The Regents of the University of California COMPLIANCE AND

The Regents of the University of California

COMPLIANCE AND AUDIT COMMITTEE

March 18, 2020

The Compliance and Audit Committee met on the above date by teleconference meeting conducted

in accordance with Paragraph 3 of Governor Newsom’s Executive Order N-29-20.

Members Present: Regents Anguiano, Butler, Cohen, Elliott, Estolano, Makarechian, Park,

Sures, Um, and Weddle; Ex officio member Pérez; Advisory member

Bhavnani; Chancellors Christ, Gillman, Hawgood, Khosla, and Yang; Staff

Advisor Klimow

In attendance: Regents Guber, Kieffer, Kounalakis, Lansing, Leib, Napolitano, Ortiz

Oakley, Reilly, Sherman, Simmons, and Zettel, Regents-designate Mart,

Muwwakkil, and Stegura, Faculty Representative Gauvain, Secretary and

Chief of Staff Shaw, General Counsel Robinson, Chief Compliance and

Audit Officer Bustamante, Provost Brown, Executive Vice President and

Chief Operating Officer Nava, Interim Executive Vice President and Chief

Finance Officer Jenny, Senior Vice President Holmes, Chancellor Block,

Interim Chancellor Brostrom, and Recording Secretary Johns

The meeting convened at 12:00 p.m. with Committee Chair Elliott presiding.

1. APPROVAL OF MINUTES OF PREVIOUS MEETING

Upon motion duly made and seconded, the minutes of the meeting of January 23,

2020 were approved, Regents Anguiano, Butler, Cohen, Elliott, Estolano, Makarechian,

Park, Pérez, Sures, Um, and Weddle voting “aye.”

2. APPROVAL OF EXTERNAL AUDIT PLAN FOR THE YEAR ENDING JUNE 30,

2020

The President of the University recommended that the PricewaterhouseCoopers (PwC)

external audit plan and fees for the University for the year ending June 30, 2020, as shown

on page 6 of Attachment 1, be approved.

[Background material was provided to Regents in advance of the meeting, and a copy is on

file in the Office of the Secretary and Chief of Staff.]

PricewaterhouseCoopers (PwC) representative Will Cobb stated that the scope of work

proposed in PwC’s external audit plan for the University for fiscal year 2020 was consistent

with the scope of the audit for the 2019 fiscal year. The most significant elements of the

plan were the audit of the University, each of the five medical centers, the UC retirement

Roll call vote required by the Bagley-Keene Open Meeting Act [Government Code §11123(b)(1)(D)] for all meetings

held by teleconference.

COMPLIANCE AND AUDIT -2- March 18, 2020

system, and the Office of Management and Budget Uniform Guidance audit for federal

grants and contracts. He anticipated that the current public health crisis would have a

financial impact on the University, and this would inform PwC’s risk assessment, but it

was still premature to speculate what this impact might be. The timing of the audit plan

work was consistent with the work in the prior year, as was the composition of the audit

team. The Committee would be informed of any significant changes in timing, scope of

work, or other areas.

Committee Chair Elliott recalled that, in past years, a certain percentage of the University’s

audit work was subcontracted to smaller, minority- and women-owned auditing firms. He

asked if this was the case this year. Mr. Cobb responded that PwC did not have this

provision in its contract with UC. Associate Vice President Peggy Arrivas explained that

the University has subcontracted for certain audit services with a minority firm. UC had a

five-year contract with that firm. That contract was not included in this external audit plan

approval.

Upon motion duly made and seconded, the Committee approved the President’s

recommendation and voted to present it to the Board, Regents Butler, Cohen, Elliott,

Estolano, Makarechian, Pérez, Sures, Um, and Weddle voting “aye.”

3. UPDATE ON SYSTEMWIDE AUDIT OF ADMISSIONS

[Background material was provided to Regents in advance of the meeting, and a copy is on

file in the Office of the Secretary and Chief of Staff.]

