WHITE PAPER
ON
OVERVIEW OF AUDITS WITHIN THE
MINNESOTA STATE COLLEGES AND UNIVERSITIES
FOR
MINNESOTA STATE COLLEGES AND UNIVERSITIES
CHIEF FINANCIAL OFFICERS CONFERENCE
November 2012
External Audit Coverage
System-wide Audited Financial Statements: Since fiscal year 2001, the Minnesota State
Colleges and Universities have contracted for an external audit of the system financial
statements. Currently, the external audit firm of CliftonLarsonAllen is under contract to
provide audit services for the system-wide financial statements, Revenue Fund financial
statements, and federal financial assistance. This was the third year that CliftonLarsonAllen
provided these services.
The Office of Internal Auditing is obligated by the current contract with CliftonLarsonAllen
to provide staffing support for the system-wide financial statement and federal financial
assistance audits.
College and University Audited Financial
Statements: Currently, three audit firms are
under contract to provide audit opinions on the
financial statements for 13 of the largest
institutions in the system. (CliftonLarsonAllen,
Kern, Dewenter, Viere, Ltd, and Baker Tilly
Virchow Krause)
Office of the Legislative Auditor: State law
allows the Legislative Auditor to audit the
Minnesota State Colleges and Universities. The
OLA released a financial internal control and
compliance audit of Metropolitan State University
in January 2012. As of November 2012, no other
audits have been scheduled.
Colleges and Universities with Audited Financial
Statements













Bemidji State University
Century College
Hennepin Technical College
Metropolitan State University
Minnesota State Community and Technical College
Minnesota State University, Mankato
Minnesota State University Moorhead
Minneapolis Community and Technical College
Normandale Community College
Rochester Community and Technical College
St. Cloud State University
Southwest Minnesota State University
Winona State University
Other Required Audits – Some special grants
and other funding sources have certain audit requirements that must be satisfied. State law
requires that we consult with the Legislative Auditor prior to executing contracts for audit work.
Internal audit facilitates this consultation with the OLA. Examples of required audits include:

Minnesota Job Skills Partnership (MJSP) grants: colleges and universities who receive these
grants are required to have an external audit at the close of each grant.

ISEEK: The operations of ISEEK are directed by a joint powers agreement which requires
an annual audit. MnSCU is the fiscal agent for ISEEK and has contracted with
CliftonLarsonAllen to complete annual audits.

NCAA financial compliance: Division II institutions are required to have a financial agreed
upon procedures review once every three years over athletic activities.
Reviews Conducted by State and Federal Student Financial Aid Authorities – The
Minnesota Office of Higher Education conducts periodic reviews of state financial aid programs
administered by colleges and universities. Most colleges and universities are examined once
every three years as part of that process.
Also, the U.S. Department of Education conducts ad-hoc program reviews and investigations of
federal financial aid programs. The department schedules its reviews based on a risk assessment
process and does not schedule routine reviews of each college and university. We are not aware
of any scheduled reviews for fiscal year 2013.
Audits of Affiliated and Associated Organizations – Board Policy 8.3 requires periodic
financial audits of affiliated foundations. Also, other related organizations, such as the statewide
student associations submit annual audited financial statements to the system office.
Office of Internal Auditing
The Office of Internal Auditing is governed by
Board Policy 1D.1. The Executive Director
reports directly to the chair of the Audit
Committee of the Board of Trustees. The
Audit Committee approves an annual audit
plan and oversees the offices operations.
Internal auditing: is an independent, objective
assurance and consulting activity designed to add
value and improve an organization's operations.
It helps an organization accomplish its objectives
by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control, and governance processes.
Internal Audit spends the majority of its time
on assurance services which, depending on the
Source: definition from the Institute of Internal Auditors
scope of the audit, may focus on the quality
and reliability of information, legal and policy compliance, and operational efficiency and
effectiveness.
Financial Internal Control and Compliance Audits: In fiscal year 2011, the Audit Committee
undertook a comprehensive evaluation of the audit approach for the Minnesota State Colleges
and Universities. One specific area that was included in the review was how to obtain financial
internal control and compliance audit coverage given that a contractual relationship with the
Office of the Legislative Auditor ended in fiscal year 2010 that provided much of this past
coverage since the merger in 1995. It was concluded, given limited resources, that coverage be
obtained by Internal Audit doing limited individual institution audits and focusing more heavily
on functional areas. Audits approved in the fiscal year 2013 audit plan were:




