Training Day

Article Dean Dorton

Event Recap

Friday, March 23 marked a day of dynamic discussions in the local and regional higher education industry at our fourth annual Higher Education Training Day: Current Issues and Trends. Topics throughout the day covered everything from new accounting standard implementation to risk management and cybersecurity. We hope this overview of the day provides some insight into common areas of interest within the higher education community.

Institutional Planning and Budgeting

Jacalyn Askin, Senior Fellow for Finance and Campus Management at the National Association of College and University Business Officers (NACUBO), spoke on NACUBO’s economic models project (EMP). EMP’s is to provide NACUBO members with a comprehensive tool that provides a foundation for productive and effective institutional conversations. The EMP has four focus areas: mission, structures, strengths, and resources.

An institution’s mission should not simply be a mission statement, but rather encompass why an institution exists. The statement should be “mission centric, but market smart.” The structures of an institution should also be analyzed. Structures may need to be altered to allow for collaborations, new leadership models, and partnerships as a means to share resources.

Institutions should also focus on playing to its strengths. Adapt curriculum to the strengths and focus on the core of the institution’s existence. Lastly, utilize resources effectively. Align and redefine resources by prioritizing deployment of the resources, leverage old resources, consider new pricing strategies, and ensure that data being used becomes predictive, rather than only informative. NACUBO has provided an online tool to help you work through the EMP for your own institution: https://emp.nacubo.org/.

New DOE Information Security Requirements

Jason Miller, Director of Technology Consulting at Dean Dorton, explained that the Department of Education (DOE) is making a significant push for colleges and universities to take information security more seriously. In 2015 and in 2016, the DOE sent Dear Colleague Letters to provide higher education institutions with gentle reminders that any school participating in the Title IV federal student financial aid program is legally obligated to protect information. Specifically, they reminded us that participating in federal aid programs attaches a requirement to comply with the Gramm-Leach-Bliley Act (GLBA). GLBA was originally focused on financial institutions; therefore, many institutions try to ignore their GLBA compliance requirements.

The time has come that institutions can no longer ignore this requirement. DOE has requested that GLBA compliance become part of the annual federal student aid (FSA) audits. They have requested the Office of Management and Budget (OMB) to add an audit objective for GLBA to the FY18 compliance supplement. We are unsure if OMB will add this for FY18, but we expect that it will be added by FY19.

What does this mean for you and your institution?

  • Have you developed and deployed a comprehensive information security program?
  • Have you designated an individual to coordinate the information security program?
  • Have you conducted an annual risk assessment that includes the requirements of 16 CFR 314.4 (b)?
    • Employee training and management;
    • Information systems, including network and software design, as well as information processing, storage, transmission, and disposal; and
    • Detecting, preventing and responding to attacks, intrusions, or other systems failures
  • Have you documented the safeguards and remediation actions for any risks identified in the annual assessment?
  • Do you have plans in place for continual monitoring, response, and improvement for your information security program?
  • Do you have a breach response plan in place that ensures compliance with DOE’s notification requirements?

These items are likely to be become required documentation points of the FSA audit. Do you have processes in place that can provide auditable evidence that your institution is in compliance?

Another important aspect of DOE’s new focus on information security is their breach notification requirements. We encourage all institutions to review these carefully and ensure they are incorporated into your comprehensive breach response plans. Some highlights to be aware of include:

  • Under GLBA, a breach is defined as “any unauthorized disclosure, misuse, alteration, destruction or other compromise of information.”
  • There are no minimum record sizes defined for triggering reporting requirements.
  • Requirements are NOT limited to electronic data; paper counts too.
  • Title IV schools are required to notify DOE on the day of detection, even if a breach is only suspected.
  • The penalty for not complying with breach notification requirements is $54,789 per violation.
  • To report a breach, email cpssaig@ed.gov or call 202.245.6550. The following elements are required in the notification:
    • Date of breach (suspected or known)
    • Impact of breach (number of records, etc.)
    • Method of breach (hack, accidental disclosure, etc.)
    • Information security program point of contact: email and phone details
    • Remediation status (complete, in process): with details and next steps (as needed)

Do not allow yourself to be caught off guard. The time to act is now. If you need help evaluating your GLBA compliance maturity, Dean Dorton has team that can help. Contact Jason Miller at jmiller@ddaftech.com or 859.425.7626.

