radius. These difficulties are more evident in Northeast and West Coast colleges and
universities.
Dining
Retention studies show that college dining is an important factor that is identified and studied in student
satisfaction. Students and staff desire a cafeteria that provides a welcoming atmosphere with all of the food options
that students had when they lived at home. Improvements to dining programs include renovations of existing
areas, creation of multiple dining facilities across campus, entering into contracts with various franchises to provide
more dining options, providing healthier food options, and instilling a sustainability program through eco-friendly
dining or local and organic dining. The demands from students are diverse and correlate with the diversity of the
student.
Lodging
Students are no longer complacent with facilities that have not been updated. Off campus housing options have
significantly increased in many college locations, resulting in institutions needing to build or renovate their existing
dorm spaces in order to meet the increasing student expectations. Statistics have shown that students who live on
campus are much more likely to be retained and graduate timely.
In order to meet student demands, institutions are redesigning new student housing, and are remodeling older,
traditional residence halls to include modern conveniences of home. Institutions are designing more single rooms,
providing private or semiprivate bathrooms, and significantly improving wireless access in dormitories.
Academic curriculum
Traditional cultural views continue to dominate the curriculum in higher education. As students become more
diverse, institutions are addressing views from different genders, ethnicities, and social classes. Specifically,
increasing diversity and globalization of the student base has triggered a change in curriculum to better understand
other cultures and backgrounds.
Technology
College students are more tech savvy than ever. Current traditional college-aged students do not remember a time
before smart phones. Noel-Levitz’s, “2013 Marketing and Student Recruitment Practices Benchmark Report for
Four-Year and Two-Year Institutions” identified through its survey of high school seniors, that the modes of
communication they consider “very effective” include text messaging and web site searches using their smart
4 John H. Pryor, et.al. (2012). The American freshman: National norms fall 2012. Los Angeles, CA: Higher Education Research Institute. Retrieved from http://www.heri.ucla.edu/monographs/theamericanfreshman2012.pdf
PwC 4
phone. Yet only 50% of colleges and universities send text messages and have a web site that is optimized for
mobile browsers. This stresses the importance for recruiting and teaching practices to keep pace with emerging
and popular technologies.
Financial aid
Students attending colleges have become more financially savvy. College-bound students have the internet at their
disposal and better understand the cost of attendance. Hence, financial aid has increasingly become an important
driver as to why a student selects a university. A study performed by the Parthenon Group identified the financial
aid process as a key area of potential improvement. The financial aid process often influences parents’ and
students’ first impressions of a college or university. Poorly organized financial aid departments and procedures
can lead to lasting dissatisfaction with an institution. Conversely, a well-run financial aid department that is
prepared to effectively communicate financial aid guidelines and decisions can be a factor in a prospective student’s
decision to enroll.
Our perspective
Students will continue to demand and desire better academic programs, services, amenities, and facilities. The traditional “one size fits all” service strategy that colleges and universities have embraced for decades is no longer attainable. As students’ backgrounds, academic and financial needs become more diverse, so do the services and costs required to attract and retain them. Therefore, it is critical that institutions have a strong understanding of their overall mission and diversification strategy.
Management and boards should be focused on their strategic student profile plan in both the short-term and in the next five to 10 years. Several of the more critical questions institutions should ask include:
What is the student demographic that the institution attracts? What is the driving influence for students’ decisions to attend the institution?
How do changing enrollment demographics, based on where the institution draws students, impact the institution’s two-, five- and 10-year enrollment numbers?
Is there something that the institution could change that would attract additional students? Would these changes and additional students result in a net increase or decrease in net income? If changes result in a decrease in net income, are the changes critical to the strategic student profile plan?
Has the institution polled both enrolled students and students who chose not to enroll to gain an understanding of the basis for their decision to attend or to not attend the institution? Do those results align to the strategic student profile plan?
Has the institution identified the services that students value most?
These types of questions about changing student demographics should be at the forefront of conversations when strategic decisions are being made by senior management and trustees.
PwC 5
Evolving audit committee practices
Background
The business and regulatory landscape continues to evolve at a rapid pace for educational institutions and certain other not-for-profit organizations. As such, audit committees have continued to transform and evolve in response to the changing environment in which their institutions are operating. Faced with increasing rules, regulations, and related compliance requirements, as well as a dynamic information technology environment, the depth and range of audit committee oversight is greater than ever.
Changing regulations and increasing compliance responsibilities will continue to require not-for-profits to reassess policies and procedures and increase the level of monitoring. Information technology risks in mobile computing, cloud-based technologies, cybersecurity, data privacy, and social media are increasing at a rapid rate. Keeping pace with technological change and the implementation of effective risk mitigation is proving to be challenging.
The changing business environment continues to create both challenges and opportunities for organizations. As institutions seek to maintain a competitive edge and explore new strategies, managing associated risks is essential.
Impact on educational institutions
As audit committee responsibilities have expanded to encompass additional oversight roles, their members have had to prioritize agendas and allocate time to maximize audit committee effectiveness.
The number and background of members on not-for-profit audit committees continues to be important to ensure appropriate coverage of information. The average not-for-profit audit committee has five to seven members. Many not-for-profit audit committees require at least one financial expert. Audit committees are re-assessing their definition of financial expert and incorporating elements of institutional risk and compliance in the definition. Increasingly, a greater number of audit committee members possess a broad knowledge of accounting, financial reporting, regulatory and institutional risk and compliance skills to ensure they understand the financial reporting process, financial statements, and related business risks.
Depending upon the size of the not-for-profit organization, many not-for-profit audit committees are meeting between three and six times per year. It is imperative to ensure the meeting is scheduled long enough to appropriately discuss issues and matters of importance. Some committees utilize agendas that include the meeting time expected to be devoted to each topic. It is also best if there is time built in for flexibility to extend discussions as needed. Other administrative considerations include advance preparation, limiting formal presentations, and focusing on a detailed discussion of key risk areas with the right individuals present to discuss the topic at hand.
In order to increase the efficiency of the committee, many are now using consent agenda items. Under this approach, committee members are expected to have read the materials and, if there are no questions, the committee does not have to discuss more routine topics. In addition, many committees are utilizing advance briefing materials to aid in advance preparation. The best briefing materials strike the right balance—communicating the information the committee needs, yet avoiding extraneous detail.
Ongoing education is important to enabling audit committee members to excel in their oversight roles. The financial statements of not-for-profit organizations are distinct from those of any other industry. Therefore, audit committee members will require industry education to ensure they have a clear understanding of the results presented in the financial statements and to make sure they are asking the right questions of the particular organization. In addition to the financial statement presentation, members need to be educated on regulatory and compliance risks unique to not-for-profits, and how the institution is addressing those risks.
PwC 6
Our perspective
The role of audit committees has become increasingly demanding. Leading audit committees are setting a strong tone at the top, owning their agenda, building strong relationships with internal and external auditors and compliance offices, and evaluating their informational needs and their own performance.
Many committees are considering changing their name from the Audit Committee to the Risk, Compliance and Audit Committee to give credence to the increased responsibilities regarding risk mitigation and institutional compliance.
Given the increased demands and expectations being placed on audit committees it is more important than ever to ensure the audit committee charter is updated periodically and explicitly states the responsibilities of the committee. Increasingly the audit committee charter includes more risk-related topics, including reviewing the results of compliance and regulatory audits conducted by third parties, reviewing hotline call activity including ensuring appropriate disposition of hotline calls, and reviewing and approving the compliance office (or equivalent) annual audit plan.
Audit committee meeting topics have also evolved over the past few years, with a clear shift in focus from the more traditional audit and financial topics to more risk-based topics. Agenda topics should now include such areas as conflict of interest, information technology, global operations, campus and student safety and intellectual property management. Determining which topics are most appropriate should be based on key risks identified through an enterprise risk management (ERM) process.
Specifically related to ERM, audit committees often have ultimate responsibility for overseeing the ERM program and ensuring management has sound practices in place to monitor the various types of risks. Audit committees should be updated at least annually on the ERM process at their institution. Ideally, a form of the update should include a discussion of the top risks the committee is charged with monitoring. It is important that the audit committee understand the reason for the exclusion of risks which were present in the past or inclusion of new risks, as well as the change in perceived severity of certain risks within the institution. It is also good practice to update the full board periodically on priority institutional risks and management’s mitigation plan.
Finally, it is a leading practice for audit committees to evaluate their own performance annually. This can be accomplished by comparing the activities performed against the charter, which allows the committee to take remedial action if necessary in the event an item was missed. Some committees also compare their own activities to leading practices of other institutions as seen through publications, surveys, seminars, and conferences. It is also valuable for committee members to discuss their performance among the members, as well as with management and others within the organization.
For further information on evolving audit committee practices in higher education, please reach out to your PwC partner or manager or any of the contributors to this Perspectives publication and ask for our recent whitepaper titled, “Next on the Agenda.”
