Quarterly budget officers meeting - Controller's Office BUSINESS OFFICERS MEETING OCTOBER 2017. ......
Transcript of Quarterly budget officers meeting - Controller's Office BUSINESS OFFICERS MEETING OCTOBER 2017. ......
TODAY’S AGENDA
I. Changes in Key Staff Roles (Terry Johnson)
II. Intellectual Property Policy (Marie Kerbeshian)
III. TIER Update (Laura McLeran)
IV. Technology Acquisition Process Compliance (T. Scott, J. Drews, S, Jedlicka, J. Pacheco)
V. Internal Control Findings (Todd Stewart)
VI. 2018 HR & Business Conference (Lori Cranston & Selina Martin)
VII. Status update on PayCV Application (Carolyn Gritton, Sherry Reynolds-Miller, Selina Martin)
VIII. Other Updates (Selina Martin)
CHANGES IN KEY STAFF ROLES
Colleges
College of Medicine (Mark Hingtgen/Jason Haddy)
College of Nursing (Hazel Kerr/Ann Rhodes/Cheri Arneson)
Student Services (Tom Rocklin/Melissa Shivers)
Diversity Office (Georgina Dodge/Lena Hill)
UI Hospitals & Clinics
CFO (Ken Fisher / Doug True)
VP Medical Affairs (Jean Robillard /search underway)
Finance & Operations
Parking & Transportation (Dave Ricketts/Jim Sayre)
CFO unit (Dave Beney/Andrea Morrow)
Organizational Effectiveness (Dick See/TBD)
Internal Audit (Todd Stewart/Patrice Sayre in Board Office)
CHAPTER 30—UI INTELLECTUAL PROPERTY POLICY
Phase 1: “University rights in qualifying inventions”
Stanford v Roche
Hiring documents for new appointments, renewals and changes in appointments
Internal routing of sponsored projects
Enrollment documents for students
Visiting scientists/scholars
Phase 2: revenue distribution
Percentages
Software and other copyrighted materials
To improve student outcomes the UI will invest $155 - $165M into: • The faculty
• Retaining and hiring the best and brightest• Increasing research and scholarship
• Student outcome programs • Undergraduate research• Internships• Leadership development• Capstone project
Funding Student Outcomes
Additional State Appropriation by SFY 22
Undergrad Resident Tuition % IncreasePer year until SFY 22
By SFY 22 the UI Will Have Funded ~1/3 ($55-60M) of
the UI Strategic Plan through
TIER/reallocated resources
$155 -$165M
10.08%
7.08%
$95 –$110M
$0
$11-12M/yrof UI TIER savings & reallocated resources investedin strategic plan
0%
TIER/Reinvestment into 5 Year Strategic Plan
TIER@IOWA has allowed the UI to invest a projected:• $16.6M since FY 16
• $2.9M in FY 16• $6.6M in FY 17• $7.1M in FY 18 (projected)
Improving graduation rates while maintaining costs
0%
10%
20%
30%
40%
50%
60%
$0
$1,000
$2,000
$3,000
$4,000
$5,000
$6,000
$7,000
$8,000
FY 1
970
FY 1
980
FY 1
990
FY 1
991
FY 1
992
FY 1
993
FY 1
994
FY 1
995
FY 1
996
FY 1
997
FY 1
998
FY 1
999
FY 2
000
FY 2
001
FY 2
002
FY 2
003
FY 2
004
FY 2
005
FY 2
006
FY 2
007
FY 2
008
FY 2
009
FY 2
010
FY 2
011
FY 2
012
FY 2
013
FY 2
014
FY 2
015
FY 2
016
Real General Education Fund Expenditures per Student (indexed for inflation)
and 4-Yr Graduation Rates
Real GEF per Student (left axis) 4-Yr Graduation Rate (right axis)
Pre-TIER/TIER/Post-TIER (Examples)
Late1990s
Workflow Procurement Cards
Early –Mid 2000’s MAUI Biofuels
Mid - Late 2000’s Kaizen Events Energy Center
2014 Implementation of TIER
Shared Services/Purchasing
2016 Alignment to Strategic Plan
Managing Insurance Costs
UI Efficiency Benchmarked
• The UI operating O/H is 14.5% more efficientthan its Regents national peers
TECHNOLOGY ACQUISITION REVIEW PROCESS