Internal Audit: Maximizing Its Potential

Lance Mann, Director of Assurance Services at Dean Dorton, explained that internal audit is an important risk management tool that should be utilized by all higher education institutions. Some institutions have internal resources that perform this role and others have outsourced this role; in either situation, the internal audit process is very similar when executed effectively.

An effective internal audit function starts with an annual risk assessment. The risk assessment should include an industry trend analysis, compliance related items in the industry, industry news, and institution-specific information such as board meeting minutes, budgets, and financial statements audit results. The risk assessment should also include interviews of key personnel from every corner of the institution. The interviews should be targeted at understanding the risks within that area or department, and should include individuals including the president, board members, department chairs, and individuals within the finance office, registrar office, athletics, clubs, food services, housing, academic departments, health departments, security, facilities, and parking. In essence, these interviews should encompass everything that makes the institution operate.

After completing your risk assessment, you should now have a risk population that you can evaluate to develop your internal audit plan for the year. Your internal audit plan should take in to account the highest risks and your resources. However, you may have high-risk items in which you may lack the internal expertise to adequately perform the audit work. You can always look at finding other resources on campus to help with this part of the audit or find external resources to outsource this part of your plan.

Due to their specific technical needs, three commonly outsourced areas within internal audit are technology, human resources, and federal student aid.

As you develop and execute your plan, it is important to keep the board of directors in the loop. Your annual plan should be approved by the board or audit committee, and you should regularly report to them on your audit results. You should also have a direct line of communication to the board. This is one of the most important aspects of internal audit’s ability to remain independent of management.

Having an effective internal audit function requires a significant amount of planning and preparation. It is important to perform a skills inventory to understand your internal skill sets and where you may need to find external assistance. Effective internal audit departments help institutions reduce their susceptibility to loss due to fraud or error, and help organizations remain compliant with laws and regulations. Internal audit departments should be an important part of every higher education team.

Contact Lance Mann at lmann@deandorton.com or 502.566.1005.Endowment Management

Kelso Morrill, Managing Director at Commonfund, and Chris Miceika, Director of Multi-Asset Solutions at Commonfund, explained that in order to retain inter-generational equity for endowments, the endowment growth rate should be benchmarked at an annual rate of 5% greater than the consumer price index (CPI).

While endowments have performed well and exceeded the benchmark over the past year, their three- and 10-year performances have lagged. To have a better chance at achieving the benchmark, endowments should favor equities over other investment types, be highly diversified, and be actively managed. Endowments should also allocate more to alternative, illiquid investments such as hedge funds. This difficulty in maintaining the benchmark from year to year affects an entity’s ability to maintain its endowment spend rate, which has averaged between 4% and 4.5% over the past 10 years.

More Students, More Graduates, Better Outcomes

John Anderson, Senior Vice President of Partnership Management at The Learning House, discussed important trends in higher education and items to consider when evaluating these trends and how they may impact your institution.

Important trends include:

  1. Declining student enrollment
  2. Increasing discount rates
  3. Growing enrollment in online programs
  4. Convenience and price
  5. New and growing competition

Items to consider:

  1. Are you focusing on the “student first” mentality?
  2. What types of programs are you offering? Do these programs align with your brand? Are they what the students want? How likely are these programs to lead to employment?
  3. Are you priced competitively?
  4. How are you planning to reduce costs for students?
  5. How is your brand being portrayed in the market? Is your brand message clear, concise and differentiated?