PwC 7
Succession planning for executive leadership
Background
Executive leadership in higher education is on the precipice of change as many leaders at colleges and universities
are quickly approaching retirement age. According to a recent report by the American Council on Education, 58%
of college presidents are older than 61. This is a significant change from the mid-1980s, when only 14% of college
campus presidents were 61 or older. 5 Presidential tenures also have decreased in length. In 2011, the average
tenure of a college president was seven years, a decrease of 18% from just five years prior.6 In another survey,
conducted in 2013 by the National Association of College and University Business Officers, the proportion of chief
financial officers age 65 or older doubled from 5.4% in 2010 to 11.2% in 2013, and 37% of those individuals planned
to leave their position in the next four years.7 Yet another survey of chief information officers conducted in 2013
indicated that at least 50% of the current higher education CIO’s planned to retire within the next 10 years.8 Other
key higher education roles could also experience significant turnover including provosts, internal audit directors,
budget officers, and other vice presidents at institutions.
Given the aging leadership pool, educational institutions should focus on their succession planning processes and
transition readiness. Institutions would be wise to take a cue from the corporate environment, where executive
succession planning is a routine topic with boards of directors. Corporations frequently engage their directors to
gain perspectives on developing and establishing the proper criteria for future leadership. Once these criteria are
established, the organization’s current talent pool is often inventoried and assessed to evaluate whether or not there
are internal candidates that could be mentored to eventually step into leadership roles. These organizations then
provide training and experiences, so that individuals are challenged and are developing their professional skill sets.
Keeping the succession plan refreshed is also a key part of the process. Corporations frequently revisit the criteria
initially established to ensure it remains aligned with the organization’s strategic goals and current objectives.
The attention given to succession planning in the corporate world is not as common in higher education. Given the
unique skill set needed to operate successfully in the higher education environment, however, integrated succession
planning processes and ongoing dialogue is needed by the board of trustees and other members of senior
management. Ineffective planning can open an institution to a multitude of risks, including the loss of talent to
other institutions, under-staffed or vacant positions for large gaps of time, and challenges recruiting faculty or
donors. How an institution goes about selecting and grooming the next generation of successful leaders is a
question that higher education institutions should focus on now more than ever.
Impact on educational institutions
Senior executives at educational institutions have a variety of backgrounds, from former academics to business
leaders to politicians. Given the broad spectrum of the potential talent pool available, institutions are pursuing
5 http://www.acenet.edu/the-presidency/columns-and-features/Pages/All-Deliberate-Speed.aspx 6 http://www.acenet.edu/the-presidency/columns-and-features/Pages/All-Deliberate-Speed.aspx 7 https://www.insidehighered.com/news/2013/07/16/business-officer-survey-predicts-major-turnover-cfos 8 https://www.insidehighered.com/advice/2014/04/11/essay-urges-colleges-consider-succession-planning-cios
PwC 8
different paths to fill key executive roles. Many institutions employ an external search firm to facilitate their
pursuit of the proper executive. External searches cast a wide net, and use of these searches may bring a talent pool
that is not readily available internally at an institution. However, an external search for a senior executive may take
12 months or longer. Other institutions have started to develop formal internal development programs to groom
the next generation of executives. These development plans include such initiatives as mentoring strategies,
executive education programs, and rotations among various departments. Although the time to groom an executive
can be extensive, well-developed programs ensure an ongoing pipeline of talent within an institution.
Certain colleges and universities are also proactively involving the board of trustees to assist with generating
succession plans and thinking more broadly in terms of the talent pool that is available within an institution.
Trustees are assisting with answering such questions as:
What are the key positions that will need to be filled in the future, such as presidents, executive vice
presidents, provosts, chief financial officers, chief technology officers, chief investment officers, and other
vice presidents within the institution?
What are the key traits of leaders who have moved up and across the institution?
How can a succession plan be integrated into existing initiatives at the institution?
When will the resources be needed?
How long will it take someone to become acclimated to the institution’s culture?
What are the capabilities and competencies of the institution’s current talent pool?
What are the pivotal roles required to execute the institution’s strategy?
Which roles are the most challenging for recruiting talent?
What are the key factors for success in the institution?
These questions and others are at the forefront of discussions that certain institutions are having as they focus more
closely on leadership transitions. By going through a process of methodically evaluating questions such as these,
institutions are starting to outline and formalize their succession plans.
Our perspective
Succession planning should be a priority in order to build the right team to support the institution’s mission and
culture. Colleges and universities that are able to make a connection between the strategic focus of the institution,
their internal talent pool and their external recruiting pipeline will have the unique opportunity to shape their
future leaders. A systematic identification and definition of the necessary skills, knowledge and experience will
strengthen a thoughtful succession planning process. The following steps should be considered as plans are being
developed:
Identify key executive positions, such as the president, chief financial officer, chief technology officer, chief investment officer, provost, and other vice president roles, that will need to be filled in the future. Consider the roles of the current leadership team and whether or not any additional roles need to be added.
Align the institution’s strategic plan with its succession plan, including identifying the key traits of leaders who have moved up. The institution should evaluate how the strategic plan differs from other similar institutions, and pinpoint the qualities needed in its key executives to successfully implement the plan.
Evaluate the business strategy to identify talent needs by taking an inventory of any new strategic projects or initiatives. This should be done for both short-term and long-term goals. As a part of this inventory, specifically identify the types of talent needed to enable strategic changes as well as what core competencies are required to be successful in the specific role.
PwC 9
Project future needs for talent by creating a timeline. The timeline should incorporate when the resources will be needed, how long it will take to develop skill sets, and how long it will take someone to become acclimated to the institution’s culture.
Assess the current talent pool and conduct a gap analysis between what capabilities and competencies are present in an institution’s current talent pool versus the roles that need to be filled in the future. To the extent there are gaps identified, the institution should then proceed to identify which roles are the most challenging for recruiting talent, and consider what the market will look like and how it will affect the institution’s ability to acquire talent to fill the gaps.
Develop a talent acquisition strategy or, if one already exists, evaluate how it is working by reviewing the cost of the strategy and how it currently impacts employees. The talent acquisition strategy should consider key stakeholders.
Implement/monitor the succession plan, and as a part of that, identify who the decision makers are, and how the plan can most successfully be rolled out to a broader group. The plan should be monitored by developing key metrics that the talent pool should be measured against.
Ultimately, current executives and trustees should consider what has made the leaders of the educational
institution successful. Individuals identified as future leaders need to be sponsored so that they gain the training
and experience needed to execute their roles well. Opportunities to guide initiatives imperative to the core mission
of the educational institution or lead key strategic projects will allow individuals to “raise their game,” gaining
exposure to other key stakeholders and developing their ability to manage a multitude of tasks. In addition,
building a robust and thoughtful succession plan is a critical element of an institution’s enterprise risk
management. The inherent risks surrounding inadequate transition plans at the executive level are many, and
must be factored into the overall risk mitigation plans at an institution.
Implementing more formalized succession planning strategies will enable institutions to be proactive in developing
their future leaders and recruiting the top talent for their organization.
PwC 10
Regulatory compliance
Background
The regulatory spotlight continues to be focused on educational institutions. Congressional attention on colleges
and universities, both not-for-profit and for-profit, have challenged institutions to seek ways to improve operations,
maintain compliance and reduce costs. The SEC expects institutions to provide reliable information to
bondholders, and the IRS expects revenues to be appropriately spent. The Office of Management and Budget also
recently issued significantly revised compliance and audit requirements as part of President Obama’s goal to
modernize and streamline regulations and to focus on the elimination of fraud, waste, abuse, and improper
payments.
In light of such regulatory initiatives, educational institutions are under ongoing pressure to demonstrate their
compliance and accountability. The impact of actual or perceived failure of an institution to identify and manage
compliance functions could lead to a damaged reputation among various stakeholders, administrative or financial
sanctions imposed by regulators, and the potential for fines and penalties.
Most institutions are struggling to respond to the changing and increasing regulatory requirements, as well as the
continuing political and public focus. Adhering to these requirements and responding to regulatory scrutiny have
been difficult for many educational institutions and have strained internal resources. Colleges and universities are
continually implementing new policies and procedures and modifying existing financial and information systems to
accommodate new and revised regulations. This has resulted in the need for more data collection and enhanced
training.
Impact on educational institutions
The following is a high-level summary of selected accounting, reporting and regulatory matters on which
educational institutions are currently focusing their resources — or may need to focus their attention.
Financial accounting requirements The standard-setting authority for the financial statements of higher education institutions is divided between the
Financial Accounting Standards Board (FASB) for private institutions and the Governmental Accounting Standards
Board (GASB) for public institutions. The FASB works closely with the Not-for-Profit Advisory Committee (NAC), a
standing committee established in 2009 to ensure that the concerns of not-for-profit entities are considered when
developing new standards. The various standard setters involved in the higher education industry results in a lack
of comparability between public and private institutions and increases decision-making complexity for boards,
management, bondholders, and regulators attempting to understand the similarities and differences among
institutions regarding factors such as financial condition, business risks, and cash-flow prospects. Differences in
accounting for similar transactions by similar types of entities increase the risk that misstatements in financial
statements might arise and heightens the potential for misunderstanding reported information. Currently, both the
GASB and FASB have projects on their technical agenda that have the potential to significantly impact higher
education institutions, and could further diverge the accounting standards applicable to higher education
institutions compared to accounting standards applicable to other business entities.