JANE DREWS -- CHIEF INFORMATION SECURITY OFFICER, ITS
TRACY SCOTT -- DIRECTOR, ENTERPRISE SERVICES, ITS
SARA JEDLICKA -- DIRECTOR, INVESTMENTS, BANKING & TRUST OPERATIONS, TREASURY OPERATIONS
JONATHAN PACHECO -- SENIORTREASURY ANALYST, TREASURY OPERATIONS
BACKGROUND & SCOPE
1. Internal Audit review of Cloud Computing identified gaps:
inconsistent use of review process
inconsistent record keeping
inefficient process
lack of visibility for requestor
2. Improve and combine processes for:
Client (desktop) software
Cloud service subscriptions, purchases
Applications purchase (RFP)
COMPLIANCE AREAS IMPACTED
1. Technology compatibility
2. Regulatory (PCI-DSS, HIPAA, FERPA, GLBA, et al)
3. Export controls
4. Accessibility compliance
5. Legal contractual terms
6. Purchasing (Iowa Code, Regents)
IMPORTANCE OF BUSINESS OFFICERS TO BE INFORMED
1. Integrated topics and risks:
1. Financial
2. Technical
3. Institutional data protection, preservation
2. Internal controls 1. Legal terms & conditions
2. Departmental oversight
3. Compliance with regulations, law, university policy is not optional
CURRENT PROCESSES
Review Process Review Initiation Point Trigger
Software Review (Client, Cloud, Free) Software Office Any purchase
Credit Card processing methods Treasury Operations Any change
RFP, RFO, RFI, RFQ (eBid) Purchasing $50,000+
Procurement Card purchases None Reconciliation
MOST COMMON ISSUES WITH CURRENT PROCESSES
1. Accurate understanding of the review cycle time (takes longer than people think)
1. Sometimes purchase occurs before review, which can be problematic
2. Current backend processes are highly manual, and use email messages for the “workflow”
1. Increases likelihood for errors or lost requests
2. Significant time spent just understanding the current status of a request
3. Impact on Treasury Operations (need approval for technology changes before you purchase)
1. Confusion over what technologies, services, need to be reviewed, form changes
4. Lack of transparency in the process
5. Local IT Director is typically not involved in the process
CHANGES TO FRONT-END PROCESS
1. Created an Available Software list of approved/recommended titles
2. Built a Universal Workflow form for the technology review process
1. Reviews are done in parallel and all information is stored in a single location
2. The status of each review is available to the customer making the overall process more transparent
3. The form is automatically routed to the next stop once approved
3. Local IT Director will be part of the process, they will see everything for their org
4. Treasury review (if necessary)
INSTITUTIONAL ROLES
New Category: Technology Review
New Roles:
1. Software Reviewer (Org level)
2. Software Reviewer (Dept level)
How will roles initially be populated?
Tracy Scott will initially populate these roles.
How will roles be maintained/updated?
Plan to work with the ITS Directory team to develop a process to be notified when someone in this role leaves/transfers that a notification will be sent to update the role.
BUSINESS OFFICER RESPONSIBILITY
1. Prevent bypassing established process (Pcard purchase, “free” cloud software, shared services orders)
2. Be aware of the technology reviewer roles that are in place
3. Take time to understand how and when revenue is received. Payment processing channel determines which approvals are required and update Cash Handling procedures.
