Minnesota State Colleges and
Universities
Meeting of the Board of Trustees
December 16, 2003
Cliff Hoffman, Partner
Kirsten Vosen, Partner
Craig Popenhagen, Senior Manager
This report is intended solely for the information and use of the Board of Trustees, management and others as designated by MnSCU and is not intended to be and
should not be used by anyone other than these specified parties.
©2003 by Deloitte & Touche LLP. All rights reserved.
Table of Contents
Section I – 2003 Audit
• Audit Results and Reports Issued
• Financial Statement Highlights
Section II – Minnesota State Colleges and Universities’ (MnSCU)
Strengths and Challenges
• Strengths and Challenges
• Relative Values of Best Practices in Ratings
Section III – Environmental Factors Affecting Audit Scope
• GAO’s Revised Auditor Independence Standards
• Internal Controls
– Focus of Sarbanes-Oxley Act of 2002
– COSO Internal Control Framework
183060
PAGE 1
Section I — 2003 Audit
Audit Results and Reports Issued
• Independent Auditors’ Report on Financial Statements (system wide) –
unqualified opinion
• Independent Auditors’ Report on Financial Statements (Revenue Bond) –
unqualified opinion
• Independent Auditors’ Report on Compliance and on Internal Control Over
Financial Reporting Based Upon the Audit Performed in Accordance with
Government Auditing Standards – no findings or material weaknesses, with
the exception of certain colleges and universities that did not maintain
depository insurance/collateral securities at required minimum levels during
the year
183060
PAGE 3
Audit Results and Reports Issued
(continued)
• Required Audit Communications - New Accounting Policies
– Governmental Accounting Standards Board (GASB) Statement No. 38 required
additional note disclosures for accounts receivable, accounts payable, other assets,
and interfund balances and transfers and was effective July 1, 2002. No effect on
net assets.
– GASB Statement No. 39 requires reporting, as a component, an organization that
raises and holds economic resources for the direct benefit of a governmental unit
and will be effective for the fiscal year ending June 30, 2004.
– GASB Statement No. 40 requires additional note disclosures for investment
securities and will be effective for the fiscal year ending June 30, 2005. Will not
affect net assets.
– GASB Statement No. 42 requires reporting of the effects of capital asset
impairment in the financial statements when it occurs and also enhances
comparability of financial statements by requiring all insurance recoveries to be
accounted for in the same manner. Effective for the fiscal year ending June 30,
2006.
– Exposure draft of the proposed GASB statement, Accounting and Financial
Reporting by Employers for Postemployment Benefits Other than Pensions, would
require measurement and disclosure of postemployment benefits other than
pensions and other information that is deemed useful in assessing future cash
flows. If approved as presently written, would be effective for the fiscal year
ending June 30, 2007.
183060
PAGE 4
Audit Results and Reports Issued (continued)
• Required Audit Communications
– Our responsibility under GAAS (Generally Accepted Auditing Standards) — among
others to understand control structure — as described in our engagement letter.
– Significant estimates
» Significant estimates include:
• Liabilities for workers’ compensation, determined primarily by the State of
Minnesota Department of Employee Relations
• Liabilities for compensated absences, determined by MnSCU and the State of
Minnesota Department of Finance
» No significant changes in methodology from prior year
– Passed adjustments
» Known and likely passed adjustments had the following effects:
• Increase assets - $1.1 million
• Increase liabilities - $2.3 million
• Decrease net assets - $1.2 million
» Projection of accounts payable error increases accounts payable $2.5 million not
included in the above summary of known and likely passed adjustments
– Received full cooperation of management
183060
PAGE 5
Audit Results and Reports Issued
(continued)
• Management letter
– Structure of Finance Department and financial reporting
» Too much reliance on the financial reporting personnel at the Office of the
Chancellor
» Consider developing a plan to balance responsibilities between colleges/
universities and Office of the Chancellor
– Accounting disciplines
» Need increased level of scrutiny, diligence, and uniformity in application of
MnSCU accounting policies at the college and university level
– Investment collateral
» Improvement made in 2003: $9.7 million undercollateralized in 2003 versus
$13.4 million in 2002
– Computer processing environment
» Development and implementation of an information protection plan
» Improve application and system software change control
183060
PAGE 6
Financial Statement Highlights
June 30, 2003
June 30, 2002
Total Net Assets = $1,023,092,040
Total Net Assets = $949,805,965
Restricted
9.7%
Restricted
8.3%
Unrestricted
11.9% (2)
Unrestricted
12.7% (2)
Invested in
Capital Assets,
Net of Related
Debt (1)
77.6%
Invested in
Capital Assets,
Net of Related
Debt (1)
79.8%
Observations:
(1)
Net capital assets of $941.5 million and $877.4 million at June 30, 2003 and 2002, respectively, are partially offset by
General Obligation bonds of $121.9 million and $104.6 million, respectively.