FASB Standard Setting Update
In recent years the FASB’s technical agenda has been centered on the major convergence projects with the
International Accounting Standards Board (i.e., overhauling lease accounting, revenue recognition, financial
PwC 11
instruments, etc.). As these projects are winding down, the FASB’s agenda has been re-prioritized with a number of
new projects, as well as resurrecting older projects which were put on the back burner during the push for
convergence.
In 2014, the FASB kicked off its simplification initiative, the objective of which is to reduce cost and complexity
while maintaining or improving the usefulness of the information required to be reported in the financial
statements. A few of the FASB’s early proposals have been met with some resistance as simpler accounting
standards do not necessarily mean that determining how to simplify the standards will be easy, or that the impacts
will be inconsequential. Preparers should monitor these projects and assess the proposed changes during the
standard setting process to determine if there are any unintended consequences of the proposed simplification
items.
On April 22, 2015, the FASB issued an exposure draft of the Accounting Standard Update of the Financial
Statements of Not-for-Profit Entities (the “Proposal”). The Proposal, which originated based on feedback from the
NAC, is intended to improve the financial reporting of all not-for-profit (“NFP”) entities and focuses on net asset
classification requirements and information provided in financial statements about liquidity, financial performance
and cash flows. Underlying the Proposal is a newly-defined intermediate operating measure that would be required
for all NFPs. The operating measure would align the classification within the statement of activities with how
transactions are reported in the statement of cash flows.
While some of these proposed changes reflect areas of reporting that are unique to not-for-profit organizations,
others deal with changing aspects that are fundamental to the underlying U.S. reporting model, for example, the
proposed changes to the cash flow statement and required operating measure. At present, all of FASB’s
constituents – SEC registrants, private companies, and not-for-profit entities – use the same basic financial
reporting model, tailored as necessary to reflect unique characteristics or needs of a particular constituency. The
FASB is in the early stage of deliberations for changes to the for-profit entities financial reporting model. We
believe that educational institutions, and their audit committees, should familiarize themselves with the FASB
proposal, as several of the proposed changes represent significant changes from current financial reporting and
could be a sign of potential change commercial enterprises may be required to comply with in the future.
For further information on the impact of the exposure draft of the Accounting Standard Update of the Financial
Statements of Not-for-Profit Entities, please visit PwC’s website for the “Point of View” document titled “The
financial reporting framework: Could changes to the not-for-profit model impact for-profit entities?”
http://www.pwc.com/en_US/us/cfodirect/assets/pdf/point-of-view-not-for-profit-standard-reporting-changes.pdf
GASB Standard Setting Update
The GASB’s technical agenda includes a variety of different projects, many of which will directly impact public
higher education institutions. Some of the more significant projects include: accounting and reporting for
irrevocable trusts, blending requirements for business type entities, lease accounting, post-employment benefits
and asset retirement obligations. The GASB also has recently issued Statement 72, Fair Value Measurement and
Application, which will substantially align the fair value concepts between FASB and GASB preparers and will
require the majority of investments to be reported at fair value.
Currently, one area in which the accounting and reporting principles remain largely converged between public and
private institutions relates to property, plant and equipment, including leasing transactions. The GASB is currently
following the FASB in re-examining the lease accounting guidance. In November 2014, the GASB issued a
preliminary views document outlining views on lease accounting. While the proposal is similar to the FASB’s
proposed lease accounting standard in many ways, it diverges in terms of expense recognition. With the GASB
opting for a single model, meaning that all expenses associated with leasing transactions would be recognized
similar to capital leases today, the FASB has decided on a dual model similar to what we have today.
PwC 12
Importance of Stakeholder Engagement
Given the significant and potential impact on higher education institutions of the projects on both the FASB’s and
GASB’s agendas, the activities of the Boards should be closely monitored. Institutions should contribute to the
process to help enhance the overall efficiency of standard-setting by providing input on what could be unintended
consequences of the proposed changes. Early participation in a standard’s development can greatly impact the
direction and ultimate outcome and quality of the final standard. Feedback on the specific impacts of a proposed
standard to an institution is particularly valuable to the standard setting Boards and can help ensure the needs of
higher education financial statement preparers and users are appropriately reflected.
IRS items
President’s Proposed FY16 Budget: There have been a number of legislative proposals in the past year that
could potentially impact colleges, universities and other tax-exempt entities. Earlier this year, President Obama
announced his proposed budget for FY16. The budget contains numerous proposals affecting tax-exempt
organizations, including colleges and universities. The proposed budget must be approved by Congress before
taking effect, but it does reflect some areas of interest that have been addressed in other proposals as well. The
proposed budget includes:
Requiring that colleges and universities report on IRS Form 1098-T amounts paid rather than amounts
billed for qualified tuition and related expenses
Disallowing the deduction for contributions that entitle donors a right to purchase tickets to sporting
events. Currently, donors may deduct 80% of any such contribution
Placing a 28% cap on charitable deductions
Limiting the exclusion of tax-exempt interest for municipal bonds to 28%
Providing an exception to the private business limits on tax-exempt bonds for research arrangements
Form 1098-T: In recent years the IRS has directed increased scrutiny to colleges’ and universities’ 1098-T filings.
This scrutiny includes issuing notices and proposed penalties for each return with missing or incorrect TIN
information. The penalty for filing an incomplete or incorrect Form 1098-T is $100 per form with a maximum
penalty of $1,500,000 per year ($500,000 for organizations with average annual gross receipts of $5 million or
less).
Affordable Care Act: Under the employer shared responsibility provisions, employers having 50 or more full-
time-equivalent employees) must offer affordable, minimum value health coverage to their full-time employees or a
shared responsibility payment, which may apply if one or more of its full-time employees receives a premium tax
credit to assist the employee in obtaining insurance on a health insurance exchange. Starting in early 2016
(reporting on 2015), employers are required to provide a Form 1095-C to each full-time employee and other
employees covered under a self-insured health plan, and to file Form 1094-C with the IRS, transmitting to the IRS
copies of the Forms 1095-C. It is critical for employers to understand the requirements, as these reports will be
used by the IRS to enforce the employer mandate.
Employers need to prepare the required data and design the ongoing reporting process now in order to be ready for
2016 reporting. The information required to complete the forms for 2016 relates to monthly snapshots of employee
status and healthcare coverage offered in 2015. Employers need to focus now on the information that will be
required, how the information will be obtained and reported, and the various reporting options that may be
available.
PwC 13
Final Section 501(r) Regulations: Internal Revenue Code (IRC) Section 501(r) imposes requirements that
nonprofit, tax-exempt hospitals, including academic medical centers, must satisfy in order to remain tax-exempt.
The Final Regulations address financial assistance policies, billing and collection practices, limitations on charges,
and community health needs assessments. The final regulations differ in some ways from earlier IRS guidance.
Organizations that operate hospitals should carefully review the final regulations, assemble a team, and develop a
plan to ensure the hospital meets all requirements.
Federal award compliance and audit requirements
On December 26, 2013 OMB published its “Sweeping Reform” guidance, “Uniform Administrative Requirements,
Cost Principles, and Audit Requirements for Federal Awards” (the Uniform Guidance document). This represents
the culmination of a process undertaken by OMB to accomplish several objectives. These objectives include
streamlining existing federal administrative, cost, and audit circulars, reducing administrative burden, and
reducing the risk of fraud, waste, abuse, and improper payments. The document includes a substantial section
devoted to comments received from stakeholders, and OMB’s and the Council on Financial Assistance Reform’s
considerations when deciding whether or not to implement the comments received.
The Uniform Guidance document replaces several existing OMB circulars, including the administrative circulars A-
110 and A-102; cost circulars A-21, A-87 and A-122; and the non-federal audit circular A-133. The effective date of
the cost and administrative portions of this guidance is December 26, 2014 for new awards and funding increments
issued on or after that date. The effective date for the audit guidance is audits of fiscal years beginning on or after
December 26, 2014. On December 19, 2014 OMB published technical corrections to the Uniform Guidance and
most Federal agencies published their specific adoption of Uniform Guidance largely as issued by OMB. The
Uniform Guidance includes numerous changes from existing compliance and audit rules that each institution
should be considering and planning to implement. The more significant items are included below:
Federal agencies must provide award performance goals, indicators and milestones, and recipients must
relate award financial data to the performance goals and provide cost information to demonstrate cost
efficiencies. There is some relief for research and development awards.
Procurement requirements are largely taken from A-102 rather than A-110. Because of this, there is much
more emphasis on competition and competitive bids.
