state university of new york · of the state university of new york: this presentation has been...

State University of New York2013 Audit Committee Presentation

October 28, 2013

kpmg.com

Telephone +1 518 427 4600Internet www.us.kpmg.com

KPMG LLP515 BroadwayAlbany, NY 12207-2974

October 24, 2013

Th M b f th A dit C ittThe Members of the Audit Committeeof the State University of New York:

This presentation has been prepared for our meeting with the State University of New York’s (SUNY) Audit Committee on October 28, 2013. Included are required communications of the scope and the preliminary results of our audit of SUNY’s financial statements as of and for the year ended June 30, 2013. In addition, we have provided control enhancement observations, status of other deliverables and an update on new accounting matters SUNY will face in future years.

We are pleased to have the opportunity to meet with the members of the Audit Committee to review this information and any other matters of interest.of interest.

Very truly yours,

KPMG LLP

Jane H. LettsPartner

KPMG LLP is a Delaware limited liability partnership,the U.S. member firm of KPMG International Cooperative(“KPMG International”), a Swiss entity.

Table of Contents

1. Engagement Overview

2. Required Communications

3. Summary of SUNY’s Component Units

4. Audit Campus Approach Recap

5. Results of Substantive Testing To Dateg

6. Preliminary Management Letter Comments

7 P li i A dit Diff7. Preliminary Audit Differences

8. New Accounting Standards For Future Periods

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 71814NYO

3

Engagement Overview

Deliverables Significant Matters Open Items

• Audit Plan, delivered in March 2013

• Auditors’ report on the basic financial

• Adoption of GASB No 61, The Financial Reporting Entity: Omnibus - GASB St t t

• Review of final financial statements of the Research Foundation, Cornell University St t t C ll dstatements

• Auditors’ report on internal control and compliance

Statements• Adoption of GASB No.

65, Items Previously Reported as Assets and Liabilities

Statutory Colleges and Alfred University College of Ceramics and audit workpapers of those entities, as applicable

• Management Letter Liabilities , pp

• Down to date inquiries and management representation letter

• Final analytical yprocedures

• Review of final SUNY financial statements


4

Required Communications

These communications are based on our audit testing to date and will be updated, as necessary, upon the completion of our audit.

Requirements Under SAS No. 114 Application to SUNY

Our Responsibility Under Professional Standards

The auditor should communicate to those charged with governance the level of responsibility assumed under auditing standards generally accepted in the United States of America (GAAS) for matters such as internal control and whether the financial statements are free of material misstatement.

Our primary responsibilities are:– To conduct an independent audit of the financial statements in

accordance with U.S. Generally Accepted Auditing Standards (GAAS) and Government Auditing Standards (GAS);

– To provide independent assurance to the Board of Trustees that the financial statements prepared by management are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles (GAAP).

In carrying out our responsibilities under GAAS and GAS, we obtained reasonable (but not absolute) assurance that the financial statements of the University of New York (SUNY) are free of material

i t t t d ill i difi d i i th Bmisstatement and will issue an unmodified opinion thereon. Because of the nature of audit evidence and the characteristics of fraud, we obtain reasonable, but not absolute, assurance that material misstatements are detected. We have no responsibility to plan and perform the audit to obtain reasonable assurance that misstatements, whether caused by error or fraud, that are not material to SUNY financial statements are detectedfinancial statements are detected.

In addition, in planning and performing our audit, we considered SUNY’s internal controls over financial reporting in order to determine our auditing procedures for the purpose of expressing our opinion on the financial statements. However, an audit does not include examining the effectiveness of internal controls over financial reporting throughout SUNY and does not provide assurance on


5

reporting throughout SUNY and does not provide assurance on internal controls over financial reporting for SUNY.

Required Communications (continued)


Significant Accounting Policies

The auditor should determine that the Board of Trustees is informed about:

The initial application of significant accounting policies or changes in their application.

The methods used to account for significant and unusual transactions,

SUNY’s significant accounting policies are summarized in Note 1 to the financial statements and represent policies prevalent to the financial position and operations of SUNY.