4. Business Officer and Department Administrator approval required for new merchant accounts.
RESOURCES/LINKS
University Credit Card Policy: https://treasury.fo.uiowa.edu/policies-and-procedures/credit-card-acceptance-security-guidelines
New Merchant Account Request: https://finapps.bo.uiowa.edu/MerchantAccount/
Credit Card Questions: [email protected]
Available Software - https://its.uiowa.edu/available-software
Technology Review Process (link to form)
https://its.uiowa.edu/campus-software-program/technology-reviews
CENTRALIZED PROCESS AUDITS
1. Workflow Paths
2. Cash Handling UIHC cash handling
Cash handling policies
3. Human Resources Performance appraisals
Vacation/sick leave usage
DEPARTMENTAL AUDITS
1. Business Planning and Practices
2. Compliance and Internal Controls
3. Human Resources
4. Information Technology (IT)
5. Inventory and Capitalized Equipment
BUSINESS PLANNING AND PRACTICES Documented Business Continuation and
Disaster Recovery Plans
Up-to-Date Operations Manual
Charge Capture – Billing
Price Setting Methodology Goods or services
Reconciling Cash Collections to Daily Revenues
Restrictive Endorsement of Checks
COMPLIANCE AND INTERNAL CONTROLS
Unmaintained Contracts
Segregation of Duties Incompatible purchasing duties
Timely Reconciliations Monthly statements of accounts
Inventories
Transaction Detail Report
COMPLIANCE AND INTERNAL CONTROLS
Cash Handling Procedures
Oversight of Procurement Card
Travel Vouchers – Approved by Supervisor
Trip Approvals
Taxable Benefits
HUMAN RESOURCES Time and Leave Reporting
Conflict of Interest Verification
EOD Approval Prior to Hiring
Human Resources Termination Timely restriction of user access
Staff Training – Various Areas HIPPA and FERPA training
Sexual Harassment training
INFORMATION TECHNOLOGY System Access Controls
Server Vulnerability Scans
Social Security Number Remediation from Computers
Noncompliant Password Protocols
Outdated Operating Systems
Unlicensed Software
INFORMATION TECHNOLOGY Insecure Authentication
Machine Management
Physical and Environmental Security Accessible to the public
Not proper environmental placement
INVENTORY AND CAPITALIZED EQUIPMENT
Capital Equipment Tracking Equipment Disposal Not removed from inventory
Inventory and Supply Management Unused, defective, and obsolete inventory
Inaccurate and missing inventory
Inventory procedures/inadequate monitoring
Inadequate cell phone management
Unrestricted access to inventory
PCARD FRAUDS ON CAMPUS Happening in multiple places across campus Transactions moving through multiple levels of review Approvals taking place at the highest levels One person committing fraud on multiple cards Receipts have been altered Same receipt has been used multiple times “Not Yet Shipped” receipts used Shared Services processes continue to identify more fraud Internal Audit is changing the way we test PCard
transactions
HIGH RISK VENDOR?Amazon!
Primary Schemes: Purchase multiples of the item requested, (ex: three
world maps) return two, and put the credit on a gift card Create order – print the “Not Yet Shipped” receipt –
cancel that order and then purchase the fraudulent item Fraudsters are using a personal Amazon account for
university business – requiring a subpoena to gain access to their Amazon account to determine a “ship to” address
WHAT CAN YOU DO? Look at all receipts with professional skepticism Look at the transaction detail for those vendors that
provide it Pay particular attention to vendors like Amazon Tell your staff exactly what you’re looking for when
you approve or have a PCard reconciled Ensure the reconciliation is completed timely Use eBuy as much as possible
WHAT CAN YOU DO? Don’t panic Don’t confront the person you suspect of fraud Be discreet Lock down relevant data Contact one the of the following: Todd Stewart, Chief Audit Executive Terry Johnson, Chief Financial Officer and Treasurer Human Resources or your College Dean
ETHICSPOINT
The University of Iowa recognizes its obligation to maintain the highest ethical standards
Policy compliance is a shared responsibility that depends on individuals voicing their concerns
ETHICSPOINT
The Ethicspoint site provides an anonymous, confidential way to report potential issues
The university will address reports promptly and discreetly, sharing facts only with personnel needed to investigate and resolve the matter
THANK YOU!
For more information on the Department of Internal Audit, please visit our website at
www.uiowa.edu/audit/
2018 HR & BUSINESS CONFERENCELORI CRANSTON, ASSOCIATE DEAN FOR ADMINISTRATION, COLLEGE OF PUBLIC HEALTH
SELINA MARTIN, ASSOCIATE CONTROLLER, FINANCE & OPERATIONS
2018 HR & BUSINESS CONFERENCE
What is it?