Recipients must maintain effective internal controls. COSO and the Federal Green Book (Federal agency
internal control framework) are listed as two examples that “should” be followed as a best practice.
Subrecipient monitoring has largely not changed and there is specific emphasis on performing a risk
assessment of each subrecipient. Subrecipients must be paid a minimum indirect cost rate of 10%.
The traditional three examples of effort reporting have been removed. Emphasis is placed upon using
existing payroll distribution systems, and strengthening internal controls to assure an accurate distribution
of payroll.
OMB has revised the Compliance Supplement to consider the compliance change brought by Uniform
Guidance. The procedures are designed to focus on and have greater emphasis on the goal of reducing
fraud, waste, abuse, and improper payments.
The new Uniform Guidance represents the first time in decades that OMB and the federal agencies have focused on
reducing the burden of compliance and audits while still achieving effective program management and
accountability of public funds. The changes are extensive, and many of them will require institutions to take a
critical look at their internal compliance structure, processes, and policies to determine where change is required to
existing institutional practice.
PwC 14
Given that Uniform Guidance is now effective, institutions should be examining each of the more significant items,
and should develop an implementation plan and timetable. These plans should include training of both financial
and compliance administrators, as well as the faculty and investigators who carry out the work of the federal
awards. Some of the new requirements, such as those in the procurement area, will need to be applied to all federal
awards rather than just those awards received after the Uniform Guidance effective date because of the difficulty
with maintaining two separate compliance policies.
In addition, the greater emphasis on internal control best practices will necessitate a review of internal controls
over compliance at a minimum, to determine where there may be significant gaps that should be addressed.
DATA Act
During 2012 and 2013, the House and Senate each issued versions of the Digital Accountability and Transparency
(DATA) Act. The intent of the Data act is to amend the 2006 Federal Funding Accountability and Transparency Act
to further increase transparency of federal spending by federal agencies and the recipients of federal awards.
During May 2014, the House and Senate reconciled their respective versions and President Obama signed the
DATA Act into law on May 9, 2014.
The Data Act includes the following:
The OMB and Treasury Department are to develop government-wide financial data standards for federal
agencies and recipients of federal funds to use for reporting. Common data elements will be mandated for
use in financial reporting and payment information by all federal agencies.
The new data standard must incorporate a “widely accepted, nonproprietary searchable platform —
independent, computer readable format,” such as XBRL. This is similar to the electronic data tagging and
reporting mandated by the SEC for public companies several years ago.
There is a three-year development period that includes a pilot study to be conducted by OMB to determine
the feasibility of pushing the electronic tagging and reporting down to the recipients’ funding.
The DATA Act, when fully implemented by federal agencies, will significantly increase the visibility the general
public has into federal spending and undoubtedly will impact the federal award decisions made in the future.
Our perspective
The attention to educational institutions from Congress, the President, and other regulatory bodies is not slowing
down. While some legislation is in progress to streamline compliance requirements and reduce the financial
burden, other in-progress legislation, as described previously in this paper, will result in more compliance
requirements and added cost of implementation. Therefore, when the opportunity arises, educational institutions
should continue to be vocal with regulatory bodies and political leaders as to their perspectives on proposed
changes and the regulatory cost associated with such changes. In the meantime, institutions will need to continue
to be vigilant in enhancing internal controls over compliance.
In connection with the development of an organizational framework for institutional compliance, educational
institutions should continue to develop other proactive responses to manage and monitor regulatory compliance.
Institutions should consider the following to enhance overall compliance and reduce the financial, operational, and
reputational risks associated with noncompliance:
Stay abreast of new regulatory developments and ensure their voice and points of view are heard through
industry associations and political influences.
PwC 15
Continue to educate trustees, faculty, and staff of the ever-changing regulatory environment to ensure there
is the appropriate level of focus on compliance with not only external rules and regulations but also internal
policies and procedures.
Determine who is responsible throughout the organization for compliance with rules and regulations and
whether actions are needed to improve or maintain compliance.
Assess key exposures and implications to the institution from an operational, financial reporting, and legal
perspective, and respond to these exposures through risk management programs, involvement of
appropriate parties with the identification and monitoring of risks (including senior management, internal
auditors, and other key departmental administrators), and establish ongoing programs to mitigate
potential noncompliance.
Identify best practices for appropriate compliance metrics and other means to track and report the
processes and procedures associated with regulatory compliance.
While educational institutions are not SEC registrants, many are considered “public interest entities” due to their
issuance of tax-exempt municipal bonds and other factors. As a result, institutions must be cognizant and proactive
with respect to the level of reporting, controls, and compliance responsibilities associated with this designation.
PwC 16
Institutional compliance
Background
The legal and regulatory developments of the past several years have debunked the notion that higher education
institutions are not heavily regulated. Rather, what has emerged is a “hyper-regulated” sector that is struggling to
keep up with increasing legislative activity and heightened levels of regulatory scrutiny. Once focused largely on
the multitude of federal laws and regulations governing their operations, educational institutions are now receiving
greater attention from other parties, including state law makers, accrediting organizations, and regulators seeking
to enforce greater standards of oversight and accountability. Moreover, the traditional areas of regulatory scrutiny
that have long been the focus of education compliance programs, such as financial aid, conflicts of interest,
sponsored research and athletics, are becoming increasingly more complex for institutions to manage and are more
likely to invite regulatory inquiry. Layered on top of these traditional compliance requirements are several
additional areas of focus and trends in institutional compliance:
Unprecedented focus on student safety and campus security: A significant amount of current legal and regulatory focus is directed at student and campus safety issues. The Department of Education (the Department) has committed to extending its enforcement of Title IX, a law that prohibits sexual discrimination at any educational institution accepting federal financial assistance. Over the past year, the Department’s Office of Civil Rights has been investigating upwards of 65 institutions regarding their handling of sexual assault cases.9 Likewise, campus reporting requirements under the Clery Act, a 1992 law which requires higher education institutions to comply with certain campus safety and security requirements if accepting federal funds, were expanded by the Obama Administration in 2014 to require broader reporting and transparency from colleges and universities when reporting crimes on campus.10
Data privacy and information security: The challenges of data privacy and protecting personally identifiable information (PII), protected health information (PHI), and proprietary institutional data have become exponentially more challenging for colleges and universities within the past year. No longer just a concern of the corporate world, higher education institutions have experienced increased frequency of, and impact from, hacking and data breaches. Privacy and information security are now ranked among the highest compliance risks in terms of perceived level of threat to higher education institutions.11 We discuss this further in the Cybersecurity section of this publication.
Global expansion: Higher education footprints are expanding globally, as U.S. colleges and universities continue to develop new academic and research programs in unique international locations. In turn, compliance program owners at those institutions are wrangling with new and varied regulatory frameworks, as well as unfamiliar and unpredictable enforcement agencies, in global jurisdictions that their institutions enter.
New learning models and partnerships: With the rapid evolution in technology, a new frontier of higher education has developed in the form of online and distance learning. Once considered a niche model for education, online and distance learning have become highly cost-efficient and approachable alternatives to traditional brick-and-mortar education, with many highly recognized institutions recently launching such programs. This new frontier in higher education creates additional risk and exposure not addressed by traditional compliance programs. Similarly, this new frontier has also led to the formation of
9 Department of Education Press Release, May 1, 2014 10 Department of Education Press Release, October 20, 2014 11 PwC 2014 State of Compliance Survey.
PwC 17
new partnerships among higher education institutions and third parties, thus raising additional compliance risks and obligations.
These emerging trends, coupled with the traditional focus areas of higher education compliance programs, are
causing trustees and administrators to evaluate how their organizations manage and respond to compliance risks.
Most institutions recognize that as the complexity of their environments increase, they must better and more
thoroughly evaluate how their compliance programs are structured and whether and how their organizations are
managing risks in an effective and cost efficient manner.
Impact on educational institutions
The stakes have never been higher for colleges and universities to ensure they maintain effective compliance
programs to protect their brands and reputations. As a result, there has been a noticeable shift in focus by boards
of trustees and their audit committees toward proactive risk management. Rather than awaiting the next big legal
or compliance issue to spur change, governing authorities at educational institutions are beginning to challenge
their administrators to consider more proactive programs for managing risk. This shift, in turn, has resulted in the
development of more formalized and programmatic approaches to compliance-related risks.
To help manage these compliance programs, a greater number of colleges and universities have begun to develop
standalone roles dedicated to the oversight of compliance. Several educational institutions have designated a head
of compliance with responsibility for institutional compliance, while even more colleges and universities have
formed in-house compliance committees to better support compliance program efforts.12 By having an individual
tasked with oversight and a committee to support such a compliance leader, it is clear that higher education
institutions are moving toward a more structured approach to managing compliance risk.
