Straight and narrow, Vol. 3, Issue 14 (Oct. 1, 2010)

The STRAIGHT and NARROW

Volume 3, Issue 14

October 1, 2010

Internal Audit & Compliance, Board of Regents of the University System of Georgia. 404-656-2237

Office of Internal Audit & Compliance's (OIAC) mission is to support the University System of Georgia management in meeting its governance, risk management and compliance and internal control (GRCC) responsibilities while helping to improve organizational and operational effectiveness and efficiency. The OIAC is a core activity that provides management with timely information, advice and guidance that is objective, accurate, balanced and useful. The OIAC promotes an organizational culture that encourages ethical conduct.
We have three strategic priorities:

From the Chief Audit Officer John M. Fuchko, III
"The safest ships are the ones that do not sail, but that is not what they are designed for." (Board of Regents of the University System of Georgia, Policy Manual, Section 7.15.1).
The Board of Regents recently approved its first enterprise-wide risk management policy for the University System of Georgia. Assistance and guidance for policy implementation will be forthcoming. However, I would highly encourage readers of this column to read the new policy. The policy is 7.15 Risk Management Policy and can be found at the following URL: http://www.usg.edu/policymanual/ section7/policy/7.15_risk_management_policy/. Effective implementation of the Risk Management Policy requires an effective understanding of the risk categories used in the policy. Those risk categories are summarized in the following exhibit:

1. Anticipate and help to prevent and to mitigate significant USG GRCC issues.

2. Foster enduring cultural change that results in consistent and quality management of USG operations and GRCC practices.

3. Build and develop the OIAC team.

Inside this issue:

From the Chief Audit Officer

1

Is Your Bookstore Meeting the

2/3

New Higher Education Act?

GA 2010 Conference for College 4/5
& University Auditors

Fraud-Prevention Checklist
Fraud Prevention Checklist, Protect the Tax-Exempt Status Protect the Tax Exempt Status
Spotlight ~New Employee Overload Compensation

6/7 We focus on managing "Major Risks" and reporting on "Significant

8 9

Risks" at the System-level. However, we will also be providing system-

10 10

wide assistance and coordination on all aspects of this policy.

11 In closing, please do not hesitate to contact me with questions,

comments, or concerns at john.fuchko@usg.edu or 404-656-9439.

The STRAIGHT and NARROW

Page 2

Is Your Bookstore Meeting the New Higher Education Act? by Scott Woodison

The Higher Education Act, reauthorized in 2008, puts new requirements on institutions to make information available to students concerning the books and other materials that are required in a course. As part of a push to reduce the cost of books and material to students, the new law requires institutions to provide a list of required and recommended texts for their courses, including supplemental materials such as course packs, along with ISBNs and prices.
The law requires that the institution shall "disclose, on the institution's Internet course schedule and in a manner of the institution's choosing, the International Standard Book Number and retail price information of required and recommended college textbooks and supplemental materials for each course listed in the institution's course schedule used for preregistration and registration purposes." The provision of the law went into effect on July 1, 2010.
According to a spokesman for the National Association of College Stores, the new rules have three goals: to provide students more time to shop around for deals on books; to ensure that campus bookstores know before buyback time which books will be used again; and, to allow students to consider the costs of books and other required materials when deciding whether to register for a course. The law calls on colleges and their stores to provide, at preregistration time, ISBNs and textbook prices on the electronic course schedule "to the maximum extent practicable."
The law should also help to reduce costs to students by providing more information to faculty concerning the books they will be using in their courses. The law requires the publisher to provide:
1. The price at which the publisher would make the college textbook or supplemental material available to the bookstore on the campus of such institution of higher education and, if available, the price at which the publisher makes the college textbook or supplemental material available to the public.
2. The copyright dates of the three previous editions of such college textbook, if any.
3. A description of the substantial content revisions made between the current edition of the college textbook or supplemental material and the previous edition, if any.
4. Whether the college textbook or supplemental material is available in any other format, including paperback and unbound.

The STRAIGHT and NARROW

Page 3

Is Your Bookstore Meeting the New Higher Education Act? (cont.) by Scott Woodison

To help keep down the cost of bundled materials where the book is sold as bundle with a CD or other material, the law also provides that: "A publisher that sells a college textbook and any supplemental material accompanying such college textbook as a single bundle shall also make available the college textbook and each supplemental material as separate and unbundled items, each separately priced." This availability of bundled materials will hopefully help improve the value of a used book by making these materials available to a used book purchaser.
The text of the section of the Higher education Act concerning text books is available online at the NACUBO website: http://www.nacubo.org/Documents/Initiatives/ Sec133HigherEducationAct.pdf

The STRAIGHT and NARROW

Page 4

Georgia 2010 Conference for College and University Auditors by Chuck Fell & Joe Hines

On August 2-3, 2010, the Office of Internal Audit and Compliance(OIAC) hosted the first regional conference in Georgia co-sponsored by Association of College and University Auditors (ACUA). USG college and university auditors have common training needs especially in light of the International Standards for the Professional Practice of Internal Auditing:
"Internal auditors should enhance their knowledge, skills, and other competencies through continuing professional development."
The OIAC's goal was to provide a conference focused on professional development for USG auditors and other participants in such a way as to qualify for continuing professional education credits at reduced costs, including costs of registration, travel expenses, and opportunity costs. The OIAC also provided convenient accommodations and shuttle transportation to the conference site, a five-screen view of presentations, a record of presentations on compact disc, and a (personally paid!) Atlanta Braves outing on the first evening for the purposes of networking and relaxation!

