QUARTERLY BUSINESS OFFICERS MEETINGOCTOBER 2017

TODAY’S AGENDA

I. Changes in Key Staff Roles (Terry Johnson)

II. Intellectual Property Policy (Marie Kerbeshian)

III. TIER Update (Laura McLeran)

IV. Technology Acquisition Process Compliance (T. Scott, J. Drews, S, Jedlicka, J. Pacheco)

V. Internal Control Findings (Todd Stewart)

VI. 2018 HR & Business Conference (Lori Cranston & Selina Martin)

VII. Status update on PayCV Application (Carolyn Gritton, Sherry Reynolds-Miller, Selina Martin)

VIII. Other Updates (Selina Martin)

CHANGES IN KEY STAFF ROLESTERRY JOHNSON, CHIEF FINANCIAL OFFICER & TREASURER, FINANCE & OPERATIONS

CHANGES IN KEY STAFF ROLES

Colleges

College of Medicine (Mark Hingtgen/Jason Haddy)

College of Nursing (Hazel Kerr/Ann Rhodes/Cheri Arneson)

Student Services (Tom Rocklin/Melissa Shivers)

Diversity Office (Georgina Dodge/Lena Hill)

UI Hospitals & Clinics

CFO (Ken Fisher / Doug True)

VP Medical Affairs (Jean Robillard /search underway)

Finance & Operations

Parking & Transportation (Dave Ricketts/Jim Sayre)

CFO unit (Dave Beney/Andrea Morrow)

Organizational Effectiveness (Dick See/TBD)

Internal Audit (Todd Stewart/Patrice Sayre in Board Office)

INTELLECTUAL PROPERTY POLICYMARIE KERBESHIAN, AVP & EXECUTIVE DIRECTOR, UI RESEARCH FOUNDATION

UI ECONOMIC DEVELOPMENT ECOSYSTEM

WHY WE DO WHAT WE DO

: legal obligations

sponsored research agreements, MTAs

CHAPTER 30—UI INTELLECTUAL PROPERTY POLICY

Phase 1: “University rights in qualifying inventions”

Stanford v Roche

Hiring documents for new appointments, renewals and changes in appointments

Internal routing of sponsored projects

Enrollment documents for students

Visiting scientists/scholars

Phase 2: revenue distribution

Percentages

Software and other copyrighted materials

TIER UPDATELAURA MCLERAN, ASSOCIATE VICE PRESIDENT, PRESIDENT’S OFFICE

Quarterly Business Officers MeetingTIER Update

October 2017

To improve student outcomes the UI will invest $155 - $165M into: • The faculty

• Retaining and hiring the best and brightest• Increasing research and scholarship

• Student outcome programs • Undergraduate research• Internships• Leadership development• Capstone project

Funding Student Outcomes

Additional State Appropriation by SFY 22

Undergrad Resident Tuition % IncreasePer year until SFY 22

By SFY 22 the UI Will Have Funded ~1/3 ($55-60M) of

the UI Strategic Plan through

TIER/reallocated resources

$155 -$165M

10.08%

7.08%

$95 –$110M

$0

$11-12M/yrof UI TIER savings & reallocated resources investedin strategic plan

0%

TIER/Reinvestment into 5 Year Strategic Plan

TIER@IOWA has allowed the UI to invest a projected:• $16.6M since FY 16

• $2.9M in FY 16• $6.6M in FY 17• $7.1M in FY 18 (projected)

Improving graduation rates while maintaining costs

0%

10%

20%

30%

40%

50%

60%

$0

$1,000

$2,000

$3,000

$4,000

$5,000

$6,000

$7,000

$8,000

FY 1

970

FY 1

980

FY 1

990

FY 1

991

FY 1

992

FY 1

993

FY 1

994

FY 1

995

FY 1

996

FY 1

997

FY 1

998

FY 1

999

FY 2

000

FY 2

001

FY 2

002

FY 2

003

FY 2

004

FY 2

005

FY 2

006

FY 2

007

FY 2

008

FY 2

009

FY 2

010

FY 2

011

FY 2

012

FY 2

013

FY 2

014

FY 2

015

FY 2

016

Real General Education Fund Expenditures per Student (indexed for inflation)

and 4-Yr Graduation Rates

Real GEF per Student (left axis) 4-Yr Graduation Rate (right axis)

Pre-TIER/TIER/Post-TIER (Examples)

Late1990s

Workflow Procurement Cards

Early –Mid 2000’s MAUI Biofuels

Mid - Late 2000’s Kaizen Events Energy Center

2014 Implementation of TIER

Shared Services/Purchasing

2016 Alignment to Strategic Plan

Managing Insurance Costs

UI Efficiency Benchmarked

• The UI operating O/H is 14.5% more efficientthan its Regents national peers

Questions?