Taking this more structured approach to compliance governance a step further, many colleges and universities are
also aligning compliance resources to their highest risk priorities. For example, for institutions with significant
research capabilities, schools have aligned dedicated resources to help manage compliance requirements in the
research setting. The responsibilities of this function typically include adopting sound policies and procedures,
providing training on those policies and procedures and developing monitoring and auditing plans. While the day-
to-day management of these specific compliance risks is delegated to a specific leader in a functional area, the
connectivity and linkage back to an institutional compliance program helps create consistency in policy, process
and communication.
Institutional compliance programs are also leveraging a greater number of compliance monitoring activities and
data points to help assess compliance program effectiveness. Of note, higher education organizations are
monitoring and gaining value from risk assessments, compliance audits and regulatory visits that, in turn, provide
valuable inputs to help inform the direction of, and drive improvements to, their compliance programs.13
Our perspective
The need for compliance program governance and oversight has reached an important juncture within higher
education. Instrumental to that governance and oversight is a higher education institution’s board of trustees or
audit committee. In line with governance trends both within higher education and in other sectors, colleges and
universities should seek to have some level of expertise regarding risk and compliance among its board and/or
audit committee members. Likewise, there should be a common understanding among board and/or audit
committee members that they have overall responsibility and accountability for ensuring the existence and
effectiveness of their institution’s compliance program. This obligation is not simply leading practice, but is
12 PwC 2014 State of Compliance Survey. 13 PwC 2014 State of Compliance Survey.
PwC 18
ultimately an expectation of the U.S. government: a governing authority must “be knowledgeable about the content
and operation of the compliance program.”14 To execute on this responsibility, the board and/or audit committee is
well advised to meet regularly with compliance program owner(s), to ask the right questions of institution
administrators regarding the management of key compliance risks and to better understand the scope of
compliance program activities through regular and meaningful updates, communications and training activities.
In addition to strong board-level governance around the compliance program, higher education institutions should
also ensure that oversight and management of program operations are delegated effectively. As supported by
recent PwC survey data, formalized compliance program oversight in higher education is becoming more the norm
and several models have emerged:15
Centralized Model: In this model, under the leadership of a designated Chief Compliance Officer (CCO) (or other designated individual) and their supporting staff, the oversight of compliance program activities flows through a central resource and support is often provided by a cross-functional compliance committee. Neither the CCO nor the compliance committee should own all compliance program activities. Instead, these activities should be driven by those functional areas of the institution with the requisite knowledge and understanding of the applicable compliance risks (i.e., research, athletics, financial aid, etc.). While these functional areas are responsible for the ongoing execution and monitoring of compliance program activities within their designated risk areas, they should consult regularly with the CCO and provide meaningful and regular updates to the CCO, as well as to institutional leadership. In addition, the CCO and his or her supporting staff should have ownership for certain key compliance program elements (i.e., code of conduct, hotline, and investigations) that help serve and advance compliance responsibilities of those functions. Although the centralized model is not as common in higher education, more institutions are considering a model that includes a designated individual responsible for overseeing institutional compliance.
Decentralized Model: A decentralized compliance program places the responsibility for implementing
and overseeing the compliance programs within the functional areas of the institution, with no centralized compliance function (i.e., a CCO) to coordinate or with which to consult. Functional leaders then must report to executive leadership, and in certain cases, to the board and/or audit committee, regarding the specific risk areas and/or compliance program activities for which they have ownership. These functional leaders have responsibility within their unit for compliance training, adoption of procedures and systems to promote compliance, mechanisms to enforce rules and monitoring programs to evaluate compliance. Procedures established within the unit are reported to an administrative officer (i.e., the president or executive vice president).
Hybrid Structures: Most institutions today rely on hybrid compliance program models that suit the unique structure of the specific institution. In many cases, this model entails centralization of key compliance program elements (i.e., written code of ethics or conduct, hotline, central auditing process to test compliance) and decentralization of the more regulatory-focused compliance program elements within individual units (such as compliance functions within research, athletics, and financial aid). A hybrid structure often includes a compliance steering committee which has oversight of the organization’s overall compliance program. Oversight for specific and technical risk areas resides within leaders or departments that have the specialized knowledge (i.e., research requirements, NCAA regulations, etc.). The steering committee often evaluates the strengths and weaknesses within a departmental program, and works to standardize important tasks such as training, policies, and enforcement.
As higher education institutions continue to adopt more formalized compliance programs and consider different
models for driving those programs, it is crucial that the boards and/or audit committees overseeing the process
fully understand and assess the impact that the programs will have on both internal and external stakeholders.
14 Federal Sentencing Guidelines Manual § 8B2.1 (2015) 15 PwC 2014 State of Compliance Survey.
PwC 19
From an external perspective, the adoption of a formalized compliance program will undoubtedly be viewed as a
positive step by regulators and accrediting organizations in advancing institutional risk management. Likewise,
having a publicly-facing compliance program helps assure prospective students, employees, vendors and business
partners that the institution values its brand and reputation and is committed to upholding the laws and
regulations in those locations where it operates.
From an internal perspective, the process of adopting a formalized compliance program provides great
opportunities to strengthen institutional relationships, to improve communication and culture and to help the
organization achieve its strategic objectives. Critical to achieving these results is the need to garner early buy-in
from key functional areas and individuals at the institution, both within the administration and the wider academic
community. The most effective compliance programs are the result of strong collaboration and common
understanding among stakeholders as to the purpose, mission and value proposition of having an institutional
compliance program. Without socializing the concept and providing opportunities for input across the institution,
there is a greater likelihood of confusion and resistance when the organization launches its compliance program.
Regardless of the decision to implement a centralized, decentralized or hybrid structure, the end goal for any
institutional compliance program is to effectively manage compliance risk. To achieve a successful compliance
program, institutions should consider the following key attributes:
Risk assessment: Institutions should be taking stock, on a regular basis, of their compliance risks and validating ownership and effective management of those risks. For some institutions, this exercise is now part of a broader ERM program that seeks to look at risk more broadly than just compliance. For other institutions, this exercise is performed as part of a more detailed compliance risk mapping or risk assessment initiative that is separate from ERM. In both cases, the end goal is the same: identify compliance risk areas of top concern and ensure ownership and appropriate risk mitigation activities. The results of the risk assessment can also help build the compliance work plan, as well as allocate limited resources to identified gaps. Once the risk assessment is performed, formal accountability for identified compliance risks should be assigned to specific leadership positions within the organization, and a process for monitoring and reporting on the highest priority compliance risks should be developed.
Policies and procedures: Despite varying appetites in higher education for formalized policies and procedures, the adoption of core compliance policies and procedures is important to creating structure and awareness as to institutional standards and expectations for behavior. At a minimum, institutional compliance programs should adopt a code of conduct, as well as specific policies focused on key risk areas, such as whistleblowing and investigations, conflicts of interest, privacy and security and discipline. These policies should be communicated and applied institution-wide. Other compliance policies may be developed to address specific compliance risks and applied through procedures at a functional level. Formal disciplinary protocols to address deviations from adopted policies and procedures should be developed and communicated to both faculty and others working throughout an institution.
Training and communication: To best ensure there is widespread and consistent familiarity with the policies and procedures of an institutional compliance program, formalized training and communication efforts are necessary. Training should be tailored to the appropriate audiences (i.e., code of conduct for a broad audience and more policy-focused training to impacted areas of the institution), and can take different forms or approaches (i.e., online versus in-person). Similarly, an organized and well-coordinated communications plan can help to establish and evidence an appropriate tone-at-the-top and to raise compliance program awareness through different communication vehicles.
Depending on an institution’s prior compliance issues and level of compliance program maturity,
implementing these key attributes could already be complete or, alternatively, could be part of a more gradual
build-out process. However, the evidence and data in higher education suggest one important reality:
institutional compliance programs are becoming a foundational element to the strategic vision and culture of
high-performing colleges and universities.
PwC 20
Cybersecurity
Background
Recent high-profile data breaches have highlighted the threat faced by the retail, health care and entertainment
industries. However, few are aware that approximately 35% of all data breaches take place in the higher education
arena, a number exceeding both the governmental and financial and insurance sectors.16 According to the Privacy
Rights Clearinghouse, educational institutions experienced 727 breaches in the 10-year period ending in 2014,
representing more than 14 million breached records.17 Affected parties included universities, vocational schools,
and school districts, as well as other not-for-profits operating in the education sector.
The three most common causes of higher education data breaches are hacking/malware, unintended disclosure,
and portable devices.18 Higher education institutions are vulnerable targets as they have numerous network access
points that open the door to a wide array of personal, financial, and intellectual property data. In many cases, the
data is highly decentralized, making it especially susceptible. Additionally, the expanded use of personal devices
used by faculty and students to connect to an institution’s network has increased the risk of malicious attacks.
The legal and regulatory landscape is quickly changing to respond to the growing threat of data breaches.
According to the Data Quality Campaign, in 2014, 36 states considered student data privacy bills, while 20 states
enacted such bills. Additionally, an increase in legislation regarding personally identifiable information (PII),
including the Family Educational Rights and Privacy Act (FERPA), and the Student Online Personal Information
Protection Act (SOPIPA), has made data security an even greater priority. FERPA provides parameters for what is
permissible when sharing student information, but it does not prohibit sharing data across agencies. SOPIPA,
enacted in California, prohibits websites, online services and apps from using student information for creating a
commercial profile or for targeted advertising and from selling student information. SOPIPA is widely regarded as
being the first truly comprehensive student data privacy legislation.