During 2013, SUNY adopted GASB No. 61, The Financial Reporting Entity: Omnibus, GASB No. 65, Items Previously Reported as Assets

d Li biliti d i th J 30 2013 fi l dg ,and the effect of significant accounting policies in controversial or emerging areas for which there is a lack of authoritative guidance or consensus.

and Liabilities, during the June 30, 2013 fiscal year-end.

There were no transactions recorded for which there is a lack of authoritative accounting guidance or consensus.

Management Judgments and Accounting Estimates

Accounting estimates are an integral part of the financial statements Significant accounting estimates affecting SUNY’s financial prepared by management and are based on management’s current judgments. Certain accounting estimates are particularly sensitive because of their significance to the financial statements and because of the possibility that future events affecting the estimates may differ from management’s current judgments.

The auditor should determine that the Board is informed about:

statements include the following:

‒ Fair value of investments

‒ Post-retirement benefit obligations

‒ Accounts receivable realization

Medical malpractice claims The process used by management in formulating accounting

estimates.

The basis for the auditor’s conclusions regarding the reasonableness of those estimates.

‒ Medical malpractice claims

We evaluated management’s significant judgments and estimates noted above as part of our audit, and found them to be reasonable in the context of the financial statements taken as a whole.


6



Audit Adjustments and Unadjusted Audit Differences

The auditor should inform the Board of Trustees about:

Adjustments arising from the audit that could, in the auditor’s judgment, either individually or in the aggregate, have a significant effect on the entity’s financial reporting process.

Passed audit adjustments aggregated by the auditor during the

We identified no adjustments during the 2013 audit that could, in our judgment, either individually or in the aggregate, have a significant effect on SUNY’s financial statements.

Unadjusted audit differences identified do not have a significant impact on SUNY’s net assets for the year ended June 30, 2013. Passed audit adjustments aggregated by the auditor during the

current audit engagement (and pertaining to the latest period presented) that were determined by management to be immaterial, both individually and in the aggregate, to the financial statements taken as a whole.

We will obtain written representation that management believes the effect of the unadjusted audit differences are immaterial to the 2013 financial statements.

Disagreements with Management and/or Significant Difficulties Encountered During the Audit

The auditor should discuss with the Board of Trustees any disagreements with management, whether or not satisfactorily resolved, about matters that individually or in the aggregate could be significant to the entity’s financial statements or the auditor’s report.

The auditor should inform the Board of Trustees of any serious difficulties encountered in dealing with management during the audit, such as

We had no such disagreements with SUNY’s management during our 2013 audit.

We encountered no difficulties in dealing with management during the g g g ,unreasonable delays and timetables, unavailability of personnel, and failure to provide information on a timely basis.

g g gperformance of our 2013 audit.


7



Management’s Consultation with Other Accountants

When the auditor is aware that management has consulted with other To the best of our knowledge management has not consulted with orWhen the auditor is aware that management has consulted with other accountants about auditing and accounting matters, the auditor should discuss with the Board of Trustees his or her views about such matters.

To the best of our knowledge, management has not consulted with or obtained opinions (written or oral) from other independent accountants during the past year concerning matters that were subject to the requirements of SAS No. 50, Reports on the Application of Accounting Principles.

Material Written Communications

The auditor should ensure the Board is aware of all material written communications between the auditor and management.

Material written communication between management and KPMG include:

‒ Engagement Letter; and‒ Management Representation Letter

Other Information in Documents Containing Audited Financial Statementsg

The auditor should discuss with the Board of Trustees our responsibility for other information in documents containing financial statements, any procedures performed, and the results thereof.

Our responsibility for other information in documents containing SUNY’s financial statements and our report thereon does not extend beyond the financial information identified in our report, and we have no obligation to perform any procedures to corroborate other information contained in these documents.

Independence

The auditor should communicate in writing, at least annually, all independence-related relationships between the firm and the client and provide confirmation that the firm is an independent accountant with respect to the client.

We confirm we are independent accountants with respect to SUNY under all relevant professional and regulatory standards.