Chief Compliance and Audit Officer Bustamante began the update on the systemwide audit

of undergraduate admissions by the Office of Ethics, Compliance and Audit Services

(ECAS). ECAS had issued its Phase 2 findings for this audit on February 14. The

University initiated this audit in response to the nationwide college admissions scandal.

The audit comprised two phases. Phase 1, completed in June 2019, assessed UC’s process

for admissions and produced 34 recommendations to strengthen controls and reduce the

risk of admissions fraud. ECAS began Phase 2 shortly thereafter. The primary objective of

Phase 2 was to evaluate the effectiveness of controls that were identified during Phase 1.

ECAS then did sample testing, focusing on high risk areas, and attempted to perform data

analysis on the demographic characteristics of students admitted by exception and on the

basis of special talents. ECAS was able to carry out this analysis for admissions by

exception but not for special talent admissions.

Systemwide Deputy Audit Officer Matthew Hicks discussed the Phase 2 findings,

organized in four areas. The first area was documentation. The sample testing of

admissions by exception and special talent admissions indicated that there was inadequate

documentation supporting admissions decisions and approvals, including an inadequately

documented rationale for admissions by exception. ECAS also found instances of

inadequate documentation supporting admission for special talent. The second area was

application verification. An annual application verification process is performed by the UC

systemwide admissions office, which verifies academic and non-academic achievements

COMPLIANCE AND AUDIT -3- March 18, 2020

of a limited sample of applicants through use of a third-party contractor. In its testing of

the application verification process, ECAS found that there was often insufficient

documentation on file to demonstrate appropriate verification of application information.

ECAS also found instances in which applicants were granted excusal from the verification

process with insufficient follow-up or action such as requesting documentation of

alternative items. The third area was access to admissions information technology systems.

ECAS found deficiencies in controls over access to systems. Campuses had inadequate

mechanisms to monitor access. In sample testing of system users, ECAS identified users

with access who no longer required access and users with access even though it did not

align with their job responsibilities. The fourth area was tracking and monitoring of certain

categories of admissions. Campuses were not systematically tracking special talent

admissions in a centralized manner. ECAS was unable to identify the full population of

special talent admissions and unable to perform data analysis on this admissions category.

ECAS found instances of admissions by exception that were not properly categorized.

These deficiencies in tracking and monitoring, in particular for special talent admissions,

indicated that management was not currently able to provide accurate and reliable

information on this category of admissions.

The audit work in Phase 2 identified an additional 14 recommendations, which

supplemented those identified in Phase 1. In accordance with standard UC internal audit

practice, each campus had identified Management Corrective Actions (MCAs) to address

each recommendation. ECAS’ Internal Audit program would follow up on MCAs to ensure

that they have been appropriately implemented. ECAS was currently validating

implementation of the Phase 1 recommendations and would perform a similar verification

for the Phase 2 recommendations in the coming summer. The California State Auditor had

also initiated its audit of UC admissions. The University had provided the State Auditor

with full access to its own audit documentation. The State Auditor’s report was expected

to be released in August.

Committee Chair Elliott asked how the University’s audit was coordinated or aligned with

the State audit. Mr. Hicks responded that the scope of the UC audit included many of the

same areas reviewed in the State audit. UC had provided the State Auditor with full access

to its work papers. The State Auditor had indicated that it would use this material in order

to reduce redundant requests for information.

Committee Chair Elliott commented that he was troubled by the findings of this audit.

There was more work to be done on campuses to implement the recommendations resulting

from the University’s audit, and there would be work to follow up on findings that would

result from the State Audit. He thanked ECAS for speaking with key legislators involved

in the State audit request to make them aware of UC’s actions and how seriously the

University was taking this matter.

Regent-designate Muwwakkil asked about the circumstances of special talent admissions

and how it was that data were lacking on special talent admissions. Mr. Hicks responded

that special talent was one of a number of factors considered in UC’s comprehensive

review process for applicants. ECAS examined this area because of the fraud risk

COMPLIANCE AND AUDIT -4- March 18, 2020

associated with special talent as a consideration for admissions decisions. There was no

existing systemwide policy or process for special talent in admissions. ECAS asked about

verification, documentation, and who was recruiting special talent applicants, and found

limited controls in this area. There was some degree of tracking of special talent

admissions, usually at the departmental level, but no centralized tracking. For this reason,

ECAS was not able to perform data analysis on numbers or demographics.