Given the increased regulatory environment and susceptibility to data theft that institutions face, data security
policies, practices and controls continue to receive significant attention at colleges and universities.
Impact on educational institutions
In response to the aforementioned threats, many institutions are looking to cloud service providers to help manage
and maintain their systems and data. There are a number of risks that institutions are considering when moving
data to a third-party including data ownership, multitenant environments, regulatory requirements, service
provider access, availability, audit requirements, and many others. Institutions must be aware of the relevant
security- and privacy-related controls service providers are using to manage risk. Institutions need to not only ask
initial questions about security controls when selecting a service provider, but also validate and test the existence of
these controls throughout the lifetime of the relationship.
16 James Bourne, “Business data breaches get more expensive each year: The state of enterprise security”, http://www.appstechnews.com, (January 28, 2015).
17 “Just in Time Research: Data Breaches in Higher Education”. Educause Center for Analysis and Research. http://www.educause.edu, (May 20, 2014). 18 James Bourne, “Business data breaches get more expensive each year: The state of enterprise security”, http://www.appstechnews.com, (January 28, 2015).
PwC 21
Despite the growing pervasiveness of cloud-based solutions, in-house or commercial off-the-shelf applications still
make up the majority of the systems used by educational institutions. These traditional systems and applications
are being assessed for security and privacy concerns. This internal risk assessment process is in the infancy stage at
many colleges and universities. According to a March 2014 survey of colleges and universities conducted by the
SANS Institute, only 45% of respondents had a formal risk assessment policy. Additionally, PwC’s 2014 Global
State of Information Security Survey found that 42% of the educational institutions surveyed are performing
internal risk assessments of information technology systems.
While most regulations do not require compliance with specific security control frameworks, institutions are
considering the ISO 27002 information security standard and the NIST 800-53 security framework. There are
many other information security frameworks available to help organizations define and develop their security
control environments and mitigate and manage IT risks, but the NIST and ISO frameworks are two of the most
commonly adopted. As organizations continue to support, develop, and manage applications in their own
environments, they continue to assess and ensure the security of such systems.
Our perspective
Educational institutions are challenged by a culture of open systems and access versus the threats and risks posed
by attacks on systems that hold and maintain valuable information. The movement to more secure platforms
operated by other companies is expected to continue to grow, moving sensitive systems and data to third-party
cloud providers. Therefore, the security and protection models used in the past will have to change. Institutions
should consider incorporating the following foundational programs into their information governance program:
Stratify and segment data and systems – Institutions must understand the various types of data they are
responsible for (data and systems managed in-house, as well as those outsourced to third-parties) and identify the
appropriate security and control framework that each of these types of systems and data must meet or exceed.
Assess existing systems for breaches – Institutions must consider there is a probability their systems have
already been breached, and a monitoring program should be put into place to periodically scan for system breaches.
This could include a breach indicator test, which goes further than a traditional attack and penetration test.
Build a security framework – Institutions must have a baseline security appetite and to develop this appetite,
management must be aware of the risks the institution faces, the threat vectors on how the institution can be
attacked, and the controls in place to protect against those threats and risks. Most institutions do not have a
security framework in place that is down to the control level of key technology devices that can be monitored and
audited to ensure they meet the risk appetite established by the institution.
Monitoring risks at third-parties – Institutions must undertake proper monitoring of all their third-party
vendors who manage and protect the institutions’ data and systems. This includes technical security assessments,
privacy assessments, and having a detailed understanding of the security framework and controls in place to
protect the data and systems they are responsible for. Clear roles and responsibilities for overseeing, monitoring,
and managing third-party relationships need to be defined, documented and communicated.
As the number of data breaches continues to rise and new legislation emerges around the protection of student
data, institutions are required to demonstrate a higher standard of due care to protect this data. Regular risk
assessments and robust security controls are one way of demonstrating such care. In order for institutions to
provide the protection needed to meet the evolving threats and risks, it is imperative for them to deploy a risk
management program for information and privacy, similar to other risk programs in place. An institution cannot
rely on yesterday’s practices to combat today’s threats.
PwC 22
Information technology
Background
Dramatic advances in information technology and the related pace of change has stretched all industries to keep up
with the expectations of consumers, the ever-increasing costs, and the overall risks and rewards of the latest
technology. Higher education is seeing the broad effects of how technology is changing the way in which students,
faculty, researchers and administrators go about their business. This section highlights three information
technology priorities – mobile devices, cloud computing and ERP systems – that are currently demanding
significant attention from educational leadership.
A simple glance at the latest smartphone is evidence of the amazing technological and economic change agent at
hand. These devices and the legions of individuals using them are changing the way we interact. From hailing a
taxi, to booking a flight, to registering for a class and reading a textbook—all are made simpler and more efficient
through the use of these devices. Mobile devices are now in the hands of 98% of Americans under the age of 30,
with smartphones and tablets growing as the preferred communication and computing devices. As a result, how
and where the higher education population receives information and communicates has changed, and the
commingling of personal and professional use of devices is becoming the norm.
Cloud computing is also gaining significant attention in higher education. Cloud technology has two main
characteristics—the services are priced on a subscription basis and are delivered via a network connection. The
facilities, equipment and labor to produce the cloud service are provided by the vendor and the client is relieved
from managing the complex technical infrastructure. Seeing an opportunity, new cloud-based vendors are selling
flexible and user-friendly offerings that avoid much of the heavy startup and maintenance costs of the traditional
ERP systems. Cloud systems are generating a wave of change across the higher education marketplace as
institutions look for ways to improve IT capabilities and reduce operating costs.
Despite the growing appetite for cloud computing, ERP systems are still at the core of many institutions’ daily
operations. These are the systems that track revenues and expenses, fixed assets and human resource data, among
other key financial and operational information. As many systems in higher education are antiquated, the pace of
large ERP system implementations – from student services to financial systems – has quickened. The cost for such
large system upgrades and implementations has grown exponentially, causing trustees and senior leadership to
play a proactive and deeper role in overseeing the information technology environment.
Impact on educational institutions
The freedom and capabilities of mobile devices and the increasing flexibility provided by cloud and ERP systems
are affecting how educational institutions strategize around technology. The ubiquity of mobile devices, the speed
at which change occurs and the lower entry cost provided by cloud systems has increased the need for institutions
to be nimble, as well as proactive when managing their technological plans and related goals. Summarized below
are several ways educational institutions have been impacted by these changes.
Mobile Devices: The arrival of mobile systems has launched a frenzy of change in higher education. Textbooks are
replaced with e-books, video and websites. Lectures are recorded and available for wider audiences. Massive open
online courses are a new source of competition and opportunity. Mobile apps are also being used to further engage
alumni and donors in the college and university experience.
To address this rapid change, colleges and universities are rethinking how and where education and business are
conducted. As an example, with over half of all applicants reviewing colleges and universities via their
PwC 23
smartphones, the mobile experience is critical to institutional branding. Investments are being made to make
campuses mobile friendly, including institutions publishing their own applications providing course catalogs, maps,
library searches, and personalized class schedules. Institutions are also addressing the need for immediate access
to information by providing systems that are always on and available.
Cloud systems: Institutions are increasingly adopting cloud services to take advantage of low entry cost and capital
outlay, as well as flexibility. Such items as email, collaboration systems, websites, alumni tracking and
administrative systems are starting to move to cloud services. Institutions are also using cloud-based solutions like
YouTube channels and Facebook pages as part of their communications and brand management work.
The market place for Cloud systems continues to grow and provide new opportunities for colleges and universities
to innovate and adopt more efficient solutions. The increased sophistication and reliability of cloud solutions is
providing institutions with the ability to offer immediate access without expanding data centers and staff.
ERP: ERP systems are being influenced by both mobile and cloud computing. Institutions are finding new
entrants that are offering cloud-based ERP systems, thus increasing competition in the market. In response, the
traditional ERP vendors are working to produce or improve their own cloud offerings.
Institutions are finding there are more choices of ERP systems and how the ERP systems are delivered. The
upgraded ERP systems offer improved user interfaces and richer capabilities than previous systems. Regardless of
the vendor, product or delivery model selected, an ERP implementation is a major endeavor. A well-crafted
architecture, disciplined program management and strong executive support remain critical success factors for an
ERP implementation project.
Our perspective
Change and opportunity are often linked. Institutions that provide a great mobile experience for their students and
staff will have an advantage over institutions that are behind the curve. Upgraded ERP systems and cloud-based
systems can help deliver the access that is demanded in today’s society.
