Friday, March 23 marked a day of dynamic discussions in the local and regional higher education industry at our fourth annual Higher Education Training Day: Current Issues and Trends. Topics throughout the day covered everything from new accounting standard implementation to risk management and cybersecurity. We hope this overview of the day provides some insight into common areas of interest within the higher education community.
Institutional Planning and Budgeting
Jacalyn Askin, Senior Fellow for Finance and Campus Management at the National Association of College and University Business Officers (NACUBO), spoke on NACUBO’s economic models project (EMP). EMP’s is to provide NACUBO members with a comprehensive tool that provides a foundation for productive and effective institutional conversations. The EMP has four focus areas: mission, structures, strengths, and resources.
An institution’s mission should not simply be a mission statement, but rather encompass why an institution exists. The statement should be “mission centric, but market smart.” The structures of an institution should also be analyzed. Structures may need to be altered to allow for collaborations, new leadership models, and partnerships as a means to share resources.
Institutions should also focus on playing to its strengths. Adapt curriculum to the strengths and focus on the core of the institution’s existence. Lastly, utilize resources effectively. Align and redefine resources by prioritizing deployment of the resources, leverage old resources, consider new pricing strategies, and ensure that data being used becomes predictive, rather than only informative. NACUBO has provided an online tool to help you work through the EMP for your own institution: http://emp.nacubo.org/.
New DOE Information Security Requirements
Jason Miller, Director of Technology Consulting at Dean Dorton, explained that the Department of Education (DOE) is making a significant push for colleges and universities to take information security more seriously. In 2015 and in 2016, the DOE sent Dear Colleague Letters to provide higher education institutions with gentle reminders that any school participating in the Title IV federal student financial aid program is legally obligated to protect information. Specifically, they reminded us that participating in federal aid programs attaches a requirement to comply with the Gramm-Leach-Bliley Act (GLBA). GLBA was originally focused on financial institutions; therefore, many institutions try to ignore their GLBA compliance requirements.
The time has come that institutions can no longer ignore this requirement. DOE has requested that GLBA compliance become part of the annual federal student aid (FSA) audits. They have requested the Office of Management and Budget (OMB) to add an audit objective for GLBA to the FY18 compliance supplement. We are unsure if OMB will add this for FY18, but we expect that it will be added by FY19.
What does this mean for you and your institution?
- Have you developed and deployed a comprehensive information security program?
- Have you designated an individual to coordinate the information security program?
- Have you conducted an annual risk assessment that includes the requirements of 16 CFR 314.4 (b)?
- Employee training and management;
- Information systems, including network and software design, as well as information processing, storage, transmission, and disposal; and
- Detecting, preventing and responding to attacks, intrusions, or other systems failures
- Have you documented the safeguards and remediation actions for any risks identified in the annual assessment?
- Do you have plans in place for continual monitoring, response, and improvement for your information security program?
- Do you have a breach response plan in place that ensures compliance with DOE’s notification requirements?
These items are likely to be become required documentation points of the FSA audit. Do you have processes in place that can provide auditable evidence that your institution is in compliance?
Another important aspect of DOE’s new focus on information security is their breach notification requirements. We encourage all institutions to review these carefully and ensure they are incorporated into your comprehensive breach response plans. Some highlights to be aware of include:
- Under GLBA, a breach is defined as “any unauthorized disclosure, misuse, alteration, destruction or other compromise of information.”
- There are no minimum record sizes defined for triggering reporting requirements.
- Requirements are NOT limited to electronic data; paper counts too.
- Title IV schools are required to notify DOE on the day of detection, even if a breach is only suspected.
- The penalty for not complying with breach notification requirements is $54,789 per violation.
- To report a breach, email email@example.com or call 202.245.6550. The following elements are required in the notification:
- Date of breach (suspected or known)
- Impact of breach (number of records, etc.)
- Method of breach (hack, accidental disclosure, etc.)
- Information security program point of contact: email and phone details
- Remediation status (complete, in process): with details and next steps (as needed)
Do not allow yourself to be caught off guard. The time to act is now. If you need help evaluating your GLBA compliance maturity, Dean Dorton has team that can help. Contact Jason Miller at firstname.lastname@example.org or 859.425.7626.
Internal Audit: Maximizing Its Potential
Lance Mann, Director of Assurance Services at Dean Dorton, explained that internal audit is an important risk management tool that should be utilized by all higher education institutions. Some institutions have internal resources that perform this role and others have outsourced this role; in either situation, the internal audit process is very similar when executed effectively.