Regent-designate Muwwakkil asked how the process of special talent admissions

functioned when a department wished to recruit a specific student. Mr. Hicks responded

that all admissions decisions go through the comprehensive review process, which involves

the admissions office. A recommendation can be made for admission on the basis of special

talent. There was generally a standard process on each campus for these admissions, with

final approval by the admissions director. In response to another question by Regent-

designate Muwwakkil, Mr. Hicks confirmed that these offices had not been keeping any

centralized records of this category of admissions, whether approved or denied.

Regent Butler asked if, in addition to the recommendations resulting from this audit, ECAS

was making any recommendations for reducing the categories of exceptions being made in

admissions. Mr. Bustamante responded that Academic Affairs at the Office of the President

was examining these categories and considering how these processes could be

strengthened. ECAS would like to see better documentation, segmented responsibilities,

and effective controls that could be tested at some point in the future. Regent Butler

suggested that this topic be taken up by the Academic and Student Affairs Committee.

Provost Brown agreed with this suggestion. Committee Chair Elliott also concurred with

the suggestion and remarked that he was troubled by the fact that data were not available

on the demographics of individuals admitted by exception.

Regent Makarechian asked about the lack of documentation for special talent admissions.

He referred to the audit report, which noted that Assembly Bill 1383 requires that each

student admitted to the University by exception be approved by a minimum of three senior

campus administrators, yet, in some circumstances, the University was using outside

contractors for verification. He requested clarification of this last point. With regard to the

first question, Mr. Hicks responded that ECAS had found, not across the board, but several

instances of inadequate documentation on file to support special talent admissions. ECAS

was not able to determine whether there had never been any documentation or

documentation had not been retained. In a few cases, music departments had not retained

documents related to auditions that are part of the special talent admissions process. ECAS

recommended that these special talent admissions records be retained in alignment with

UC records retention standards, which require that such records be retained for five years

for matriculated students. The third party or outside contractor mentioned in the report

performed systemwide verification of applications information, which was separate from

the campus-based verification of special talent. In this process, the third party selects

specific items in an application, such as work experience, and requests supporting

documentation from the applicant.

COMPLIANCE AND AUDIT -5- March 18, 2020

Regent Makarechian expressed concern about the fact that applications with falsified

information had not been detected by the verification process, in particular at UCLA.

Mr. Bustamante responded that two different tracks were being pursued by UC in response

to this situation. One, directed by ECAS, was focused on admissions processes and how to

strengthen them. Investigations of individual cases were being carried out by the Office of

the General Counsel, which could answer questions on these specific cases.

Regent Makarechian stated that no action had been taken. Mr. Bustamante disagreed. The

University was taking action through two different tracks. One was an investigation being

undertaken by the Office of the General Counsel into individual cases. ECAS had been

tasked with examining admissions processes and determining how to strengthen the control

environment so that it would become much harder for individuals to abuse the system.

Individual matters at UCLA were not within the purview of ECAS but being addressed by

the Office of the General Counsel.

Regent Makarechian asked to what extent certain recommendations made by ECAS in the

report had been implemented. Mr. Hicks responded that ECAS had a standard process for

all its recommendations. ECAS works with campuses to identify appropriate corrective

actions and target dates. When management reports that it has implemented a

recommendation, ECAS auditors verify this. There was a standard follow-up process.

Regent Makarechian expressed concern about fraudulent statements of student status and

changes made to status through inappropriate access to information technology systems.

Mr. Hicks responded that ECAS had not found evidence of fraudulent changes. ECAS

identified gaps in internal controls, which could provide opportunities for bad actors, and

it found excessive access to systems, beyond what certain individuals required. ECAS

made several recommendations: to perform a one-time cleanup of access, institute periodic

monitoring of access, and ensure that there is robust process for granting access.