TECHNOLOGY ACQUISITION REVIEW PROCESS

JANE DREWS -- CHIEF INFORMATION SECURITY OFFICER, ITS

TRACY SCOTT -- DIRECTOR, ENTERPRISE SERVICES, ITS

SARA JEDLICKA -- DIRECTOR, INVESTMENTS, BANKING & TRUST OPERATIONS, TREASURY OPERATIONS

JONATHAN PACHECO -- SENIORTREASURY ANALYST, TREASURY OPERATIONS

BACKGROUND & SCOPE

1. Internal Audit review of Cloud Computing identified gaps:

inconsistent use of review process

inconsistent record keeping

inefficient process

lack of visibility for requestor

2. Improve and combine processes for:

Client (desktop) software

Cloud service subscriptions, purchases

Applications purchase (RFP)

COMPLIANCE AREAS IMPACTED

1. Technology compatibility

2. Regulatory (PCI-DSS, HIPAA, FERPA, GLBA, et al)

3. Export controls

4. Accessibility compliance

5. Legal contractual terms

6. Purchasing (Iowa Code, Regents)

IMPORTANCE OF BUSINESS OFFICERS TO BE INFORMED

1. Integrated topics and risks:

1. Financial

2. Technical

3. Institutional data protection, preservation

2. Internal controls 1. Legal terms & conditions

2. Departmental oversight

3. Compliance with regulations, law, university policy is not optional

CURRENT PROCESSES

Review Process Review Initiation Point Trigger

Software Review (Client, Cloud, Free) Software Office Any purchase

Credit Card processing methods Treasury Operations Any change

RFP, RFO, RFI, RFQ (eBid) Purchasing $50,000+

Procurement Card purchases None Reconciliation

MOST COMMON ISSUES WITH CURRENT PROCESSES

1. Accurate understanding of the review cycle time (takes longer than people think)

1. Sometimes purchase occurs before review, which can be problematic

2. Current backend processes are highly manual, and use email messages for the “workflow”

1. Increases likelihood for errors or lost requests

2. Significant time spent just understanding the current status of a request

3. Impact on Treasury Operations (need approval for technology changes before you purchase)

1. Confusion over what technologies, services, need to be reviewed, form changes

4. Lack of transparency in the process

5. Local IT Director is typically not involved in the process

CHANGES TO FRONT-END PROCESS

1. Created an Available Software list of approved/recommended titles

2. Built a Universal Workflow form for the technology review process

1. Reviews are done in parallel and all information is stored in a single location

2. The status of each review is available to the customer making the overall process more transparent

3. The form is automatically routed to the next stop once approved

3. Local IT Director will be part of the process, they will see everything for their org

4. Treasury review (if necessary)

INSTITUTIONAL ROLES

New Category: Technology Review

New Roles:

1. Software Reviewer (Org level)

2. Software Reviewer (Dept level)

How will roles initially be populated?

Tracy Scott will initially populate these roles.

How will roles be maintained/updated?

Plan to work with the ITS Directory team to develop a process to be notified when someone in this role leaves/transfers that a notification will be sent to update the role.

TREASURY OPERATIONS – CREDIT CARD REVIEW

TREASURY OPERATIONS – CREDIT CARD REVIEW

BUSINESS OFFICER RESPONSIBILITY

1. Prevent bypassing established process (Pcard purchase, “free” cloud software, shared services orders)

2. Be aware of the technology reviewer roles that are in place

3. Take time to understand how and when revenue is received. Payment processing channel determines which approvals are required and update Cash Handling procedures.

4. Business Officer and Department Administrator approval required for new merchant accounts.

RESOURCES/LINKS

University Credit Card Policy: https://treasury.fo.uiowa.edu/policies-and-procedures/credit-card-acceptance-security-guidelines