8

Summary of SUNY’s Components

Component Auditor Audit Scope

SUNY Campuses and Health Science Centers (Hospitals)

KPMG LLP We visited the campuses listed in our audit plan and designed substantive audit procedures to obtain sufficient and appropriate audit evidence covering transactions and amounts reported by campuses and the health science centers.

The Research Foundation of State University of New York (RF)

KPMG LLP We placed reliance on the audit report issued over the RF's June 30, 2013 financial statements.

State University Construction Fund (Fund)

KPMG LLP We placed reliance on the audit report issued over the Fund's March 31, 2013 financial statements. ( )

Additionally, we have audited the adjusting entries posted by SUNY to record capital assets based on the Fund's spending activity.

Cornell (Statutory)Alfred Ceramics (Statutory)

PWCBonadio & Co. LLP

We received unaudited supplementary schedules, confirmed independence/objectivity with auditor, reviewed other auditor's peer review report.

We also reviewed work papers of other auditors to confirm sufficient audit conducted by other auditors over the significant accounts to SUNY.

Auxiliary Service Corporations –Discrete Component Units

Various We received audited financial statements, confirmed independence/objectivity with auditor, reviewed other auditor's peer review report.

Campus Foundations – Discrete Various We received audited financial statements, confirmed independence/objectivity with pComponent Units

p j yauditor, reviewed other auditor's peer review report.

Student Housing Corporations –Discrete Component Units

Various We received audited financial statements, confirmed independence/objectivity with auditor, reviewed other auditor's peer review report.

Community Colleges N/A Community Colleges are excluded from SUNY's financial reporting entity ,and therefore, no procedures were performed by KPMG.


9

Audit Campus Approach Recap

Campus Audit pApproach:

Three-tier approach consisting of Level 1, Level 2 and Level 3 campus. All Level 1 campuses

will be visited in year one, Level 2 campuses will be

Campus Visits: Stony Brook (Campus and

Hospital), University at Buffalo, Downstate Medical Center,

Upstate Medical Center,

Campus Accounting Control Activities

Audited: Cash, Tuition/Patient

Revenues, Procurement Level 2 campuses will be visited at least tri-annually. At least on Level 3 campus will

be visited per year.

pUniversity at Binghamton,

University at Oswego

,(contracting and expenditures),

Payroll


10

Results of Substantive Testing to Date

Key Risks Significant Accounts Audit Results to Date

Revenue recognition Tuition and fees, grants, hospitals and clinics

We selected samples of revenue transactions and obtained source documentation. We examined revenue transactions for compliance with SUNY and GAAP based revenue

iti t d drecognition standards.

No exceptions noted.

Tuition and patient revenues that are uncollectible

Accounts receivable We reviewed collection history and receivable aging, and tested subsequent cash receipts. We substantively tested key underlying data used to determine the adequacy of allowances.

We believe account receivable balances are reasonably valued We believe account receivable balances are reasonably valued.

Unsubstantiated disbursements Operating expenses We selected cash disbursements and traced transactions through to the appropriate general ledger caption. We obtain underlying source documentation, including contract, PO and invoice.

No exceptions noted.

Assumptions and data underlying Actuarially determined We utilized a KPMG actuary to assist us in assessing key assumptions and methodology. p y gactuarial calculations are invalid or inaccurate

yliabilities (including self-insurance and OPEB liabilities)

y g y p gyWe substantively tested key underlying data used to determine the liabilities and valuation.

We believe the OPEB valuation was reasonably stated.

Complex financial reporting process reliant on other organizations

Investments, Capital Assets, Payroll, Expenditures

We documented and tested source documentation used in financial statement preparation. We have confirmed the independence of other auditors.

We noted that the Controllers office has not received certain audited financial statementsorganizations We noted that the Controllers office has not received certain audited financial statements used in their reporting process. See management letter comment.

Decentralized control environment

All accounts and disclosures We interviewed key operational personnel and evaluate competency. Additionally, we tested controls for reliance over management review controls.

We believe controls at the campus level would be enhanced through the review and consideration of service organization SAS 70 reports. See management letter comment.