Regent Makarechian asked if ECAS’ specific recommendations regarding access to

admissions information technology systems, as stated in the report, had been implemented.

Mr. Hicks responded that ECAS was currently validating implementation of the first set of

recommendations from Phase 1 of the audit, which were targeted for March. The second

set, with a target date at the end of July, would be verified at that time.

Regent Weddle expressed concern about the equity implications of the audit findings of

insufficient controls in admissions. She asked how national best practices or best practices

of other institutions informed the recommendations. Mr. Bustamante responded that the

University’s audit of its admissions was unique. Most institutions performed individual

investigations, which were privileged, and some carried out limited auditing of some

admissions procedures. He was not aware of any other college or university that went to

the lengths that UC did to examine its entire admissions system. He recalled that, in recent

the college admissions fraud scandal, attention was initially focused on undergraduate

admission slots for student athletes, which was a small percentage of the overall admissions

process. The University reviewed its entire system and diagnosed issues in order to

strengthen the system overall and prevent fraud. This effort was unique in higher education.

COMPLIANCE AND AUDIT -6- March 18, 2020

When corrective actions resulting from this audit were implemented, the University would

be better able to address these issues.

Regent Weddle hoped that, as UC emerges as a model for tighter controls and robust

review, it would share its experiences with other institutions. Mr. Bustamante responded

that UC often collaborates with other institutions. If other institutions have questions about

this audit, UC would provide answers and information. UC’s general posture is to share

knowledge with and learn from other institutions.

Provost Brown commented that special talent admissions are generally UC-eligible

students. Special talent is an admissions criterion. He acknowledged that the University

should have greater clarity about the range of its admissions categories. In response to a

question by Committee Chair Elliott, he clarified that applicants who are identified as

having a special talent are for the most part UC-eligible students; some are admitted by

exception.

Regent Makarechian referred to a chart in the audit report showing the percentage of

enrolled students from fall 2017 through winter 2020 who were admitted by exception. The

total number of enrolled students was 204,350; the number of these students who had been

admitted by exception was 3,409. He expressed concern about the fact that students who

were UC-eligible were not being admitted in favor of these students. He asked if UC had a

thorough review process to determine the special talents of applicants. He stressed that UC

might have rejected students who were academically better qualified. Provost Brown stated

that the University needed tighter controls in this area.

Regent Reilly asked if students admitted by exception met UC’s minimum requirements or

if the exception in their case was being admitted without meeting these requirements.

Mr. Hicks responded that this was the exception. These students could not document or

demonstrate that they met minimum requirements, such as A-G course work, the minimum

GPA requirement, or taking standardized tests.

Regent Reilly asked what the criterion was for admitting these students or if there was no

criterion. Mr. Hicks responded that Regents Policy outlines general criteria for

undergraduate admissions. The University sets aside a certain percentage allocation for

disadvantaged students, and the Academic Senate has further defined the rationale for

admissions by exception. The audit work had found that, in specific instances, that rationale

was not properly documented. The audit recommendations included recommendations for

improving guidance, policy, and documentation of admissions by exception and the

rationale for such admissions.

Committee Chair Elliott remarked that the information from this audit raised the question

of what percentage of students admitted by exception were disadvantaged and how many

were not.

Regent Reilly stated that she was surprised that the University did not have a policy

explicitly outlining criteria for admissions by exception systemwide. Mr. Hicks responded

COMPLIANCE AND AUDIT -7- March 18, 2020

that there was guidance that defined such criteria, but it was not always clear which criteria

were applied in specific cases.

Regent-designate Muwwakkil noted that, while it was desirable that applicants with special

talents also have minimum eligibility, minimum eligibility was not necessarily

competitive. He asked about specific criteria or a consistent standard for what qualified as

special talent, why UC did not appear to have such criteria or such a standard, and if the

University should tighten up these standards in the future. Mr. Hicks responded that Phase

1 of the audit found that there were no criteria for documentation and verification in cases

of special talent admissions. One of the audit recommendations was that campuses

establish a formal requirement for documented verification of special talent. ECAS

believed that implementation of this recommendation would help establish more

consistency and better control.