The following topics were presented by accomplished professionals and within a variety of conference formats including the most popular format - the panel discussion:
Current perspectives on college and university auditing; state auditing; risk management
Fraud prevention and detection; conflicts of interest; unrelated business income
Developing IT audit plans; auditing information security; data access and analysis

Presenters from outside the University System of Georgia included David McLaughlin, Senior Assistant Attorney General; Russell Hinton, State Auditor; and Scott Stevenson, Director
of Special Projects, Internal Audit Department, Emory University.

During the Georgia 2010 Conference there was extensive networking and discussion among the 51 USG institutional and OIAC auditors, 14 non-USG college and university auditors from the Atlanta area (3 institutions) and the surrounding Southeastern states (5 institutions), and 10 participants from outside the profession of college & university auditing.

The STRAIGHT and NARROW

Page 5

Georgia 2010 Conference for College and University Auditors (cont.) by Chuck Fell & Joe Hines

Eighty-one percent (81%) of USG institutional and OIAC auditors attended the conference. Following are comments from conference participants per the electronic conference evaluation:

Were the stated objectives of the conference met? All of the 49 respondents to the survey answered this question affirmatively. Did the conference deliver relevant and cost-effective CPEs? All of the 35 respondents who answered this question commented "affirmatively."

Comments provided in response to the above question:
"Very cost effective and very interesting topics."
"I especially liked the opportunity to hear from some Academics as well as individuals from other state organizations"
"Superb CPE for the Cost!!"
"The conference material was excellent and the cost-effective delivery was unsurpassed."
"Good choice of topics, good presentations and excellent information."

The Georgia 2010 Conference was well received by all respondents. The Office of Internal Audit and Compliance intends to host the second annual regional conference next year!

The STRAIGHT and NARROW

Fraud-Prevention Checklist

Page 6

Editor's Note: Thank you to the Journal of Accountancy for permission to reprint the checklist below. For more information related to fraud and the complete article, click on the link below:
http://www.journalofaccountancy.com/Issues/2010/Jun/20102852.htm

Fraud-Prevention Checklist
Do you need to size up how vulnerable your company might be to fraud? Ask the following questions. CPAs in public practice can use this list to help clients test the strength of their fraud-prevention and -detection measures.

Is ongoing antifraud training provided to all employees of the organization?
Do employees understand what constitutes fraud?
Have the costs of fraud to the company and everyone in it--including lost profits, adverse publicity, job loss, and decreased morale and productivity--been made clear to employees?
Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that they can speak freely?
Has a policy of zero tolerance for fraud been communicated to employees through words and actions?
Is an effective fraud-reporting mechanism in place?
Have employees been taught how to communicate concerns about known or potential wrongdoing?
Is there an anonymous reporting channel available to employees, such as a thirdparty hotline?
Do employees trust that they can report suspicious activity anonymously and/or confidentially and without fear of reprisal?
Has it been made clear to employees that reports of suspicious activity will be promptly and thoroughly evaluated?

The STRAIGHT and NARROW
Fraud-Prevention Checklist (cont.)

Page 7

To increase employees' perception of detection, are the following proactive measures taken and publicized to employees?
Is possible fraudulent conduct aggressively sought out, rather than dealt with passively?
Does the organization send the message that it actively seeks out fraudulent conduct through fraud assessment questioning by auditors?
Are surprise fraud audits performed in addition to regularly scheduled fraud audits?
Is continuous auditing software used to detect fraud and, if so, has the use of such software been made known throughout the organization?

Is the management climate/tone at the top one of honesty and integrity?
Are employees surveyed to determine the extent to which they believe management acts with honesty and integrity?
Are performance goals realistic?
Have fraud-prevention goals been incorporated into the performance measures against which managers are evaluated and that are used to determine performance-related compensation?
Has the organization established, implemented, and tested a process for oversight of fraud risks by the board of directors or others charged with governance (for example, the audit committee)?
Are fraud risk assessments performed to proactively identify and mitigate the company's vulnerabilities to internal and external fraud?

Does the hiring policy include the following? Past employment verification Criminal and civil background checks Credit check Drug screening Education verification References check

The STRAIGHT and NARROW

Page 8

Fraud-Prevention Checklist (cont.)
Are strong antifraud controls in place and operating effectively, including the fol lowing? Proper separation of duties Use of authorizations Physical safeguards Job rotation Mandatory vacations

Does the internal audit department, if one exists, have adequate resources and authority to operate effectively and without undue influence from senior management?

Are employee support programs in place to assist employees struggling with addiction, mental/emotional health, family or financial problems?