(2)
Unrestricted net assets of $129.4 million at June 30, 2003 ($112.9 million at June 30, 2002) would be consumed by
MnSCU’s operations in 1.1 months in both fiscal years 2003 and 2002.
183060
PAGE 7
Financial Statement Highlights—
Total Revenue Breakout (in millions)
$700
$600
$500
$400
$300
$200
$100
$0
State
Appropriations
Tuition and
Fees
State and
Federal Grants
2003
183060
Room and
Board and
Sales and
Service, Net
Capital
Appropriations
Other
2002
PAGE 8
Financial Statement Highlights—
Unaudited Pro forma Results (in thousands)
• Increase in net assets per audited financial statements,
June 30, 2003
• Less — Revenue from 10% tuition increase and 5%
enrollment growth
• Pro forma increase in net assets at June 30, 2003 without
necessary budget actions
$ 73,286
(53,900)
$ 19,386
• Fiscal year equivalent student enrollment 2003
132,586
• Fiscal year equivalent student enrollment 2002
126,215
183060
PAGE 9
Financial Statement Highlights—
Operating Expense Breakout (in millions)
$900
$800
$700
$600
$500
$400
$300
$200
$100
$0
Salaries
Purchased
Services
Financial Aid,
Net
Supplies
2003
183060
Repair and
Maintenance
Depreciation
Other
2002
PAGE 10
Financial Statement Highlights—
Cash Flows (in thousands)
2003
2002
$ (549,238)
$ (518,189)
Cash provided by (used in):
Operating activities
Noncapital financing activities
605,198
(1)
623,093 (1)
Capital and related financing activities
(36,411)(2)
3,780 (2)
Investing activities
Net increase in cash
Cash at beginning of year
Cash at end of year
9,574
2,936
29,123
111,620
387,986
276,366
$ 417,109
$ 387,986
(1)
Decrease in cash provided by noncapital financing activities is due to a decrease in appropriations of $9.4 million
and a decrease in private grants of $8.4 million.
(2)
Change between 2002 and 2003 capital and related financing activities mainly relates to an increase in
investments in capital assets of $27,892 and a decrease in proceeds from borrowing of $27,347, netted against
an increase in capital appropriations of $12,230.
183060
PAGE 11
Financial Statement Highlights —
Debt Service Schedule (Principal and Interest)
(in thousands)
$80,000
$70,000
$60,000
$50,000
$40,000
$30,000
$20,000
$10,000
$0
2004
2005
2006
Capital Leases
183060
2007
Revenue Bonds
2008
2009 2013
2014 2018
General Obligation Bonds
2019 2023
2024 2028
2029 2032
Notes payable
PAGE 12
Section II — MnSCU’s Strengths
and Challenges
MnSCU’s Strengths
• Management’s Tone at the Top – do things right!