The Learning House partners with colleges and universities to develop online programs to help students and institutions achieve their mission. With the use of online program management services and a university scorecard, The Learning House is focused on helping institutions determine where they are today with adult learners and what the best practices are in order to offer the best programs possible.

FASB/GASB Breakout Sessions

David Richard, Director of Assurance Services at Dean Dorton, presented the FASB breakout session. He discussed how institutions should go about the implementation of three new accounting standards updates (ASUs) that will be relevant to private colleges and universities:

  • ASU No. 2015-14, Revenue from Contracts with Customers
  • ASU No. 2016-02, Leases
  • ASU No. 2016-14, Presentation of Financial Statements of Not-for-Profit Entities

Contact David Richard at drichard@deandorton.com or 859.425.7662.

Simon Keemer, Director of Assurance Services at Dean Dorton, provided the GASB breakout attendees with an update on GASB statements that will be effective in the next few years, concentrating on the impact of GASB 75 for Other Post-Employment Benefits (OPEB). GASB Statement No. 75 will be effective for entities commencing with June 30, 2018 year ends. He also discussed current GASB projects, paying particular attention to the GASB project to re-examine the reporting model.

Contact Simon Keemer at skeemer@deandorton.com or 502.566.1036.Admissions and the Business Office

Scott McDonald, Dean of Undergraduate Admission at the University of Kentucky, discussed the role of the business office function in admissions.

One of the main points to consider in the operation of an institution of higher education is to constantly evaluate the underlying assumptions on the practices of the college or university. Assumptions to evaluate could include the assumed market power of the institution brand and name, that the hindrance of tuition cost can be overcome with increasing institutional aid, and that the competition is sticking to the same known strategies that they always have. These assumptions may or may not be valid in the current changing landscape of higher education, so it is important to challenge them and integrate learned lessons into future strategies.

As mentioned, this becomes more important in the ever-changing environment of the college and university industry. Challenges such as a decreasing number of high school graduates in areas of Kentucky, the increasing cost of attendance, budget cuts, and competitors finding ways to differentiate themselves could become a threat to the success of an institution if not monitored.

As colleges and universities navigate these industry-wide concerns, focusing on important variables such as the items listed below could help foster a strategy of success:

  1. Quality of academic programs
  2. Composition of the current and incoming classes of students (residency, diversity, etc.)
  3. Potential to focus on signature, high quality programs and potentially discontinue ineffective programs
  4. Analysis of the markets, target populations, and the statistics and activities of competitors
  5. Unmet financial need

Student Financial Aid

Megan Crane, Manager of Assurance Services at Dean Dorton, covered general updates, program reviews and top findings, the Gramm-Leach-Bliley Act (GLBA), and available trainings.

For general updates, Megan noted that the Perkins loan program is ending and Pell funding levels are staying flat, which means that students will have a bigger gap to fill in order to fund their education. Although total Pell and prescribed Pell award caps are staying flat, Pell can now be awarded year-round (i.e. for summer) so that students have more flexibility in using their aid. State funding is also decreasing for public institutions and the aid for private institutions’ students have not increased in a number of years.

Megan also discussed program reviews and top program and audit findings. The Department of Education takes a risk-based approach to determine who should be flagged for a program review. This can include input from other accrediting agencies or organizations, high default rates, whistleblowers, and student complaints. Program reviews focus on two main areas: institutional processes and data and student level information. The most notable item is that program reviews encompass multiple offices across campus who are all responsible for overall compliance with the various requirements. After a program review or audit, there are issued findings. A finding in and of itself is not necessarily a red flag; however, repeat findings—where an institution has not worked to correct an issue—are significant.

The Gramm-Leal-Bliley Act (GLBA) was discussed in full during a different session; however, it is important to note that the requirements under GLBA will fall within the single audit by 2019, if not before.