Is an open-door policy in place that allows employees to speak freely about pressures, providing management the opportunity to alleviate such pressures before they become acute?
Are anonymous surveys conducted to assess employee morale?

The STRAIGHT and NARROW

Page 9

Protect the Tax-Exempt Status of Affiliated Nonprofit Organizations
by Michael J. Foxman
Many of our USG institutions are affiliated with organizations that are tax-exempt under Internal Revenue Code Section 501 (c)(3). For example, these organizations may include alumni associations, booster clubs, student sororities and fraternities. Until 2008, most small tax-exempt organizations with annual receipts of $25,000 or less were not required to file an annual tax return (Form 990.) Current tax law now requires small nonprofit organizations to file Form 990-N, an annual electronic notice form, also known as the "e-Postcard." Failure to file this notice or a tax return for three years in a row will lead to automatic revocation of tax exempt status. The e-Postcard is due every year by the 15th day of the 5th month after the close of the tax year. For example, if the tax year ends on December 31, the e-Postcard is due May 15 of the following year. You cannot file the e-Postcard until after the tax year ends.
An organization's gross receipts are considered to be $25,000 or less if the organization:
Has been in existence for one year or less and received, or donors have pledged to give $37,500 or less during the organization's first tax year;
Has been in existence between one and three years and averages $30,000 or less in gross receipts during each f its first two years; or
Is at least three years old and averaged $25,000 or less in gross receipts for the immediately preceding three tax years (including the year for which calculations are being made.)
Gross receipts are defined as the total amounts the organization received from all sources during its annual accounting period, without subtracting any costs or expenses.
The e-Postcard is easy to complete and requires eight items of basic information about the organization. These include:
Employer identification number (EIN), also known as Taxpayer Identification Number (TIN);
Tax year; Legal name and mailing address; Any other names the organization uses; Name and address of a principal officer; Web site address if the organization has one; Confirmation that the organization's annual gross receipts are normally $25,000 or
less; and If applicable, a statement that the organization has terminated or is terminating
(going out of business.)

The STRAIGHT and NARROW

Page 10

Protect the Tax-Exempt Status of Affiliated Nonprofit Organizations (cont.)
If you are a board member or officerboyfMaic5h0a1e(lcF)o(x3m) aonrganization or your school is affiliated with such an organization, you should be familiar with the requirements. NOTE: For tax year 2010, the $25,000 threshold for filing the e-Postcard will go up to $50,000.

For more information about Form 990-N e-Postcard, or about tax return filing requirements for larger 501 (c)(3) organizations, see www.irs.gov/eo.

Spotlight on Sandra M. Evans
Sandra Evans, CPA, CIA, recently joined the Office of Internal Audit and Compliance. Her business experience includes nine years in AT&T Internal Audit, Financial Controller for an AT&T Service Division, Sarbanes Oxley consulting for telecom and medical equipment companies, and personal CFO for a real estate developer. She earned an MBA from Georgia State University and a Masters of Accounting from Kennesaw State University. In their spare time, Sandy and her husband are remodeling a house on Lake Chatuge, a true DIY (Do It Yourself) project. Sandy admits, thus far, they excel in demolition.

The STRAIGHT and NARROW
Overload Compensation by Joe Hines & Matt Harrell

Page 11

With increasing enrollment and difficulty in recruiting the faculty needed to cover all the courses being offered, a faculty workload situation can be created at your institution. These work overload situations result in additional compensation being paid to the involved faculty members. According to the USG Business Procedures Manual (BPM), extra compensation can only be paid to faculty for additional workloads assigned outside of their "home" or regular departments. The BPM section on extra compensation is based on Georgia state law and failure to adhere to the BOR policy can be a violation of state law.
Since Georgia state law prohibits a state employee from having more than one employment contract with the state, the OIAC recommends that faculty contracts include any additional workloads and the corresponding compensation prior to the beginning of a semester in which the faculty member will be teaching an additional course(s).
Obviously a reputational risk related to negative publicity can arise if the institution appears to be in violation of state laws. In addition, failure to comply with the law can result in these payments being judged improper. Collection efforts would then need to be taken to recover the payments.
For more information, please see USG BPM Section 5.3.2 Extra Compensation http:// www.usg.edu/business_procedures_manual/bpm-sect05.pdf and the Official Code of Georgia Annotated 45-10.

Board of Regents of the University System of Georgia Office of Internal Audit & Compliance 270 Washington Street, SW Atlanta, GA 30334-1450
Phone: (404)656-2237
Fax: (404) 463-0699
"Creating A More Educated Georgia"
www.usg.edu

We're on the Web! See us at: http://www.usg.edu/audit/

Ask the auditor: If you have a control or ethics question that has been bothering you, it is a good bet someone else in the system is wondering the
same thing. We invite you to send your question to Karen.lamarsh@usg.edu and we may feature it in the next or future issues of the Straight & Narrow.
Any other comments or questions? Contact Karen LaMarsh at Karen.lamarsh@usg.edu
We are looking for suggestions and feedback.