New Merchant Account Request: https://finapps.bo.uiowa.edu/MerchantAccount/

Credit Card Questions: treasury-creditcards@uiowa.edu

Available Software - https://its.uiowa.edu/available-software

Technology Review Process (link to form)

https://its.uiowa.edu/campus-software-program/technology-reviews

INTERNAL CONTROL FINDINGSTODD STEWART, CHIEF AUDIT EXECUTIVE (BOR), INTERNAL AUDIT

INTERNAL CONTROL FINDINGS

“Character is doing the right thing when

nobody’s looking.”-J.C. Watts

INTERNAL AUDIT APPROACHES

Departmental/Unit Specific Audits

Centralized Process Audits

CENTRALIZED PROCESS AUDITS

1. Workflow Paths

2. Cash Handling UIHC cash handling

Cash handling policies

3. Human Resources Performance appraisals

Vacation/sick leave usage

DEPARTMENTAL AUDITS

1. Business Planning and Practices

2. Compliance and Internal Controls

3. Human Resources

4. Information Technology (IT)

5. Inventory and Capitalized Equipment

BUSINESS PLANNING AND PRACTICES Documented Business Continuation and

Disaster Recovery Plans

Up-to-Date Operations Manual

Charge Capture – Billing

Price Setting Methodology Goods or services

Reconciling Cash Collections to Daily Revenues

Restrictive Endorsement of Checks

COMPLIANCE AND INTERNAL CONTROLS

Unmaintained Contracts

Segregation of Duties Incompatible purchasing duties

Timely Reconciliations Monthly statements of accounts

Inventories

Transaction Detail Report

COMPLIANCE AND INTERNAL CONTROLS

Cash Handling Procedures

Oversight of Procurement Card

Travel Vouchers – Approved by Supervisor

Trip Approvals

Taxable Benefits

HUMAN RESOURCES Time and Leave Reporting

Conflict of Interest Verification

EOD Approval Prior to Hiring

Human Resources Termination Timely restriction of user access

Staff Training – Various Areas HIPPA and FERPA training

Sexual Harassment training

INFORMATION TECHNOLOGY System Access Controls

Server Vulnerability Scans

Social Security Number Remediation from Computers

Noncompliant Password Protocols

Outdated Operating Systems

Unlicensed Software

INFORMATION TECHNOLOGY Insecure Authentication

Machine Management

Physical and Environmental Security Accessible to the public

Not proper environmental placement

INVENTORY AND CAPITALIZED EQUIPMENT

Capital Equipment Tracking Equipment Disposal Not removed from inventory

Inventory and Supply Management Unused, defective, and obsolete inventory

Inaccurate and missing inventory

Inventory procedures/inadequate monitoring

Inadequate cell phone management

Unrestricted access to inventory

PCARD FRAUDS ON CAMPUS Happening in multiple places across campus Transactions moving through multiple levels of review Approvals taking place at the highest levels One person committing fraud on multiple cards Receipts have been altered Same receipt has been used multiple times “Not Yet Shipped” receipts used Shared Services processes continue to identify more fraud Internal Audit is changing the way we test PCard

transactions

HIGH RISK VENDOR?Amazon!

Primary Schemes: Purchase multiples of the item requested, (ex: three

world maps) return two, and put the credit on a gift card Create order – print the “Not Yet Shipped” receipt –

cancel that order and then purchase the fraudulent item Fraudsters are using a personal Amazon account for

university business – requiring a subpoena to gain access to their Amazon account to determine a “ship to” address

WHAT CAN YOU DO? Look at all receipts with professional skepticism Look at the transaction detail for those vendors that

provide it Pay particular attention to vendors like Amazon Tell your staff exactly what you’re looking for when

you approve or have a PCard reconciled Ensure the reconciliation is completed timely Use eBuy as much as possible

WHAT CAN YOU DO? Don’t panic Don’t confront the person you suspect of fraud Be discreet Lock down relevant data Contact one the of the following: Todd Stewart, Chief Audit Executive Terry Johnson, Chief Financial Officer and Treasurer Human Resources or your College Dean

ETHICSPOINT

The University of Iowa recognizes its obligation to maintain the highest ethical standards

Policy compliance is a shared responsibility that depends on individuals voicing their concerns

ETHICSPOINT

The Ethicspoint site provides an anonymous, confidential way to report potential issues

The university will address reports promptly and discreetly, sharing facts only with personnel needed to investigate and resolve the matter

ETHICSPOINT

Go to uiowa.edu/ethics for more information

THANK YOU!

For more information on the Department of Internal Audit, please visit our website at

www.uiowa.edu/audit/

2018 HR & BUSINESS CONFERENCELORI CRANSTON, ASSOCIATE DEAN FOR ADMINISTRATION, COLLEGE OF PUBLIC HEALTH

SELINA MARTIN, ASSOCIATE CONTROLLER, FINANCE & OPERATIONS

2018 HR & BUSINESS CONFERENCE

What is it?