Megan discussed how each institution is staying informed and up-to-date on current federal student aid (FSA) issues. Are your FSA team members attending annual training? Additionally, each institution should consider if non-FSA team members should attend FSA-specific trainings. If an accounting team member handles all of the G5 drawdowns, reconciliations, and other financial duties related to FSA, it could be beneficial for them to attend specific training on these areas. The annual FSA (Federal Student Aid) conference is free to attend. The 2018 conference will be held in Atlanta on November 27-30, 2018.

Lastly, we know that compliance is complex and takes a team effort. Work together across campus to create an environment of compliance. We are happy to assist in any way we can.

Contact Megan Crane at mcrane@deandorton.com or 859.425.7643.Tax Reform Update

Allison Carter, Manager of Tax Services at Dean Dorton, covered the ins and outs of the Tax Cuts and Jobs Act (TCJA) and its implications for colleges and universities. Items covered included:

  • Bonds: The TCJA repealed the exclusion from income of interest on advanced refunding bonds and tax credit bonds. It also preserved private activity bonds, like 501(c)(3) bonds.
  • Separately compute unrelated business income tax (UBIT): The TCJA requires tax-exempt organizations to calculate UBIT separately for each trade or business, which prohibits deductions from one business from offsetting income derived from another business. It also allowed net operating losses from prior years to continue to be available to offset income, regardless of the source of the loss.
  • Increase unrelated business taxable income (UBTI) by certain fringe benefits: UBTI includes any expenses paid or incurred by a tax-exempt organization for qualified transportation benefits, a parking facility used in connection with qualified parking, or any on-premises athletic facility.
  • Excise tax on private colleges and universities: The TCJA imposed an excise tax of 1.4% of net investment income each taxable year on “applicable educational institutions.”
  • Excise tax on excess compensation in excess of $1 million: The TCJA imposed an excise tax of 21% on remuneration in excess of $1 million with respect to employment of a covered employee of an “applicable tax-exempt organization.”

Contact Allison Carter at alcarter@deandorton.com or 859.425.7645.

Article Dean Dorton

We had an excellent day of collaboration and learning at our Higher Education: Current Issues and Trends event held at Northern Kentucky University on March 23, 2017. Topics throughout the day covered everything from new accounting standard implementation to risk management and cybersecurity. We hope this overview of the day provides some insight into common areas of interest within the higher education community.

Higher Education Issues and Challenges with Practical Solutions

Presented by: Dr. Kenneth L. Hoyt, Ph.D., The Higher Education Practice, LLC

Dr. Hoyt’s presentation, “Higher Education Issues and Challenges with Practical Solutions,” focused on identifying the top issues that face public and private institutions in our region. Attendees were asked to come to the front of the room and identify the issues and challenges they consider most significant in the current higher education landscape, regardless of whether they were from a private or public institution. Through this exercise it was quickly noticeable that private and public institutions face many of the same issues and challenges. Click here for more details.

Among the most significant issues that were discussed were:

  • Student retention and enrollment management: This was identified as a key factor of success for all institutions. The attendees nearly unanimously agreed that this was one of the biggest issues facing public and private institutions. Attracting the right students and keeping them engaged for the entire life of a program of study is one of the best ways to secure an adequate revenue stream.
  • Access versus tuition discounting and the cost of education: Controlling the price of tuition was a significant hurdle discussed for all institutions. However, private institutions ranked this particularly high. All institutions strike a delicate balance between discounting tuition enough to ensure access for students that may not otherwise be able to attend, while at the same time having adequate revenue to cover the costs of education.
  • Endowment management and resource allocation: For private institutions, fighting the pressures of keeping tuition affordable, proper management of investments within the endowment, and use of funds become more important.
  • Speed of making decisions: Participating universities mostly agreed that the speed of making decisions was a hurdle for their organizations as they attempt to react to the swiftly changing environment of higher education.
  • Facilities upgrades: It seems that the war is on to compete for students by upgrading facilities to be state of the art. Schools are getting creative to find ways to fund new facilities and those that can’t are finding it harder to attract students.