An effective internal audit function starts with an annual risk assessment. The risk assessment should include an industry trend analysis, compliance related items in the industry, industry news, and institution-specific information such as board meeting minutes, budgets, and financial statements audit results. The risk assessment should also include interviews of key personnel from every corner of the institution. The interviews should be targeted at understanding the risks within that area or department, and should include individuals including the president, board members, department chairs, and individuals within the finance office, registrar office, athletics, clubs, food services, housing, academic departments, health departments, security, facilities, and parking. In essence, these interviews should encompass everything that makes the institution operate.
After completing your risk assessment, you should now have a risk population that you can evaluate to develop your internal audit plan for the year. Your internal audit plan should take in to account the highest risks and your resources. However, you may have high-risk items in which you may lack the internal expertise to adequately perform the audit work. You can always look at finding other resources on campus to help with this part of the audit or find external resources to outsource this part of your plan.
Due to their specific technical needs, three commonly outsourced areas within internal audit are technology, human resources, and federal student aid.
As you develop and execute your plan, it is important to keep the board of directors in the loop. Your annual plan should be approved by the board or audit committee, and you should regularly report to them on your audit results. You should also have a direct line of communication to the board. This is one of the most important aspects of internal audit’s ability to remain independent of management.
Having an effective internal audit function requires a significant amount of planning and preparation. It is important to perform a skills inventory to understand your internal skill sets and where you may need to find external assistance. Effective internal audit departments help institutions reduce their susceptibility to loss due to fraud or error, and help organizations remain compliant with laws and regulations. Internal audit departments should be an important part of every higher education team.
Contact Lance Mann at email@example.com or 502.566.1005.
Kelso Morrill, Managing Director at Commonfund, and Chris Miceika, Director of Multi-Asset Solutions at Commonfund, explained that in order to retain inter-generational equity for endowments, the endowment growth rate should be benchmarked at an annual rate of 5% greater than the consumer price index (CPI).
While endowments have performed well and exceeded the benchmark over the past year, their three- and 10-year performances have lagged. To have a better chance at achieving the benchmark, endowments should favor equities over other investment types, be highly diversified, and be actively managed. Endowments should also allocate more to alternative, illiquid investments such as hedge funds. This difficulty in maintaining the benchmark from year to year affects an entity’s ability to maintain its endowment spend rate, which has averaged between 4% and 4.5% over the past 10 years.
More Students, More Graduates, Better Outcomes
John Anderson, Senior Vice President of Partnership Management at The Learning House, discussed important trends in higher education and items to consider when evaluating these trends and how they may impact your institution.
Important trends include:
- Declining student enrollment
- Increasing discount rates
- Growing enrollment in online programs
- Convenience and price
- New and growing competition
Items to consider:
- Are you focusing on the “student first” mentality?
- What types of programs are you offering? Do these programs align with your brand? Are they what the students want? How likely are these programs to lead to employment?
- Are you priced competitively?
- How are you planning to reduce costs for students?
- How is your brand being portrayed in the market? Is your brand message clear, concise and differentiated?
The Learning House partners with colleges and universities to develop online programs to help students and institutions achieve their mission. With the use of online program management services and a university scorecard, The Learning House is focused on helping institutions determine where they are today with adult learners and what the best practices are in order to offer the best programs possible.
FASB/GASB Breakout Sessions
David Richard, Director of Assurance Services at Dean Dorton, presented the FASB breakout session. He discussed how institutions should go about the implementation of three new accounting standards updates (ASUs) that will be relevant to private colleges and universities:
- ASU No. 2015-14, Revenue from Contracts with Customers
- ASU No. 2016-02, Leases
- ASU No. 2016-14, Presentation of Financial Statements of Not-for-Profit Entities
Contact David Richard at firstname.lastname@example.org or 859.425.7662.
Simon Keemer, Director of Assurance Services at Dean Dorton, provided the GASB breakout attendees with an update on GASB statements that will be effective in the next few years, concentrating on the impact of GASB 75 for Other Post-Employment Benefits (OPEB). GASB Statement No. 75 will be effective for entities commencing with June 30, 2018 year ends. He also discussed current GASB projects, paying particular attention to the GASB project to re-examine the reporting model.
Contact Simon Keemer at email@example.com or 502.566.1036.
Admissions and the Business Office
Scott McDonald, Dean of Undergraduate Admission at the University of Kentucky, discussed the role of the business office function in admissions.