11

Preliminary Management Letter Commentsie

s Capitalization of Equipment – We identified several equipment additions were capitalized in the incorrect fiscal period.

ficie

nc Capital Assets Placed into Service – We noted that there was a time-lapse in placing certain construction-in-progress project into service.

Review of SOC 1– SUNY’s campuses utilize third party service organizations to

rol D

ef Review of SOC 1 SUNY s campuses utilize third party service organizations to perform student loan account administration functions. We noted that certain SUNY campus personnel did not obtain and review service organization SOC 1 reports. However, SUNY System Administration did obtain and review the SOC 1 reports.

Con

tr

Timeliness of Component Reporting –In order to prepare SUNY’s June 30th

year-end financial statements, they require final audited financial statements from various blended and discrete component units. As of October 24, 2013, approximately 13 entities have not provided audited statements to SUNY.

Additionally, The University Hospital of Brooklyn Foundation has not completed their financial audit for the period ending July 31, 2011 or July 31, 2012. These financial statements are required to be included in the consolidated discrete component unit financial statements of SUNY.


12

Preliminary Audit Differences

•SUNY records debt information supplied by DASNY at March 31, 2013. Accordingly, accrued interest expense is understated for the 3-month period April 1st to June 30th. This error is expected to have an inconsequential impact

Debt / Accrued Interest

to net assets as a corresponding understatement in State appropriation revenue/receivable exists. There were no debt issuances made during the April 1st to June 30th timeframe.

•SUNY records capital asset information for educational facilities and residence hall facilities as of March 31st. As a result, capital spending from April 1st to June 30th is excluded from the financial statements. The offset to the understatement of capital assets is an almost equal offset in deposits held with trustees. We expect this to have an

Capital Assets / Deposits with Trustees

understatement of capital assets is an almost equal offset in deposits held with trustees. We expect this to have an inconsequential impact to net assets.

•SUNY records equipment as it is purchased and placed into service. We reviewed the equipment addition population detail for the period 2012-13 and identified several items which were capitalized in the incorrect period. Based on our review of the historical differences and the equipment additions activity which occurred in the first quarter of 2013-14 we expect this to have an inconsequential impact to net assets

Capital Equipment Purchases

quarter of 2013-14, we expect this to have an inconsequential impact to net assets.

•SUNY defers all summer tuition. Accordingly, summer tuition related to the periods on or before June 30th has been recognized in the subsequent reporting period. As this accounting policy is consistently applied year over year, the rollover impact is expected to be inconsequential to net assets.

Summer Tuition

IBNR Estimate Accrual•SUNY records an estimated accrual for its incurred by not reported hospital claims. The estimate is valued as of December 31, 2013 and then rolled forward for the six months based on claims paid, incurred, and accrued for. KPMG’s valuation specialists reviewed the calculation and recommended increasing the accrued liability by $50 million for the June 30, 2013 year end. The proposed adjustment would not have an impact on SUNY’s net assets as the increase in liabilities and expenses would be offset by state appropriation revenue and receivable .

IBNR Estimate Accrual


13

New Accounting Standards For Future Periods

GASB 66 – Technical Corrections – 2012 , an amendment of GASB Statements No. 10 and No. 62 – Effective June 30, 2014

Amendment to Statement No. 10 removes provision that limit fund-based reporting of an entity's risk financing activities to the p p g y ggeneral fund and the internal service fund type.

Amendment to Statement No. 62 modifies the specific guidance on accounting for (1) operating lease payments that vary from a straight-line basis, (2) the difference between the initial investment (purchase price) and the principal amount of a purchased loan or group of loans, and (3) servicing fees related to mortgage loans that are sold when the stated service fee rate differs significantly from a current (normal) servicing fee rate.

GASB 68 – Postemployment Benefit Accounting and Financial Reporting – Effective June 30, 2015

Revises existing standards and requires the following to be determined related to a defined-benefit pension plan as of a date (measurement date) no earlier than the end of the employer’s prior fiscal year:( ) p y p y

- Net pension liability (asset): total pension liability less the fiduciary net position of the pension plan

- Pension expense

- Pension deferred outflows of resources and deferred inflows of resources

Employers participating in cost-sharing, multiple-employer plans (as does SUNY) will recognize their proportionate share of the p y p p g g p p y p ( ) g p pcollective amounts for the plan as a whole.