The event attendees also discussed ideas to help institutions figure out how to be more successful. They explored the concept of ensuring that the strongest programs with the best retention and least cost were given more focus than any programs with lower retention and higher cost. Focusing organizational resources on the lower-cost, more successful programs is a great way to increase retention and help ease the challenge of enrollment management.

Dr. Hoyt has helped a large number of institutions identify which programs are working and which are using more resources than they might be worth. Key indicators include the number of program inquiries, percentage of applications, graduation rate of the program, cost per student, and geographic demand measure, among many other items.

Ultimately, the income of an institution is greatly benefited by improving graduation and retention rates and focusing on programs central to the mission of the institution that also provide the best student engagement.

Dean Dorton Publication: State of Higher Education in KentuckyLegal Issues Update

Presented by: Jim Newberry, Steptoe & Johnson

As they say, there is an elephant in the room — the Trump administration. Many current hot higher education legal topics include:

  • Title IX
  • Legal Issues Generated by Financial Distress
  • Rapidly Evolving Compliance Environment
  • Unions/Employment Issues
  • Free Speech v. Hostile Environment
  • Cybersecurity Threats
  • Risk Management
  • Emotional Support Animals
  • Concealed Carry Laws
  • Emergency Management Obligations

The best way to manage these hot topics and others are to stay informed and be proactive. Consider utilizing legal audits for campus-wide issues and selected areas of concern. Identifying levels of contract materiality for involving counsel and employing effective risk management techniques can also help ensure your institution is staying up-to-date with regulations.

Many institutions are working toward more combined approaches such as purchasing services collaboratively with other institutions, creating geographic alliances, or substantive issue alliances. Last but not least, when in doubt, insure against significant risks when possible.

HR Issues, Risks, and Best Practices

Presented by: Jeff Ricketts, Dean Dorton

Higher education is not immune to its own set of human resources challenges. Some of the top noted HR challenges among institutions include:

  • Compensation and Benefits: As the largest expenditure for institutions, encompassing roughly 60% of total operating budgets, they have the daunting task of reducing labor costs and managing benefit cost increases. To accomplish this, HR departments have to review hiring practices, be creative with and carefully review benefit renewals, and be constituents with leadership to strategically address these issues.
  • Staff vs. Faculty: The separation of staff and faculty, and faculty among multiple departments, can lead to morale issues and concerns on campus. HR has the role to be ambassadors for fair treatment, bringing all staff and faculty together, by evaluating policies that separate the two parties, develop committees to bring all parties together and to publically promote the successes of both groups.
  • Succession Planning: An item facing a wide array of organizations, with the baby boomers retirement, is succession planning. The transfer of institutional knowledge can be vast depending on the level of position and tenure with the institution. HR has the opportunity to develop policies and procedures, especially through performance management, to lead their institutions through the succession planning process.

Regulatory changes and updates are also impacting HR departments across the country. And with DOL audits on the rise, organizations need to be proactive in their compliance approach. HR departments need to conduct annual audits of their HR functions, carefully reviewing compliance, processes and procedures.

Accounting Update

Presented by: David Richard, Dean Dorton

David reviewed the changes to nonprofit accounting and reporting that will be brought about by the recently issued ASU 2016-14, Not-For-Profit Entities (Topic 958): Presentation of Financial Statements for Not-For-Profit Entities. The Financial Accounting Standards Board issued this statement as a result of their efforts to enhance the usability of not-for-profit entity financial statements.

The update seeks to:

  • Address the complexity of the three net asset classes
  • Improve transparency in the relation to liquidity issues
  • Create consistent guidelines for the presentation and disclosure of expenses
  • Simplify the statement of cash flow presentation requirements

Read the full description of the changes required by the ASU.

Risk Management: Financial Fraud, Cybersecurity Update, and Panel Discussion

Presented by: Elizabeth Woodward and Jason Miller, Dean Dorton; Jacob Rhode, Kearting Meuthing & Klekamp PLLC

Cybersecurity

Cybersecurity is our new reality. Cyber threats grow in volume and sophistication every day. It is no longer just an IT responsibility. It is the responsibility of everyone in a leadership role. It is up to all users to become more aware and help avoid exposing the organization to a potential attacker.