Consistent with other industries, higher education is challenged to keep pace with the current information
technology environment. Institutions need to continually review their information technology portfolio and make
changes to remain competitive with current technology. New ways in which individuals interact with technology on
mobile devices provide opportunities to develop competitive advantages. Mobile devices provide the means to
integrate visual, audio and geographic information into applications. Institutions can use the capabilities to enrich
the educational process, change how research surveys are conducted, improve how field data is collected, simplify
food service delivery, and expand alumni outreach. The mobile space will continue to expand and innovate. With
over a half million registered developers and over 2.5 million applications available on the most popular platforms,
mobile devices are being transformed into the tool that can do anything. Institutions need to take advantage of this
and develop forward-looking plans on how best to capture the future of mobile technology to best serve their
institutional strategies.
The popularity of cloud systems continues to grow with a flexible delivery model that is a good match for the
demand pattern of higher education institutions. Like any tool, cloud systems need to be utilized properly to be
effective. As cloud systems continue to be installed, IT organizations will need more skills as architects, integrators
and project managers and less skills configuring and repairing back-end systems. Since cloud systems do not have
a heavy reliance on information technology departments, vendors will market to other department heads who may
not consult IT departments in the evaluation process. This can lead to implementations that are good for a
department but increase the overall cost and complexity of the institution. As cost pressures continue to grow, a
modest investment in architecture and portfolio governance can mitigate the risk.
PwC 24
The ERP marketplace is expanding with new entrants selling cloud-based products that provide new capabilities,
the ability to grow and contract and better fit mobile computing. These systems are often aimed at a subset of ERP
functions and are marketed directly to functional managers. Meanwhile, the established ERP vendors continue to
expand the breadth of their offerings. The challenge for higher education is to strategically adopt newer solutions
without driving up the cost and complexity of overall operations. The need for a strong governance structure and
IT architectural plan is higher than ever. A coherent plan to incorporate new systems can prevent well-intentioned
changes from turning the information technology environment into expensive, confusing and inefficient islands of
data.
The advancement of technology will keep improving the information and capabilities available on devices.
Successful institutions will find ways to integrate the daily business of higher education into the mobile world while
cloud-based services and improved ERP systems will prove to be valuable tools in making institutions more agile
and mobile friendly. Successful institutions will manage their technological brand and provide a superior
experience for students, faculty, administrators and other constituents.
PwC 25
Shared services: A source for administrative efficiency
Background
Colleges and universities continue to face pressure to control administrative costs. Analyses of multi-year cost
trends at many institutions indicate that expenditure increases outside the core mission strikingly outpace those
associated with costs of instruction, research and, for those with academic medical centers, patient care. Left
unchecked, these trends will reduce the allocation of an institution’s resources necessary to achieve its goals and
objectives, and ultimately impair its ability to fulfill its mission.
Traditional sources of revenue will provide little relief. Increases in tuition and fees are constrained by increased
competition from colleges and universities seeking to maintain enrollment by increasing discounts and from
educational providers offering alternative instructional delivery models. College affordability and student debt
remain issues in the national conversation. Endowment returns, although up from previous years, offer only
limited relief, particularly for tuition-dependent institutions. Federal funding is unlikely to increase sufficiently to
offset rising research costs, while the outcome of research – intellectual property – has unpredictable returns. In a
number of states, appropriations are decreasing substantially, continuing the trend of shifting the burden of higher
education costs from taxpayers to students and their parents.
On the other hand, overall college and university costs continue to increase disproportionately to revenue and
funding. Educational organizations are labor intensive and benefit costs are likely to increase at a rate higher than
revenue increases. Costs associated with compliance with state and federal laws and regulations and with student
demands for lifestyle amenities and technology also place a heavy burden on institutional resources. Additionally,
many universities find themselves in an intellectual arms race where top talent physicians and scientists are
recruited with large compensation packages. Faced with these challenges, institutional leadership is taking steps to
increase efficiency and reduce costs while maintaining administrative operations that provide effective and
compliant service.
Increasingly, shared service centers have assumed a role in the set of transformative solutions being adopted to
achieve this objective. Commercial enterprises have long accepted the shared services model as a means to provide
services at reduced costs, but colleges and universities have only recently come to accept the model. Why the
hesitancy? Educational institutions are typically structured around a set of academic divisions/schools and
departments that include faculty and staff who perform a variety of activities, such as human resources, payroll,
procurement, travel, research administration, and financial management. This operational model is attached to the
tenure and promotion paradigm that university departments and schools have used for years to organize faculty
along traditional academic lines. As a result, services have historically resided within the academic division or
school, rather than being shared across departments.
In addition to academic departments, operations and support units such as facilities, transportation, health and
safety, research administration, information technology and advancement also employ staff members who perform
similar administrative tasks. In many cases, the staff members are generalists who are not able to call on peers for
assistance because processes and practices are uniquely defined in each department. From an institutional
perspective, this arrangement allows for structural redundancies, process inefficiencies, and unnecessary
operational costs. This structure also increases regulatory and compliance risk as an array of staff with varying
degrees of understanding of required policies and processes, perform critical tasks in an often inconsistent manner.
PwC 26
Impact on educational institutions
Increasingly, colleges and universities are adopting components of a shared services business model to support
functions performed throughout the institution. These shared services have included such areas as human
resources, benefits, procurement, travel, billing, treasury functions, research administration, and information
technology. Various successes and challenges have resulted from those institutions that have embarked on such a
model. Those that have been most successful have shared a set of common characteristics.
Board and senior leadership support – Shared services represent a change in the business model often
unfamiliar to many in the institution. Change in the decentralized leadership environment of a college or university
is facilitated by a clear vision supported and articulated by a leadership team aligned around a shared perspective
and clear outcomes.
Effective change management and communications – Institutions that have effectively managed the
change have demonstrated ongoing resource commitment to communicate the need for and benefits associated
with the new business model. Key elements of change management have included a compelling description of why
change is needed, leadership alignment, and an ongoing benefits assessment to highlight the advantages of the
model for both the institution and those impacted.
Dedicated project structure – Executing the transition plan has required institutions to dedicate a robust
project structure including governance support, effective project management, and a committed project team to
work collaboratively with stakeholders.
Clear definition of roles and responsibilities, processes, and service charges – Colleges and
universities have established a clear and well documented delineation of the roles and responsibilities between the
shared service center and those organizational units they serve. These have been codified in a service level
agreement or performance level agreement.
Phased deployment – To lessen the impact of large-scale deployments of service centers, institutions have
phased the change through pilot projects that often involve small, less-complex units. When pilots are successful,
other units often seek to share in that success, which has facilitated the selection of departments for participation in
future deployments.
Even in the best of circumstances, institutions have faced challenges with adopting shared services business
models. Faculty who have traditionally received administrative support from staff in their department have
expressed concern that they will be required to attend to more administrative functions, decreasing their
effectiveness as instructors and researchers. Staff members subject to re-assignment to a shared service center
have expressed concern that they need a better understanding of the path to the new organization structure and the
process of training needed in their new roles. Others declare their commitment to their current department’s
objectives and express reservations regarding the notion of serving in a specialist role.
Our perspective
Although a number of institutions have adopted the shared services approach, many have not. The reasons vary.
For some, leadership has failed to recognize the need to change. In these cases, institutional planning processes are
unresponsive to the forces influencing higher education. Planning is often tactical, rather than strategic. Shared
services adoption requires an investment of institutional resources to achieve the transition and contain ongoing
operational costs. For some, the investment is too great. Others recognize the need to change, but lack the
leadership wherewithal to effect it. Shared services adoption requires a collective commitment to a new business
model, and a prioritization of shared services implementation above other potential institutional initiatives.
Effecting this change requires that leadership present a coherent case for change, effectively communicate the need
PwC 27
for a timely transition, and develop and execute a well-conceived and well-resourced plan. Importantly, leadership
must champion change and address resistance throughout the transition.
Certain institutions may be hobbled by obsolete information technology. A shared services business model requires
well integrated technology supported by software that can be configured to support central processing for
distributed sets of departments. The software supporting the new model must provide stakeholders with
transparency into the new processes, shared service managers with visibility sufficient to monitor and control tasks
and meet performance standards, and shared service center staff with the ability to handle transactions and update
systems in a single encounter. Some of the software packages widely used in higher education today cannot
effectively support shared services for key administrative functions. Other software packages have been modified
so extensively that re-configuration to support a new business model may be cost prohibitive. Software
replacement may represent the more viable alternative.
Institutional leaders should continue to ask the following questions to assess the need for shared services:
How does the increase in institutional support costs, student services, and academic support over the last three
to five years compare to the increase in the core mission costs (i.e., instruction and research)?
How are resources allocated across institutional support services? For instance, although the finance function
may be performed in the Controller’s Office, are there resources from other academic and administrative
departments that also perform the function? Is the total cost of decentralized functions known (i.e., research
administration, purchasing, human resources, among others)? How do these costs compare to other
institutions?
Are faculty or staff performing the same functions in many departments, effectively duplicating efforts? For
example, are there administrative IT staff not only in the central IT department but also throughout the
academic, administrative and auxiliary departments of the institution?