Approach results in reporting of pension liability and expense as employees earn their pension benefits by providing servicesinstead of being based on funding requirements.

Requires changes to certain methods and assumptions used to determine actuarial information for GAAP reporting purposes.

Will have a significant impact on SUNY’s financial statements amounts and disclosures to be determined


14

Will have a significant impact on SUNY s financial statements – amounts and disclosures to be determined

New Accounting Standards For Future Periods (continued)

GASB Statement No. 69 – Government Combinations and Disposals of Government Operations – Effective June 30, 2014

• Establishes accounting and financial reporting standards related to government combinations (mergers, acquisitions, transfers ofg p g g ( g , q ,operations) and disposals of government operations.

• Types of government combinations:

–Government merger – combination of two or more legally separate entities without significant consideration exchanged, whereby one or more legally separate governments or nongovernmental entities cease to exist and their operations are y g y p g g pabsorbed into, and provided by, one or more continuing governments.

–Government acquisition – government acquires another legally separate entity with significant consideration exchanged whereby the acquired entity becomes part of the acquiring government’s legally separate entity.

–Transfer of operations - government combination involving the operations of a government or nongovernmental entity, p g g p g g yrather than a combination of legally separate entities, in which no significant consideration is exchanged. Operations may be transferred to another existing entity or to a new entity.

• Recognition and measurement of the assets, liabilities, deferred inflows of resources and deferred outflows of resources is determined based upon the type of governmental combination. For government mergers, this would be primarily the merger date. For governmental acquisitions, this would primarily be the date of significant consideration exchanged (i.e. closing date). g q , p y g g ( g )For transfer of operations, this would primarily be the date in which the transferee government obtains control of the assets and becomes obligated for the liabilities of the operation transferred.

• Impairment of capital assets should be considered in either of these types of government combinations if the merging or acquiring entities chose to dispose of, or not intend to use, certain capital assets after the government combination takes place.


15

• Required note disclosures of the government combination dependent upon the type of government combination that takes place.


The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.

ACI / The Evolving Higher Education Audit Committee Agenda

High-profile risk and compliance incidents at higher education institutions around the United States have reinvigorated and sharpened the focus on audit committee priorities.

Widener University and KPMG recently held a forum in Chester, PA, where school presidents, financial executives and trustees collaborated to examine the issues and practices that drive audit committee and board agendas in higher education.

“The two largest factors are enterprise risk management [ERM] and technology/cybersecurity,” said one university trustee. “No one else in higher education governance is as occupied with these in real time as at the audit committee level.”

This sentiment was echoed throughout the two-hour interactive panel discussion. Several trustees with education, other not-for-profit, and for-profit or public board-level experience emphasized the importance of maintaining focus on the institution’s core business objectives when forming the audit committee agenda.

One panelist spoke about audit committee best practices. He suggested that the audit committee “owns the process for understanding risks as well as identifying who in the faculty, staff or administration must own specific risks and how they should be reported.”

“ERM comprises everything in our top 10 concerns: from student life to minors on campus. It’s about how to monitor the monitoring,” said one participant. Indeed, 70 percent of attendees said that ERM posed the greatest challenge to the audit committee, aside from oversight of financial reporting and internal controls. Moreover, the panelists agreed that the audit committee and board should lead the organization by example, setting the tone-at-the-top in their ongoing engagement, agenda priorities, and interaction with management.

The board and its committees should not hesitate to supplement their own knowledge with information and insight from third-party experts, internal audit (whether in-house or outsourced), external auditors and others. “We have to get different points of view,” said one attendee. For example, another attendee asked, “To what extent have your internal controls been impacted by technology?”

Other traditional and emerging audit committee items of interest discussed included involving different stakeholders (students, faculty, administrators, parents, donors, grantors, and others) in the risk assessment process, protection of personally identifiable information, affiliations with for-profit entities, and the handling of whistleblower concerns.