Bemidji State University and Northwest Technical College – Bemidji
Banking and cash controls
Document imaging
Purchasing cards
Follow-up on Prior Audit Findings: It is important that the Board of Trustees, Chancellor, and
presidents have confidence that any problems revealed by any audit receive appropriate
attention. Internal Audit monitors progress toward implementing audit finding recommendations
from both internal and external audits. Internal Auditing provides status reports on prior audit
findings to presidents twice a year. The Chancellor is informed about any unresolved audit
findings as part of the annual presidential performance evaluation process.
Fraud Inquiry and Investigation Support: Internal Audit assists with conducting fraud
inquiries and investigations. As required by Board Policy 1C.2, when evidence of fraud is
identified it must be dealt with appropriately. Board policy also states that every employee has a
responsibility to report suspected fraud in a timely manner. Internal Audit works closely with
fraud contacts at each college and university.
The results of most fraud inquiries and investigations are reported to affected presidents or the
Chancellor for action. Board policy requires that significant violations of board policy or law, be
communicated to the Board of Trustees. The Executive Director of Internal Auditing advises the
Chair of the Audit Committee about fraud investigations and reported potential fraud incidents to
the Legislative Auditor, as required by state law.
In these times of great uncertainty and change, we have seen an increase in the number of issues
that require inquiries and investigations.
Information Technology Audits: Recognizing that information technology now transcends all
aspects of the system and institutions could not function without technology, it is important to
provide leaders with independent assurance that critical information technology operations are
efficient, effective, and secure. In the past year, we have begun to implement an information
technology audit strategy for the system. Audits approved in the fiscal year 2013 audit plan
were: ImageNow and ISRS Database Security.
Studies with System-wide Interest: In past years, Internal
Auditing has scheduled a study of a topic of major system-wide
interest. Depending on priorities and available resources the
office plans to begin these types of audits in the future.
Advisory Services: The Institute of Internal Auditing allows
internal auditors to provide advice and guidance to management
through consulting or advisory services. These services can be
Selected Past System-wide Studies
o
o
o
o
o
o
Undergraduate Student Credit
Transfer (2010)
Auxiliary and Supplemental
Revenues (2009)
Affiliated Foundations (2008)
Student Success (2007)
Underrepresented Student
Populations (2004)
Post-Secondary Enrollment Options
(2001)
invaluable to management when transforming an area to help ensure that appropriate risks and
controls are built in up front rather than waiting until an assurance service engagement. In
providing these services, it is important that management is responsible for decisions or actions
that are taken as a result of the advice or guidance provided. Specific areas that Internal Audit is
engaged include:
 Providing professional advice to colleges, universities, and system office staff on
various topics. Common questions pertained to compliance with board policies, system
procedures, and best practices.
 Participating on task forces and other committees including: Security Steering
Committee, Finance User Group, Financial Aid Directors, and Chief Information
Officers.
 Planning activities of the campus services cooperative.
College and University Responsibilities
A few suggestions for colleges and universities to keep in mind to make audits go smooth:





Implement a program to periodically assess risks to determine if adequate controls are in
place to address those risks.
Ensure familiarity with state law, board policy, system procedures, and contractual
obligations.
Ask questions when uncertain about a particular requirement or transaction. We are a large
system and we should not hesitate to seek advice from others.
Do not be afraid to challenge or ask questions of auditors when you see a draft report with
inaccuracies or recommendations you do not understand.
Fix known deficiencies in a timely manner.
Submitted by Beth Buse, Executive Director – Internal Audit