The Department of Education continues to warn colleges and universities of their legal obligation to protect student data. Letters from the DOE have gone out the past two Julys. They point out the requirements apply to both public and private institutions.

Reviewing the annual Verizon Data Breach Incident Report (DBIR) can help you stay up to date on the latest threats and risks in cybersecurity. Key points from the 2016 DBIR:

  • User Awareness is a critical point for organizations to focus on helping reduce risks in areas classified as Crimeware, Miscellaneous errors, Physical theft and loss, and Insider and privilege misuse. Attackers are constantly targeting users with more and more sophisticated phishing attacks. We need to challenge our users to be more alert and skeptical.
  • Top threats (breaches) for 2016 in the Education sector were:
    • Web Application Attacks (30%)
    • Miscellaneous errors (17%)
    • Stolen assets (17%)
  • Multi-factor Authentication is a critical additional line of defense. Even if user’s passwords are compromised, outside threats would be stopped by the required secondary authentication.
  • Continual Risk Management is critical to keep your organization’s cybersecurity current and effective.

Are you actively engaging with your IT resources to ensure your institution is actively considering risks and continually improving your security posture to mitigate those risks?

 

Financial Fraud in Colleges and Universities

It is a new day for administrators of colleges and universities. On many campuses, the historical atmosphere of openness and collegiality has been replaced with the fear of budget cuts and lost jobs. This shift creates an important warning for financial professionals charged with preventing and detecting fraud – the decline in resources creates financial pressure; the personal disappointment and frustration with institutional pressures can encourage rationalization (“It’s ok for me to inflate this expense report, the University owes me.”)

In order to combat these effects (two prongs of the “Fraud Triangle”), college and universities need to focus on strong internal controls, to insure potential fraudsters do not have the “opportunity” (third prong of the Fraud Triangle) to steal.

Some factors to be aware of when considering internal controls for colleges and universities include:

  • Decentralized control environments can lead to lack of segregation of duties and independent oversight
  • Personnel with relatively low-compensation may have autonomy over high-dollar contracts
  • Faculty members’ involvement in businesses outside the University increases risk of conflict of interest
  • Funding sources are inherently complex, with different reporting requirements and rules
  • Boards and high level management may lack financial sophistication
  • Faculty and staff may have access to various forms of expense reimbursement, from various sources

In addition to periodic re-evaluation of internal controls, colleges and universities should remember that a strong ethical tone (which begins at the top of the organization) is the cornerstone of its environment.Student Financial Aid Update and Reminders

Presented by: Crissy Fiscus and Megan Crane, Dean Dorton

Federal student financial aid (FSA) compliance remains a significant risk area for all institutions as the Department of Education (DOE) has increased the number of program reviews in recent years and the penalties seem to be increasingly harsh. Two schools in Kentucky have closed their doors in recent years after having a DOE program review that resulted in severe findings and ended with the school being placed on HCM2. The board and management of all institutions need to be made aware of the risks of noncompliance with FSA requirements and develop a system of monitoring compliance. Maintaining FSA compliance is a campus-wide responsibility; however the President’s Office, the Student Financial Aid Office and the Business Office carry the majority of the responsibility for maintaining compliance. Best practices for each of those offices were discussed and a few are listed below:

  • Develop a relationship with representatives from the DOE office in your region – go visit them if you have to.
  • Hire a Director of Student Financial Aid (SFA Director) that understands the compliance requirements and will actively communicate those requirements to other departments across campus.
  • The SFA Director should be included in all discussions about new programs, new locations, etc.
  • Review the list of top 10 audit and program review findings annually.
  • Invest in training for SFA staff annually.
  • Engage an auditor that understands student financial aid.
  • Utilize internal audit to aid in FSA compliance (if you have internal audit).