One of the main points to consider in the operation of an institution of higher education is to constantly evaluate the underlying assumptions on the practices of the college or university. Assumptions to evaluate could include the assumed market power of the institution brand and name, that the hindrance of tuition cost can be overcome with increasing institutional aid, and that the competition is sticking to the same known strategies that they always have. These assumptions may or may not be valid in the current changing landscape of higher education, so it is important to challenge them and integrate learned lessons into future strategies.
As mentioned, this becomes more important in the ever-changing environment of the college and university industry. Challenges such as a decreasing number of high school graduates in areas of Kentucky, the increasing cost of attendance, budget cuts, and competitors finding ways to differentiate themselves could become a threat to the success of an institution if not monitored.
As colleges and universities navigate these industry-wide concerns, focusing on important variables such as the items listed below could help foster a strategy of success:
- Quality of academic programs
- Composition of the current and incoming classes of students (residency, diversity, etc.)
- Potential to focus on signature, high quality programs and potentially discontinue ineffective programs
- Analysis of the markets, target populations, and the statistics and activities of competitors
- Unmet financial need
Student Financial Aid
Megan Crane, Manager of Assurance Services at Dean Dorton, covered general updates, program reviews and top findings, the Gramm-Leach-Bliley Act (GLBA), and available trainings.
For general updates, Megan noted that the Perkins loan program is ending and Pell funding levels are staying flat, which means that students will have a bigger gap to fill in order to fund their education. Although total Pell and prescribed Pell award caps are staying flat, Pell can now be awarded year-round (i.e. for summer) so that students have more flexibility in using their aid. State funding is also decreasing for public institutions and the aid for private institutions’ students have not increased in a number of years.
Megan also discussed program reviews and top program and audit findings. The Department of Education takes a risk-based approach to determine who should be flagged for a program review. This can include input from other accrediting agencies or organizations, high default rates, whistleblowers, and student complaints. Program reviews focus on two main areas: institutional processes and data and student level information. The most notable item is that program reviews encompass multiple offices across campus who are all responsible for overall compliance with the various requirements. After a program review or audit, there are issued findings. A finding in and of itself is not necessarily a red flag; however, repeat findings—where an institution has not worked to correct an issue—are significant.
The Gramm-Leal-Bliley Act (GLBA) was discussed in full during a different session; however, it is important to note that the requirements under GLBA will fall within the single audit by 2019, if not before.
Megan discussed how each institution is staying informed and up-to-date on current federal student aid (FSA) issues. Are your FSA team members attending annual training? Additionally, each institution should consider if non-FSA team members should attend FSA-specific trainings. If an accounting team member handles all of the G5 drawdowns, reconciliations, and other financial duties related to FSA, it could be beneficial for them to attend specific training on these areas. The annual FSA (Federal Student Aid) conference is free to attend. The 2018 conference will be held in Atlanta on November 27-30, 2018.
Lastly, we know that compliance is complex and takes a team effort. Work together across campus to create an environment of compliance. We are happy to assist in any way we can.
Contact Megan Crane at firstname.lastname@example.org or 859.425.7643.
Tax Reform Update
Allison Carter, Manager of Tax Services at Dean Dorton, covered the ins and outs of the Tax Cuts and Jobs Act (TCJA) and its implications for colleges and universities. Items covered included:
- Bonds: The TCJA repealed the exclusion from income of interest on advanced refunding bonds and tax credit bonds. It also preserved private activity bonds, like 501(c)(3) bonds.
- Separately compute unrelated business income tax (UBIT): The TCJA requires tax-exempt organizations to calculate UBIT separately for each trade or business, which prohibits deductions from one business from offsetting income derived from another business. It also allowed net operating losses from prior years to continue to be available to offset income, regardless of the source of the loss.
- Increase unrelated business taxable income (UBTI) by certain fringe benefits: UBTI includes any expenses paid or incurred by a tax-exempt organization for qualified transportation benefits, a parking facility used in connection with qualified parking, or any on-premises athletic facility.
- Excise tax on private colleges and universities: The TCJA imposed an excise tax of 1.4% of net investment income each taxable year on “applicable educational institutions.”
- Excise tax on excess compensation in excess of $1 million: The TCJA imposed an excise tax of 21% on remuneration in excess of $1 million with respect to employment of a covered employee of an “applicable tax-exempt organization.”
Contact Allison Carter at email@example.com or 859.425.7645.