STATEMENT OF AUDITING STANDARDS 112 (SAS112) Communicating Internal Control Matters Identified in an Audit UC Riverside Spring 2007

" Today's audit environment encourages  transparency and accountability. Therefore, an integrated campuswide effort is  needed  to  effectively steward the funds entrusted to UCR.” Chancellor Córdova

AGENDA * * Sponsored Project Administration 1- Why SAS112 2- What is SAS112 3- Impact of SAS112 4- Minimizing risk in C&G area 5- What to do? * Sponsored Project Administration

Why SAS112? SAS112 is our SOX - United States Federal Law and SEC For Public Companies -Sarbanes–Oxley (SOX): Requires conducting an assessment of the effectiveness of internal controls by management, to be audited and approved by the company’s independent accountants WorldCom Enron Why SAS112? SAS112 is our SOX - American Institute of Certified Public Accountants For non-profit organizations (UCR) - SAS 112

University of California (2002). Fine =$1.8 m Non-Compliance Fine$ University of California (2002). Fine =$1.8 m Northwestern University (2003). Fine = $5.5m Harvard University (2004). Fine = $2.6m Mayo Foundation/Mayo Clinics(2005). Fine = $6.5m Florida International University (2005). Fine= $11.5m University of Alabama Birmingham (2005). Fine =$3.4 m

What is SAS112? Establishes standards for communicating internal control issues relating to: integrity of financial reporting compliance with applicable laws and regulation Establishes standards that classify communicated control issues as: - control deficiencies - significant deficiencies - material weaknesses SAS112 standards have been adopted by the federal agencies and the Government Audit Standards has been updated to incorporate SAS112

SAS 112 requires disclosure of deficiencies to Regents and others Impact of SAS 112 on UCR Due to significant changes in the evaluation of control exceptions and more stringent audit standards, UCR is more likely to encounter control issues being identified and reported - Increased scrutiny - Larger audit samples - More audit evidence and documentation - Lower audit materiality thresholds SAS 112 requires disclosure of deficiencies to Regents and others

impact of deficiencies and weaknesses disclosures -negative impact on sponsored program funding -negative impact on reputation -increase external audits -audit disallowances -fines and penalties

Generally, internal controls at UCR are in order and adequate, but there are departments, functions and areas where we noted…. Control Issues with - Review and reconciliation of C&G expenditures - Certified effort reports - Cost Transfers -Expenditure monitoring

Effectiveness and efficiency of operations. INTERNAL CONTROL Internal Control Internal control is broadly defined as a process, effected by the UC Regents, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations. Reliability of financial reporting. Compliance with applicable laws and regulations.

Who is responsible for internal controls?

Advisory Services, etc.) PARTNERSHIP Principal Investigator & Project Personnel Central Offices (Office of Research, Accounting, Audit & Advisory Services, etc.) College Dean, Department Chair, MSO & Staff

Growth in Direct Contract and Grant Expenditures Fiscal Year 2003/04 to Fiscal Year 2005/06 Source FY03/04 FY04/05 FY05/06 1 Year % Increase/Decrease 2 Year % Increase/Decrease Federal Government $36,970,256 $47,197,544 $53,447,911 13% 45% Local Government $1,553,189 $1,936,147 $2,217,444 15% 43% Private $14,358,686 $14,711,554 $13,544,906 -8% -6% State Agencies $5,788,019 $5,985,849 $4,950,031 -17% -14% Total $58,670,150 $69,831,094 $74,160,292 6% 26% (a) Source: 2005-06 Annual Report on Contract & Grant Expenditures (a) 26% increase from FY03/04

Increase extramural support while managing risk UCR’s Challenge Increase extramural support while managing risk Our Goal Facilitating Faculty Success!

award close-out sub-recipient monitoring cost sharing effort reporting transfers POTENTIAL RISKS IN C&G AREA physical inventory review of monthly statements overdraft

FALL 2006

Area of Risk: Effort Reports Symptoms of deficiencies Incomplete or missing reports Late reporting Major area of concern for Federal Government Current Efforts New on-line system coming Resolution of deficiency Remove unsubstantiated costs

Area of Risk: Cost Transfers Symptom of Deficiency High volume Late transfers (may require revised effort reports) Improper documentation and/or allocation methodology Major area of concern for Feds Current Efforts Enhancing Business Rules Resolution of deficiency Reversal of charges

Area of Risk: Award Closeout Symptom of Deficiency Delinquent Financial Reports Delinquent Technical Reports Area of concern for Feds Current Efforts Improving notification process Resolution Future funding withheld for specific awards Funding to institution withheld

Minimizing the Risks Training Tools Policies C&G Workshops (to be expanded) Ethics Awareness Tools Enterprise Reporting System Ledger Recon/Review System (coming soon) Policies C&G Manual UCR Research Administration Roles & Responsibilities (in development)

Minimizing the Risks Timely review of monthly statements Budget to Actual Anticipate unspent balances or overdrafts Review payroll transactions Regularly meetings/discussion between PIs administrative staff Immediately report discrepancies Communication Timely resolution

Minimizing the Risk Timely return of certifications: Effort Reports Cost sharing Reports Impacts Financial Reports and Award Close-Out Monitor Sub-recipient’s progress on project compared to billing statements Potential impact on award close-out Timely submission of Technical Reports

and there will be consequences What to do 1- Department Assessment 2- Training When issues are identified: 1 - Self-reporting 2 - Request Assistance 3 – Remediate/Escalate 4 - Proactive Approach When control issues or policy non-compliance are recurring and systemic: Everyone is responsible It will be transparent and there will be consequences

Contacts Gretchen Bolar, Vice Chancellor-Academic Planning & Budget gretchen.bolar@ucr.edu Bobbi McCracken, Asst. Vice Chancellor-Financial Services bobbi.mccracken@ucr.edu Mike Jenson, Director-Audit & Advisory Services michael.jenson@ucr.edu Bruce Morgan, Asst. Vice Chancellor-Office of Research bruce.morgan@ucr.edu Toffee Jeturian, Asst. Director-Audit & Advisory Services rodolfo.jeturian@ucr.edu Marc Guerra, Director-Financial Control & Accountability marc.guerra@ucr.edu