Regent Pérez stated that campuses needed to identify the criteria they were using and

explain how they test for special talent. This was not merely a matter of checking boxes on

a form. Another important question was how many students among those admitted by

exception were disadvantaged. There must be clarity about what these disadvantages are,

such as attending a high school that does not offer the A-G courses necessary to

demonstrate certain academic skills. Regent Pérez recalled earlier concerns about

admissions for out-of-state students. As campuses calculated adjustments to the GPA for

these students, they did not do a good enough job of capturing the adjustments. The

University asserted that, both individually and as a whole, the out-of-state students were at

least as competitive as California resident students, but UC must be able to demonstrate

this and do a better job of showing the calculations for any adjustments it makes and what

the tests are that can guarantee the integrity of these judgment calls. The University should

hold itself to the highest standards and be able to defend any admissions decisions that are

exceptions from the standard process.

Regent Weddle observed that the recommendations resulting from the audit pertained to

how criteria are applied and documented. This discussion had also raised questions about

the criteria themselves. She suggested that there be a more detailed discussion at a future

meeting about these criteria, including the questions of whether these criteria promote

equity, make sense, or are objective. President Napolitano asked that this be taken up by

the Academic and Student Affairs Committee at a future meeting. Committee Chair Elliott

agreed with the President’s suggestion.

The meeting adjourned at 12:45 p.m.

Attest:

Secretary and Chief of Staff

Report to the Committee on

Compliance and Audit

FY2020 audit plan

Regents of the University of California

March 17,2020

Attachment 1

PricewaterhouseCoopers LLP, Three Embarcadero Center, San Francisco, CA 94111-4004

T: (415) 498 5000 F: (415) 498 7100

February 19, 2020

Dear Members of the Committee:

We are pleased to have the opportunity to present our FY2020 Audit Plan

for Regents of the University of California (the “University”). The

information included in this report allows you to understand the

judgments we have made in planning and scoping our audit procedures.

This report includes information covering various considerations around

the audit approach and trending topics.

This report was prepared based on information obtained from meetings

with management, our knowledge of the University, our consideration of

the operating environment and our risk assessment procedures. Our audit

approach will remain flexible and responsive to the University’s

environment. Any significant changes to our audit plan will be discussed

with the Committee on Compliance and Audit at a future meeting.

We look forward to presenting this report, addressing your questions and

discussing any other matters of interest. Please feel free to contact me at

[email protected] with any questions you may have.

Very truly yours,

Will Cobb

Engagement Partner

This report and the information that it contains is intended solely for the information and use of the Committee on

Compliance and Audit of the Regents of the University of California and should not be used by anyone other than

these specified parties.

Table of contents

Audit approach

Audit objective

Risk assessment process and results

Scoping

Client service team

Timeline and communication plan

Other required communications

Trending topics

Audit approach

Audit objective

Audit approach

As the University’s auditor, we are responsible for reporting

on numerous financial statements.

Our audit engagement is directed toward delivering our

services at three levels:

Our audit does not relieve management of its responsibilities

with regard to the financial statements.

For

stakeholders

Independent opinions and reports that

provide assurance on financial information

released by the University

For the

Committee

Assistance to the Committee in discharging

its governance compliance responsibilities

For

management

Observations and advice on financial

reporting, accounting and internal control

issues from our professionals, including

sharing experience on industry best practices

In performing our audits for 2020, our primary objectives are as follows:

• Opine on the University of California financial statements, University of California Retirement

System financial statements, including the University defined benefit retirement plans,

University retirement savings program and report on the University of California Retirement

Plan’s Schedule of Cash Contributions, and each of the five University Medical Centers, in

accordance with generally accepted auditing standards (GAAS) and, as applicable, Government

Auditing Standards (GAGAS).

• In connection with our audits, we will obtain reasonable rather than absolute assurance about

whether the financial statements are free of material misstatement, whether caused by error or

fraud.