• GASB 35
– Ability to respond to new accounting pronouncements
– Successful implementation of GASB 35 in 2002
• Strong internal audit function with experienced professionals
• Diverse revenue base from tuition, state appropriations, federal grants,
private gifts and state grants
• Strong asset position
• Retention of key financial reporting and internal audit personnel
183060
PAGE 14
MnSCU’s Challenges
• Structure of the Finance Department and financial reporting
• Decentralized structure – flow of information is critical
• Accounting disciplines and workload – additional individual campus audits
commenced in 2003 (total in 2003 = 14, total in 2002 = 6)
• Maintaining collateral for cash and investments
• Formalized policies for information systems – information protection plans and
application and software change control
• Annual appropriation from the State of Minnesota
– Funding summary in general appropriations
» FY 2002
$602M
» FY 2004
$560M (approved)
» FY 2003
592M
» FY 2005
546M (approved)
– Continued important decisions on who will bear the costs of these decreases
• Liquidity – unrestricted net assets of $129.4 million would be consumed by MnSCU’s
operations in less than two months
• Need for continued recruitment and retention of high-quality individuals within the
Finance and Accounting departments
• Implementation of new GASB Statement No. 39
• Health insurance costs, which totaled $90.4 million in 2003 and $77.5 million in 2002
183060
PAGE 15
Relative Values of Best Practices in Ratings
Fund balance reserve policy/working capital reserves
Very Significant
Multiyear financial forecasting
Significant
Quarterly financial reporting and monitoring
Significant
Contingency planning policies
Influential
Policies regarding nonrecurring revenue
Influential
Depreciation of general fixed assets
Influential
Debt affordability reviews and policies
Very Significant
Pay-as-you-go capital funding policies
Significant
Rapid debt retirement policies of more than 65% in ten years
Significant
Five-year capital improvement plan integrating operating costs
Influential
Financial reporting award (GFOA)
Influential
Budgeting award (GFOA)
Influential
GFOA = Government Finance Officers Association
183060
PAGE 16
Section III — Environmental
Factors Affecting Audit Scope
GAO’s Revised Auditor Independence Standards
• All nonaudit services must meet overarching principles
– Auditors should not perform management functions or make management
decisions
– Auditors should not audit their own work or provide nonaudit services in situations
where the amounts or services involved are significant/material to the subject
matter of the audit
Effective Date
• Amendment released January 25,
2002, effective for nonaudit services
after June 30, 2002 and audit periods
beginning on or after January 1, 2003
• Significant impact on scope of services
— similar to Sarbanes-Oxley
Nonaudit Services Covered
• Basic accounting services
• Appraisal & valuation services
• Internal audit services
• Tax services other than routine
• Information technology services
• Human capital services
183060
PAGE 18
Objectives of the Control Requirements in
Sarbanes-Oxley
• Restore public trust and confidence in the public securities market
• Improve corporate governance and promote ethical business practices
• Enhance transparency and completeness of financial statements and
disclosures
• Ensure that company executives are aware of material information
emanating from a well-controlled environment
• Hold company management accountable for material information that is
filed with regulatory authorities and released to investors
• Achieve new levels of corporate excellence
183060
PAGE 19
Linking Governance to Control Activities
Governance
Missing Link:
Compliance
Program and
Infrastructure
Control Activities
183060
The “missing link” is a compliance
program and infrastructure to measure
and monitor the effectiveness and
alignment between corporate
governance and business unit/functional
control activities to provide a basis for
management’s certification and
assertion.
PAGE 20
Highlights of Corporate Governance
Practices Survey
Number of Audit Committee Financial
*
Experts Per Respondent
Still being
determined,
23%
Three or
more, 8%
None, 3%
One, 42%
Average Number of Audit Committee
Meetings per Year
10
9
8
7
6
5
4
3
2
1
0
*
7.6
4.9
Before
SarbanesOxley
Enactment
After
SarbanesOxley
Enactment
Enactment date of
Sarbanes-Oxley was
July 30, 2003.
Average Duration of Audit Committee
Two, 24%
*+
Meetings
(in hours)
3
2.3
2
* The partners surveyed were not selected using a statistical sampling method.
The results may not be indicative of those that would have been obtained had
a statistical methodology been used to conduct the survey.
+ Includes all types of audit committee meetings (in person, telephone, Web
conferences, etc.).
Source: Deloitte non-statistical survey of 90 largest audit clients
183060
1.5
1
0
Before
SarbanesOxley
Enactment
After
SarbanesOxley
Enactment
Enactment date of
Sarbanes-Oxley was
July 30, 2003.
PAGE 21
Disclosure Controls versus Internal Controls Over
Financial Reporting
Disclosure Controls
• Designed to ensure that required disclosed
information is recorded, processed,
summarized, and reported within the
time periods specified by the SEC.
• Include controls and procedures to help
ensure that the required disclosed
information is accumulated and
communicated to executive management to
allow timely decisions regarding required
disclosure.
183060
Internal Controls
Over Financial Reporting
• Controls that pertain to the
preparation of financial
statements for external purposes
that are fairly presented in
conformity with generally
accepted accounting principles.