An invitation-only one day professional development conference for Human Resource & Business/Finance professionals at the University of Iowa.
Why are we doing this?
2018 HR & BUSINESS CONFERENCE
Who is invited?
Business & Finance Primary Business Officers
Secondary Business Officers
Specific Central Administration Business & Finance Staff
(University Administration & UI Health Care Finance & Acctg)
Human Resources Senior HR Leaders
HR Unit Reps
HR Community
2018 HR & BUSINESS CONFERENCE
When & where?
Wednesday, April 4, 2018
7:30 AM – 5:30 PM
Kirkwood Hotel
2018 HR & BUSINESS CONFERENCE -
Communication
Facility
ProgrammingThanks to our contributors…
Emily Campbell, Deanna Green, Erin Herting, April Tippett & Bill Wise!
Who is organizing?
2018 HR & BUSINESS CONFERENCE
Potential Conference Topics
• The Politically Intelligent Leader• Higher Education Issues and
Challenges• Diversity• Fostering Partnerships Across
Campus• Communication Styles
• Fraud• Data Driven Decision-Making• Entrepreneurial Mindset• Balancing Mission, Strategy,
Reputation and Budget• Internal Controls
2018 HR & BUSINESS CONFERENCE
Awards!
Business & Finance“Rising To the Challenge”
“Strategic Business Officer of the Year”
Human Resources“Emerging HR Business Partner of the Year”
“Distinguished Strategic Business Partner of the Year”
PAYCV APPLICATION UPDATE
SELINA MARTIN, ASSOCIATE CONTROLLER, AFR & CAM
CAROLYN GRITTON, ASSISTANT DIRECTOR, ACCOUNTING & FINANCIAL REPORTING
SHERRY REYNOLDS-MILLER, PROGRAM MANAGER, BUSINESS SERVICES
COMMUNICATED IN APRIL 2017
New security model for AFR systems
What do we want out of a new application?
PAYCV APPLICATION UPDATE
Application Development
Project Plan
PrototypeFunctional
RequirementsSecurity Model
What have we done since the last update?
PAYCV APPLICATION UPDATE
Provide User
Training
Release to
Campus
Conduct Pilot
(Internal & External)
Complete Testing
Demo Security
Tool
Future Expectations…
OTHER UPDATES
REPORTING TOOLS ADVISORY COMMITTEE BUSINESS PROCESSES SERIES
SELINA MARTIN, ASSOCIATE CONTROLLER, FINANCE & OPERATIONS
REPORTING TOOLS ADVISORY COMMITTEE
April Tippett, College of Engineering
Bill Wise, College of Pharmacy
Cheri Arneson, College of NursingDeanna Green, Division of Continuing EducationEmily Campbell, College of EducationJane Malaby, Student ServicesJeff Donoghue, College of Liberal Arts & SciencesJoyce Ruplinger, Tippie College of Business Nate Kooi, UI Health CareSarah Dricken, State Hygienic Lab
Audra Haddy, F&O – Grant AccountingCathy Hagen, F&O - Budget DevelopmentBen Dudley, F&O - FBISHans Hoerschelman, F&O - FBISCarolyn Gritton, F&O – Accounting & Financial ReportingLan Ma, F&O - Accounting & Financial ReportingSteve Romont, F&O - Accounting & Financial Reporting
Who?
REPORTING TOOLS ADVISORY COMMITTEE
What?
Discontinue SQT(enhance EFR Summary's
Transactions Report)
Discontinue SA3(enhance TDR & create Balance Sheet Report)
Discontinue MS Reports(enhance EFR Summary’sBalance Summary reports)
Replacement & discontinuation of legacy reports
TDR Enhancements
EFR Summary – new reports
Dashboard Expansion
BUSINESS PROCESSES SERIES – FUTURE COMPLIANCE CHANGE
What is changing?• BPS to be mandatory for all Primary Business Officers
(as identified in Institutional Roles application)• Expected effective date: Fiscal year 2019• What about delegates?• We will use Compliance & Qualification (CQ) system to
monitor compliance
Now what?• Selina will review compliance status based on current
records.• We will use Quarterly meetings to fulfill most common
topics needed to fulfill compliance.