• Perform an audit of the University’s compliance with federal award requirements in accordance

with OMB Uniform Guidance.

• Communicate in writing to management and the Committee all material weaknesses and

significant deficiencies identified during the audit. In addition, communicate in writing to

management all deficiencies in internal control of a lesser magnitude identified during the audits.

• Pursuant to professional standards, communicate certain other matters to the Committee on a

timely basis.

Audit objective

Audit approach

PwC Services and Related Deliverables to the University

• Audit reports

• Report on the financial statements

of the University of California

• Report on the financial statements

of each of the five Medical Centers

• Report on the University of

California Retirement System

• Report on the University of

California Cash Contributions to the

Retirement System

• Reports on federal awards in

accordance with OMB Uniform

Guidance

• Internal Control Observations

• Report to the Committee on control

and process deficiencies and

observations, including material

weaknesses and significant

deficiencies (Regents Letter)

• Reports to the campus Chancellors

on control and process deficiencies

and observations (Chancellor

Letters)

• Other Services

• Agreed-upon Procedures on

Intercollegiate Athletic

Departments (NCAA requirements)

for two campuses

• Review of consolidated Form 990-T

of the Regents of the University of

California and University of

California Retirement Plan

• Procedures in connection with bond

offerings

• Accounting consultations and other

assistance associated with emerging

accounting and reporting issues and

complex transactions

• Committee Reporting

• Audit and communications plan

• Results of audits and required

communications

We note that the campus foundations, Fiat Lux Risk and Insurance Company (“Fiat Lux”), and

the Benioff Children’s Hospital of Oakland have separate audits of their financial statements

and the auditor’s reporting on those organizations are directed to their respective audit

committees. Accordingly, this Audit and Communications Plan is not focused on the specifics of

these entities.

In conjunction with our service in providing audit services to the University, we also provide

certain other audit and attest services to the University. Refer to the table below for a listing of

services and related deliverables we expect to provide. Prior to commencing any non-audit

related services, we are required to obtain preapproval from the Committee or the Committee’s

designee pursuant to the University’s preapproval policy for its independent auditor. Our 2020

proposed fee of $4,653,646 is inclusive of all out-of-pocket expenses which is consistent with

our fee commitment agreed in 2016 as included in the professional services agreement signed

on April 21, 2016 (inclusive of subsequent amendments).

Approach and definitions

Our audit approach is based on the following principles:

• The use of a top-down, risk-based approach

• The application of well-reasoned professional judgment

These principles, with the application of materiality, allow us to develop and execute our

audit approach in an effective and efficient manner. The results of our risk assessment

include the identification of audit risks and also drives the identification of significant

accounts.

Risk assessment process and results

Audit approach

We evaluate audit risks as defined below:

Significant – requires special audit consideration in terms of the nature,

timing or extent of testing (or in other respects) due to the risk’s nature, likely

magnitude of potential misstatement, and/or likelihood of that risk occurring -

including the possibility that the risk may give rise to multiple misstatements.

Elevated – requires additional audit consideration beyond what would be

required for a normal risk, but which does not rise to the level of a significant

risk because of the nature, likely magnitude of the potential misstatements

and/or the likelihood of the risk occurring.

Normal – relates to the relatively routine, non-complex transactions that tend

to be subject to systematic processing and require little management judgment.

Although a risk of material misstatement exists, there are no special factors

related to the nature, the likely magnitude of the potential misstatements or the

likelihood of the risk occurring.

We have outlined below the significant risk identified based on our preliminary risk

assessment process, together with our planned audit response.

Risk Related accounts

Management Override of Controls

Pervasive

Planned audit response

We consider the incentives, pressures, and opportunities for management to commit

fraud. We evaluate the design of internal controls as well as perform substantive tests of

details for significant risk areas including testing journal entries, any significant unusual

transactions, and evaluate estimates and assumptions utilized by management that

could have a material impact on the financial statements. We will incorporate elements

of unpredictability into our audit and conduct fraud inquiries of a number of individuals

throughout the University.