PAGE 22
Disclosure Controls versus Internal Controls Over
Financial Reporting
Supplementary
Information
Financial
Statements
Business
Transmittal
Letters
Annual Financial
Report
Notes
Consolidated
Cash Flow
Consolidated
Statement
of Activities
Consolidated
Statement
of Net Assets
Consolidated
Financial
Statements
Disclosure Controls Procedures
Internal Controls Over
Financial Reporting
• New for SEC companies
• New for SEC companies
• Not required for MnSCU
• Long-time requirement for MnSCU
183060
PAGE 23
Why Is Internal Control Important?
OPERATIONS
FINANCIAL
• Promotes efficiency
and effectiveness of
operations through
standardized
processes
• Ensures the
safeguarding of assets
through control
activities
• Promotes integrity of
data used in making
business decisions
• Assists in fraud
prevention and detection
through the creation of
an auditable trail of
evidence
COMPLIANCE
• Helps maintain
compliance with laws and
regulations through
periodic monitoring
183060
PAGE 24
The Committee of Sponsoring Organizations
(COSO) Internal Control Framework
The process to determine whether
internal control is adequately
designed, executed, effective and
adaptive
 Management Analysis
The process which ensures that
relevant information is identified
and communicated in a timely
manner
 Messages from Senior Management
 Policies and Procedures
 Training
 Disclosure Committee
 Internal Audits
The policies and procedures that
help ensure that actions identified
to manage risk are executed and
timely
 Code of Ethics
 Delegation of Authority
 Approvals
 Common Processes and Systems
 Segregation of Duties
 Account Reconciliations
The evaluation of internal and
external factors that impact an
organization’s performance
 Business Risk Management
 Process Risk Management
 Internal Audit Risk Assessment
 Information Technology Controls
The control conscience of
an organization. The
“tone at the top”
 Code of Ethics
 Documented Policies and Procedures
 Cultural Assessment
Endorsed by the AICPA, GAO, and others.
© 1992 by the American Institute of Certified Public Accountants, Inc. Reprinted with permission.
183060
PAGE 25
Implications
Characteristics
Internal Control
Reliability Model
183060
Stage 1:
Unreliable
Stage 2:
Insufficient
Stage 3:
Reliable
Stage 4:
Optimal
• Controls and related policies
and procedures are not in
place and documented.
• A disclosure creation process
does not exist.
• Employees are not aware of
their responsibility for
control activities.
• The operating effectiveness
of control activities is not
evaluated on a regular basis.
• Control deficiencies are not
identified.
• Controls and related policies
and procedures are in place
but not fully documented.
• A disclosure creation process
is in place but not fully
documented.
• Employees may not be
aware of their responsibility
for control activities.
• The operating effectiveness
of control activities is not
adequately evaluated on a
regular basis and the
process is not fully
documented.
• Control deficiencies may be
identified but are not
remediated in a timely
manner.
• Controls and related policies
and procedures are in place
and adequately documented.
• A disclosure creation process
is in place and adequately
documented.
• Employees are aware of their
responsibility for control
activities.
• The operating effectiveness
of control activities is
evaluated on a periodic basis
(e.g., quarterly) and the
process is adequately
documented.
• Control deficiencies are
identified and remediated in
a timely manner.
• Meets all of the
characteristics of Stage 3.
• An enterprise-wide control
and risk management
program exists such that
controls and procedures are
documented and
continuously reevaluated to
reflect major process or
organizational changes.
• A self-assessment process is
used to evaluate the design
and effectiveness of controls.
• Technology is leveraged to
document processes, control
objectives and activities,
identify gaps, and evaluate
the effectiveness of controls.
• Insufficient documentation
to support management’s
certification and assertion.
• Level of effort to document,
test, and remediate controls
is significant.
• Insufficient documentation
to support management’s
certification and assertion.
• Level of effort to document,
test, and remediate controls
is significant.
• Sufficient documentation to
support management’s
certification and assertion.
• Level of effort to document,
test, and remediate controls
may be significant
depending on the company’s
circumstances.
• Implications of Stage 3.
• Improved decision-making
because of high-quality,
timely information.
• Efficient use of internal
resources.
• Real-time monitoring.
PAGE 26
Entity-Level Control Environment
• When does an effective control environment exist?
– When management has communicated to the employees, and when the employees
understand, their responsibilities, authority, and role in creating value to the
company and are committed to acting ethically.
• Characteristics of an effectively controlled entity:
– Competent people
– Positive tone at the top
– Established policies and procedures
183060
PAGE 27