Another area for which audit committee involvement may be helpful is reputational risk. Specifically, participants discussed management and communication of particular hot-button issues that could damage the institution’s standing in the eyes of its peers and community, and the particular risks brought about by shifting business models. At the center of the business model shifts are the challenges brought about by the integration of online learning with traditional teaching methods and the advent of massive open online courses (MOOCs).

The Evolving Higher Education Audit Committee Agenda

Audit Committee Institute

© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 197219

KPMG.com/ACI © 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 197219

Beyond the core audit committee responsibility of oversight of financial reporting and internal controls, and within the evolving landscape of higher education, audit committees should consider their role in oversight for these areas:

Enterprise risk management – While general strategy and risk discussions are for the full board to consider, oversight of the ERM process—the systems and safeguards to understand and manage risk—often lies with the audit committee.

Regulatory compliance – Institutions operate within a myriad of increasingly complex requirements including those associated with federal funding, student loan programs, significant grants, clinical trials and accreditation and taxing authorities. Consideration of the likelihood and magnitude of potential noncompliance and the controls in place to mitigate these risks is an important component of ERM.

Conflicts of interest – In a university setting, where stakeholders are numerous and not always aligned in their objectives, the audit committee should be particularly diligent in understanding and managing potential conflicts of interest. The Association of Governing Boards of Universities and Colleges’ Statement on Conflict of Interest suggests that “compelling benefit to the institution” is the appropriate standard for determining whether a board member’s conflict of interest is permissible. Under what circumstances will your institution accept a conflict of interest and is there a common understanding and consistent application of this policy?

Crisis readiness – The audit committee should be fully informed about the school’s crisis readiness plans—from emergency planning to internal and external communication. Also, how has your institution prepared for legal ramifications and potential liability that might result from a crisis?

Global activities – Does your institution have overseas campuses, affiliations, or investments? Have all potential risks been considered in moving forward with global activities, particularly in countries in which you have not previously had a presence?

Partnerships and alliances – What are critical touch points to institutions beyond your own? What opportunities exist for creating value across traditional institutional boundaries with other higher education, research and health-care organizations, student-run enterprises, the larger business community, and government organizations? How formalized should partnerships and alliances be? What are the potential risks of such arrangements, and how are they being managed?

Technology change – Protection of personally identifiable information and maintenance of robust cybersecurity are colliding with the ubiquitous sharing of information through social media and increasingly open, collaborative and visible online learning. Does everyone in your institution, including students, faculty and administrators, understand their rights and responsibilities in using e-mail, course software, and other data stored on the school network or cloud? Is ownership of intellectual property clear? Are clear institutional protocols regarding use, storage, and sharing of data in place?

Protecting the brand and institutional viability – Can your institution weather a high-profile setback to its reputation? Does it have the agility to sustain a substantial shift in tuition, grants or fundraising? Although the audit committee’s primary objective is overseeing financial reporting and internal controls, the unique perspective of the audit committee may be valuable as institutions seek answers to broader questions of long-term institutional strength and viability.

Contact us

KPMG’s Higher Education & Not-for-Profit Practice

National Leaders Regional Leaders

Lou MezzinaIndustry DirectorT: 212-872-5856E: [email protected]

Dave GagnonNortheastT: 617-988-1326E: [email protected]

Rosemary MeyerMid-AtlanticT: 410-949-8425E: [email protected]

Dee NilesSouthwestT: 405-552-3863E: [email protected]

Milford McGuirt Audit LeaderT: 404-222-3249E: [email protected]

Jamie KleinMetro New York and New JerseyT: 212-872-6708E: [email protected]

Eileen McGinnSoutheastT: 615-248-5619E: [email protected]

Mark ThomasWestT: 949-885-5630E: [email protected]

Mark ThomasClient LeaderT: 949-885-5630E: [email protected]

Ellen HarrisonMid-AtlanticT 202-533-4006E: [email protected]

Kurt GabouerMidwestT: 312-665-3308E: [email protected]

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.

http://www.kpmginstitutes.com/aci/index.aspx