Other Areas of Audit Focus

Risk assessment process and results

Audit approach

In addition to the significant risk identified above, we have identified the areas below that

are not considered significant or elevated risks but are areas of focus during the audit due

to materiality of the balance or complexity/judgment involved in the accounting. Such

audit areas are subject to material accounting policies and/or judgments and are

considerations as we develop our current year audit approach.

• Accounting and reporting for actuarially determined estimates (retirement plans and

retiree health benefit obligations)

• Determination of which entities are to be included as component units under GASB

reporting guidelines due to their significance and the nature of the University’s

relationship with the entities

• Accounting for receivables and allowances such as pledges and medical center

receivables

• Valuation of certain alternative investments

• Capitalization of fixed assets, particularly related to construction activity

• Notes, bonds payable and commercial paper liabilities

• Presentation and disclosure of the financial statements

• Treatment of related party transactions with the University, as applicable to the

separately-issued financial statements of the medical centers and benefit plans

• Implementation of GASB 84 Fiduciary Activities (see Trending Topics section)

Uniform Guidance Reporting and Compliance Risk

Although not considered a significant risk from a financial reporting standpoint, we also

focus our audit procedures on regulatory compliance, including federal grants, and

continued focus on compliance processes and controls over the University’s federally

sponsored research, financial aid, and other programs. These procedures are performed

in connection with our OMB Uniform Guidance audit. The responsibilities surrounding

the federal monies received bring about reputational risk and potential regulatory

ramifications were there to be non-compliance with federal regulations.

Scoping

PwC has adopted a consistent approach for our audit procedures at all University and University

related entities. We have developed standardized reporting templates and common audit

programs and approaches to achieve consistency and effectiveness. As a result, our reporting

structure allows for local teams who understand the unique aspect of each entity but who work

within the framework of a common reporting structure.

We have taken the following steps to ensure the overall quality of audit engagement:

• Prepared and communicated a centrally determined audit scope and plan.

• Established a framework for continuous communications throughout our engagement teams.

• Adherence to engagement timelines to achieve your reporting objectives.

The multi-location engagement team is aligned to the University’s geographical organization and

mirrors the management control structure of your organization. This structure, coupled with

centralized engagement management, leverages the expertise of our local professionals who can

respond directly to questions at each location. The following depicts the organization and flow of

information among the different component audit teams.

Financial statement scoping

Audit approach

Scoping

Office of the President and Office of the Chief Investment Officer – Audit procedures

are performed as necessary at these locations in order to opine on the financial statements of the

University. We also take into consideration in our audit scope for these locations the

requirements of the medical centers audits, the UCRS audit and the audits of the campus

foundations. In particular, the investment work we perform at the Office of the Chief Investment

Officer has a wide-sweeping impact on the various University components.

Medical Centers and UCRS - As described throughout this document, we perform audits of

the stand-alone financial statements for the five medical centers and the University Retirement

System which consists of multiple benefit plans. We rely on those stand-alone audits for purposes

of the audit of the University’s financial statements and fiduciary fund financial statements.

Campuses – We perform specific audit procedures at the campus locations as needed to

achieve sufficient coverage to express an opinion on the University’s financial statements. We are

in the process of determining which locations will be in scope in the current year.

Foundations – The audits of the campus foundations are performed by separate foundation

audit teams. However, as the combined financial statements of the campus foundations are

presented discretely in the University’s financial statements, we coordinate with and rely upon

the work performed by the campus foundation teams.

At each location, our engagement teams have established local points of contact to facilitate the

completion of scheduling and planning to support local audit requirements as well as discussion

of issues of local interest.

