Monday, March 12, 2012

Auditor General's financial report card for Alberta's post-secondary institutions

Report of the Auditor General of Alberta: A report card on financial controls at Alberta's post-secondary institutions

Alberta Auditor General Merwan Saher released the findings of his Office’s recent financial statements audits of Grant MacEwan University, Mount Royal University, Northern Alberta Institute of Technology, Southern Alberta Institute of Technology and all public colleges. In November 2011, the Office released its findings on the four other Alberta universities.

“This is a report card on financial controls at Alberta’s post-secondary institutions,” said Mr. Saher. “These institutions spend approximately $4.5 billion annually to educate Albertans and help build a knowledge-based economy.”
The Office found a lack of basic financial controls in some institutions - Northern Lakes College, Grant MacEwan University, Alberta College of Art and Design, NorQuest College and Olds College. The report explains the control deficiencies related to internal controls such as financial reporting, enterprise risk management and endowment management.

“The control problems at these institutions often result in significant inefficiencies, can impair the quality of information that management and the board use in decision making and increase the risk of fraud not being detected”, he added.

The report also indicated that several post-secondary institutions have effective control environments - the University of Alberta, NAIT, SAIT and the University of Lethbridge were cited. Grande Prairie Regional College has significantly improved its processes and internal controls over the last two years. These institutions are in a stronger position to continuously adapt and improve their processes and controls for changes in business, regulatory requirements, accounting standards and fiscal pressures.

There are 15 recommendations in this report, 13 of which are new and two are repeated recommendations from previous reports.

The Office of the Auditor General of Alberta independently serves Albertans and their elected representatives by delivering relevant, reliable and reasonable cost audits. The Auditor General Act empowers the Auditor General and his staff to conduct audits, report findings and make recommendations.

Summary of Recommendations in the Report of the Auditor General-March 2012:

Alberta College of Art and Design
Improve risk management systems-Recommendation No. 3, p. 19
We recommend that the Alberta College of Art and Design:

  • finalize its enterprise risk management framework document
  • periodically update and manage the framework as it identifies new potential risks and opportunities
  • enforce compliance with its risk management policy by requiring the president and CEO to periodically report the risks and mitigating strategies to the board

Grant MacEwan University
Improve financial business processes-Recommendation No. 1, p. 13
We recommend that Grant MacEwan University improve its financial business processes by:

  • establishing clearly documented processes and controls
  • developing clear roles and responsibilities and communicating these to staff
  • training staff on the policies, processes and controls relating to their roles and responsibilities
  • implementing monitoring and review processes to ensure staff follow the policies, processes and controls
  • Improve security of PeopleSoft computer system-Recommendation No. 2, p. 15

We recommend that Grant MacEwan University improve the security of its PeopleSoft system
to ensure that the university:

  • uses the system to assign access permissions based on job roles, and properly limit access
  • defines, monitors and enforces rules for segregation of duties
  • authorizes and reviews logs of critical data changes
  • provides appropriate oversight to maintain the integrity of security controls

Keyano College
Improve processes to secure its servers-Recommendation No. 10, p. 29
We recommend that Keyano College ensure all its servers are secure, with up-to-date anti-virus security and software upgrades.

Lakeland College
Review and approve manual journal entries-Recommendation No. 11, p. 30
We recommend that Lakeland College ensure proper review and approval of all manual
journal entries.

Medicine Hat College
Improve enterprise risk management systems-Recommendation No. 12, p. 31
We recommend that Medicine Hat College improve its risk assessment process by:

  • documenting its assessment of risks for their impact and likelihood of occurrence
  • prioritizing the key risks and clearly linking those risks to a program, operational plan or procedures designed to manage and monitor those risks
  • formally reporting the key risks and mitigating actions to the board

NorQuest College
Improve financial internal controls-Recommendation No. 4, p. 22
We recommend that NorQuest College improve its internal controls in the key areas of reconciliation of financial information, approval of invoice payments, review of journal entries and documentation of these controls.

Improve controls over contracts-Recommendation No. 5, p. 23
We recommend that NorQuest College improve its controls over contract management.

Improve controls over donations-Recommendation No. 6, p. 24
We recommend that NorQuest College improve its processes to manage donations.

Improve quality control over year-end financial information-Recommendation No. 7, p. 25
We recommend that NorQuest College improve its quality control processes for preparing its year-end financial information, to improve efficiency and accuracy.

Olds College 
Improve periodic financial reporting-Recommendation No. 8-Repeated, p. 27
We again recommend that Olds College improve its processes and controls over year-end financial reporting.

Restrict privileged access to appropriate staff-Recommendation No. 9, p. 28
We recommend that Olds College segregate privileged systems access from data entry responsibilities and business functions.

Portage College
Follow access controls and remove access promptly-Recommendation No. 13, p. 32
We recommend that Portage College ensure that employees follow its system user-access control
procedures and that management promptly removes access privileges when staff leave.

Develop and test a business resumption plan-Recommendation No. 14, p. 33
We recommend that Portage College fully develop and test a business resumption plan to ensure that it can resume IT services in a reasonable time after a disaster.

Improve controls over bookstore inventory-Recommendation No. 15-Repeated, p. 34

We again recommend that Portage College improve the accuracy of its perpetual inventory system at the bookstore.

No comments:

Post a Comment

Thanks for taking the time to comment. Comments are moderated before being published. Please be civil.

Infinite Scroll