An invitation-only one day professional development conference for Human Resource & Business/Finance professionals at the University of Iowa.

Why are we doing this?

2018 HR & BUSINESS CONFERENCE

Who is invited?

Business & Finance Primary Business Officers

Secondary Business Officers

Specific Central Administration Business & Finance Staff

(University Administration & UI Health Care Finance & Acctg)

Human Resources Senior HR Leaders

HR Unit Reps

HR Community

2018 HR & BUSINESS CONFERENCE

When & where?

Wednesday, April 4, 2018

7:30 AM – 5:30 PM

Kirkwood Hotel

2018 HR & BUSINESS CONFERENCE -

Communication

Facility

ProgrammingThanks to our contributors…

Emily Campbell, Deanna Green, Erin Herting, April Tippett & Bill Wise!

Who is organizing?

Conference Schedule

2018 HR & BUSINESS CONFERENCE

Potential Conference Topics

• The Politically Intelligent Leader• Higher Education Issues and

Challenges• Diversity• Fostering Partnerships Across

Campus• Communication Styles

• Fraud• Data Driven Decision-Making• Entrepreneurial Mindset• Balancing Mission, Strategy,

Reputation and Budget• Internal Controls

2018 HR & BUSINESS CONFERENCE

Awards!

Business & Finance“Rising To the Challenge”

“Strategic Business Officer of the Year”

Human Resources“Emerging HR Business Partner of the Year”

“Distinguished Strategic Business Partner of the Year”

PAYCV APPLICATION UPDATE

SELINA MARTIN, ASSOCIATE CONTROLLER, AFR & CAM

CAROLYN GRITTON, ASSISTANT DIRECTOR, ACCOUNTING & FINANCIAL REPORTING

SHERRY REYNOLDS-MILLER, PROGRAM MANAGER, BUSINESS SERVICES

COMMUNICATED IN APRIL 2017

New security model for AFR systems

What do we want out of a new application?

PAYCV APPLICATION UPDATE

Application Development

Project Plan

PrototypeFunctional

RequirementsSecurity Model

What have we done since the last update?

PAYCV APPLICATION UPDATE

Provide User

Training

Release to

Campus

Conduct Pilot

(Internal & External)

Complete Testing

Demo Security

Tool

Future Expectations…

OTHER UPDATES

REPORTING TOOLS ADVISORY COMMITTEE BUSINESS PROCESSES SERIES

SELINA MARTIN, ASSOCIATE CONTROLLER, FINANCE & OPERATIONS

REPORTING TOOLS ADVISORY COMMITTEE

April Tippett, College of Engineering

Bill Wise, College of Pharmacy

Cheri Arneson, College of NursingDeanna Green, Division of Continuing EducationEmily Campbell, College of EducationJane Malaby, Student ServicesJeff Donoghue, College of Liberal Arts & SciencesJoyce Ruplinger, Tippie College of Business Nate Kooi, UI Health CareSarah Dricken, State Hygienic Lab

Audra Haddy, F&O – Grant AccountingCathy Hagen, F&O - Budget DevelopmentBen Dudley, F&O - FBISHans Hoerschelman, F&O - FBISCarolyn Gritton, F&O – Accounting & Financial ReportingLan Ma, F&O - Accounting & Financial ReportingSteve Romont, F&O - Accounting & Financial Reporting

Who?

REPORTING TOOLS ADVISORY COMMITTEE

What?

Discontinue SQT(enhance EFR Summary's

Transactions Report)

Discontinue SA3(enhance TDR & create Balance Sheet Report)

Discontinue MS Reports(enhance EFR Summary’sBalance Summary reports)

Replacement & discontinuation of legacy reports

TDR Enhancements

EFR Summary – new reports

Dashboard Expansion

REPORTING TOOLS ADVISORY COMMITTEE

EFR Landing Page - Changes

REPORTING TOOLS ADVISORY COMMITTEE

New Report

REPORTING TOOLS ADVISORY COMMITTEE

Discontinue Legacy Reports - Simple Query Tool

BUSINESS PROCESSES SERIES – FUTURE COMPLIANCE CHANGE

What is changing?• BPS to be mandatory for all Primary Business Officers

(as identified in Institutional Roles application)• Expected effective date: Fiscal year 2019• What about delegates?• We will use Compliance & Qualification (CQ) system to

monitor compliance

Now what?• Selina will review compliance status based on current

records.• We will use Quarterly meetings to fulfill most common

topics needed to fulfill compliance.

2018 Meetings:To be announced in December

Ideas for future topics?