Institutions that have successfully implemented shared service centers have learned valuable lessons along the way.
These “lessons learned” provide a path that others may follow. They have found that it is particularly important
that executive leadership understand and be engaged in communicating the need for change. Communications
regarding the benefits of shared services must emphasize customer service – the opportunity to improve the overall
experience by increasing accuracy, the timeliness of response and the effectiveness of communication. The
initiative represents a unique opportunity to thoughtfully consider and streamline business processes, removing
non-value-added steps. Benefits of administrative cost savings are best communicated with a description of how
the savings will be applied.
To date, colleges and universities have focused shared service initiatives on those functions that consume
significant resources in both decentralized academic and administrative units and central support organizations.
These include financial management, human resources, payroll, research administration, and selected components
of information technology. This list will continue to expand.
Savings opportunities are difficult to measure without an analysis of how staff and faculty with administrative
responsibilities in decentralized academic and administrative units apply their time and effort. Those institutions
that have measured and estimated the costs of this effort have realized savings ranging from 5% to 25% of the
combined decentralized and centralized units’ effort – a substantial savings that can be re-allocated to higher
priority functions. Just as important, they have realized improved service levels and expanded advancement
opportunities for those that staff the shared services center.
As with any organizational model, changes in the environment such as those resulting from new leadership,
changes in institutional structure, and regulatory and reporting requirements may require changes in the services
the center supports. Ongoing monitoring and assessment of the impact of these changes allow the shared services
center to adapt to the changing needs of the institution it serves.
PwC 28
The outlook from Washington
Background
Higher education act
Ideological differences within Congress about the appropriate role of the federal government in education policy
remain a significant challenge to substantive legislative action in the higher education area. For the first time since
2006, Republicans control both the House and Senate and drive the legislative agenda. First on the education
agenda is reform of No Child Left Behind and reauthorization of the Elementary and Secondary Education Act – no
simple task. With one failed attempt at passage in the House and unclear prospects for passage in the Senate, it is
questionable whether lawmakers will have the appetite to tackle another major education package, namely
reauthorization of the Higher Education Act. However, the new chairman of the Senate Health, Education, Labor
and Pensions Committee (HELP), Senator Lamar Alexander (R-TN), has said he intends the Senate to complete its
work to reauthorize the Higher Education Act by the end of 2015. Having put forth no definitive timeline, returning
chairman of the House Education and the Workforce Committee, Representative John Kline (R-MN), also has
listed reauthorization of the Higher Education Act among his priorities, and the House committee is working to
draft legislation that adheres to the four principles the committee outlined in 2014.19
It also should be noted that there are other important issues competing with the Higher Education Act
reauthorization for time on the committees’ agendas, including reauthorization of the law governing federal child
nutrition programs in the House and reform of the Food and Drug Administration, Children’s Health Insurance
Program reauthorization and Affordable Care Act reforms in the Senate. Additionally, both chairmen of the House
and Senate committees have as a top priority oversight and targeted reform of the Equal Employment Opportunity
Commission and National Labor Relations Board. When considered in light of the numerous other issues facing
Congress (i.e., Highway Trust Fund expiration, Patriot Act reauthorization, cybersecurity, and
budget/appropriations), it seems less likely that Congress will address the Higher Education Act reauthorization
ahead of the 2016 Presidential election.
While members of Congress continue to explore and debate reauthorization of the Higher Education Act, President
Obama and his Administration are moving ahead with executive and administrative actions designed to achieve the
President’s stated goals of making college more “accessible, affordable, and attainable.” Focused efforts include
actions designed to reform higher education funding, strengthen community colleges, limit tuition increases, and
address transparency and accountability issues. Many actions were taken through rulemaking and budget
proposals and are still under consideration or in the implementation process, including the college ratings system,
gainful employment regulations, and the “Student Aid Bill of Rights.” It remains to be seen whether these actions
will ultimately accomplish the Administration’s goals.
College Ratings and Gainful Employment
The public comment period closed for the Department of Education’s first draft of the Postsecondary Institution
Ratings System on February 17, 2015. According to the Department’s invitation for comment, the system aims to:
(1) help colleges and universities measure, benchmark, and continue to improve across the shared principles of
19 The Four principles are empowering students and families to make informed decisions; simplifying and improving student aid; promoting innovation, access, and completion; and ensuring strong accountability and a limited federal role. Republican Priorities for Reauthorizing the Higher Education Act, http://edworkforce.house.gov/uploadedfiles/hea_whitepaper.pdf.
PwC 29
access, affordability, and outcomes; (2) help students and families make informed choices about searching for and
selecting a college; and (3) enable the incentives and accountability structure in the federal student aid program to
be properly aligned to these key principles. A consistent theme from the comments was that the draft lacks
understanding of the different schools it proposes to group together. Additionally, commenters said that student
outcomes must be measured comprehensively and that post-graduate income levels cannot be the only measure of
a successful college education. The consensus that emerged from the public comment period is that the draft
framework is not ready to be rolled out for the 2015-16 school year. Whether those comments resonate with the
Department of Education remains to be seen as the Department works toward completion of the framework in time
for the 2015-2016 school year.
With an intense focus by the Department of Education, the Administration has set out to make a number of
changes in the for-profit space. Last year, the Department of Education released its final Gainful Employment rule.
The Department made significant adjustments from the original proposal that were seen as addressing some
concerns; however, the Debt-to Earnings (DTE) ratio was not changed, which will pressure schools to maintain
lower tuition and fees on an ongoing basis.
Cost of compliance
Republicans in Congress have voiced opposition to the Administration’s approach. In February, the Senate HELP
Committee held a hearing titled “Recalibrating the Regulation of Colleges and Universities: A Report from the Task
Force on Government Regulation of Higher Education.” The hearing featured a bipartisan report from the Task
Force on Federal Regulation of Higher Education commissioned by Senate HELP Committee Chairman Alexander
and Senators Barbara Mikulski (D-MD), Richard Burr (R-NC), and Michael Bennet (D-CO). The report suggests
numerous regulatory reforms in higher education policy, targeted at both traditional and for-profit schools. Soon
after the hearing, legislation was introduced in both the House and Senate targeting many of the regulations
currently being promulgated by the Department of Education, as well as some existing ones. Senator Burr
introduced S.559, the Supporting Academic Freedom through Regulatory Relief Act, which would stop many of
the regulations from being issued and/or enforced, including the college ratings system, gainful employment rules,
and credit hour definition.
A companion bill, H.R. 970, with a Democratic co-sponsor was introduced in the House by Representative Virginia
Foxx (R-NC). The bills are viewed as a stopgap measure to prevent the Department of Education from issuing or
enforcing certain regulations until Congress takes up reauthorization of the Higher Education Act, during which
Congress would purportedly address the issues. Even if the bills pass Congress, they may have little chance of
becoming law without significant support from congressional Democrats or an agreement with the President. That
said, there is an area where bipartisan collaboration seems likely–student loans. Senate HELP Committee
Chairman Alexander acknowledged that possibility during an interview with NPR last year. When asked what he
was willing to collaborate on with the Administration, Senator Alexander responded, “We did a good job working
with the President last year [2013] simplifying student loans and reducing the interest rate for undergraduates by
half. We need to finish that job by simplifying the FAFSA and repayment options.”
Several universities have performed studies of the cost of compliance in higher education. Specifically, Vanderbilt
University performed a regulatory cost burden study based on its own costs, as well as 12 other colleges and
universities across the sector. They were interested in uncovering the costs and primary contributions to federal
regulatory compliance. Vanderbilt University identified both direct costs and “marbleized” costs (those costs that
were included in other activities). They estimate that colleges and universities spend 4% to 11% of their
expenditures on compliance activities, excluding clinical regulatory costs. When considering clinical activities,
those percentages are even higher. Those institutions at the higher end of the range tend to be colleges or
universities with research activities. Another significant factor resulting in an institution’s cost percentage being at
the high end of the range is research on humans or animals.
PwC 30
Our perspective
The summary above is a high-level outline of selected federal policy and regulatory matters on the federal agenda.
The attention to educational institutions from Congress, the President, and other regulatory bodies is not slowing
down. While some legislation is in progress to streamline compliance requirements and reduce the financial
burden, other legislation in progress will result in more compliance requirements and added cost of
implementation. Therefore, when the opportunity arises, educational institutions should continue to be vocal with
regulatory bodies and political leaders as to their perspectives on proposed changes and the regulatory cost
associated with such changes.
PwC 31
Contributors
Roslyn Brooks
Marcy Culverwell
John Dalton
Ralph DeAcetis
Martha Garner
Tom Gaudrault
David Hemingson
Paul Hinds
Syed Khan
Carl Miller
Patricia Moks
Tomas Pereira
Ann Pike
Emily Rando
Shannon Smith
Paul Tanis
Christopher Wells
© 2015 PricewaterhouseCoopers LLP. All rights reserved. PwC refers to the United States member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.