Financial statement scoping

Audit approach

Client service team

Audit approach

Will Cobb

Lead Engagement Partner

Kristen Rivera

Senior Relationship

Partner

Christa Dewire

Quality Review Partner

Denise Rigli

Process Assurance

Director

Tom Ciccollela

Investments Partner

Gwen Spencer

Tax Partner

Erica McReynolds

Tax Director

Jonathan Schiffer

Retirement Plans Manager

Brittany Neilson

Process Assurance

Manager

Michael MacBryde

Medical Centers Partner

Sara Hyzer

Medical Centers Partner

Scott Dudzik

Director

Jason Boyce

Investments Director

Kaylie Rossi

Government Compliance

Senior Manager

Filip Nowak

Lead Director

Chris Cox

Higher Education Sector Leader

Tim Weld

Healthcare Sector Leader

Martha Garner

National Technical Accounting -

Higher Education and Healthcare

Kathy Grover

Uniform Guidance Government

Compliance Specialist

Client service team

Audit approach

Specialists

The University operates in a highly complex environment, requiring additional expertise

beyond traditional audit resources. During the course of our audits, we will utilize

functional experts to evaluate key areas of your business risks— such as the valuation of

self-insured risks and insurance accruals, the valuation of pension and postemployment

benefit obligations, valuation of certain investments, and third party settlements.

Drawing upon their best practice knowledge, our team will provide points of view related

to your business, industry and regulatory compliance. These specialists also will ensure

that we have the right resources to achieve our audit objectives. Accordingly, our PwC

engagement team will include the following specialists who will work with our audit

teams and management at your business units to assist us in executing our audit:

Timeline and communication plan

The table below outlines our expected timing of communications and planned audit procedures.

In addition, we may communicate with you more frequently, if and when significant matters arise.

March

Planning

• Meet with management to understand the University’s

activities and assess risk; and obtain update of

operating plans and activities

•

Assess significant audit risks and materiality

•

Complete preliminary scoping of accounts, processes

and locations

•

Meet with the Committee to discuss service plan

•

Coordinate with PwC engagement teams and

issue instructions for the audits of the University and

Medical Center financial statements and benefit plans

and Uniform Guidance testing procedures

October -

February

April -

September

Execution

•

Ongoing consultations on significant issues and

developments

•

Perform understanding and testing of internal

controls

•

Evaluate

nature, timing and extent of substantive

procedures based on controls testing

•

Perform interim and year end audit procedures

for both financial statements and Uniform

Guidance audits

Audit approach

Risk assessment

and scoping

Detailed planning

Interim testing

(controls and

substantive)

Year-end testing

Completion

•

Issue audit opinions and related

financial statements

•

Meet with the Committee to

communicate results of year-end

audit and internal control

recommendations

•

NCAA Agreed-upon Procedures on

Intercollegiate Athletic

Departments

•

Issue Report on Uniform Guidance

Compliance

Other required communications

We are required to make certain inquiries of the

Committee on Compliance and Audit related to

fraud risks. In addition, as part of our overall

response to fraud risk, we incorporate

unpredictability into our audit by modifying the

nature, timing and extent of

our procedures.

Fraud

Fraud is a broad legal concept and auditors do

not make legal determinations of whether fraud

has occurred. Rather, the auditor's interest

specifically relates to acts that result in a material

misstatement of the financial statements. The

primary factor that distinguishes fraud from

error is whether the underlying action that

results in the misstatement of the financial

statements is intentional or unintentional. The

following two types of misstatements are

relevant to the auditor's consideration of fraud:

Fraud items for discussion:

• Programs and controls in place

to mitigate the risk of fraud and

error

• Specific concerns about the risk

of fraud or error

• Any actual, alleged or suspected

fraud

• Oversight of the assessment of

fraud risks and mitigating

controls

• Violations or possible violations

of law

• Nature and extent of

communications about

misappropriations by lower level

employees

• Other matters relevant to

the audit

Misstatements arising from

fraudulent financial reporting are

intentional misstatements or omissions

of amounts or disclosures in financial

statements designed to deceive financial

statement users where the effect causes

the financial statements not to be

presented, in all material respects, in

conformity with generally accepted

accounting principles (GAAP).

Misstatements arising from

misappropriation of assets

(sometimes referred to as theft or

defalcation) involve the theft of an

entity's assets where the effect of the

theft causes the financial statements not

to be presented, in all material respects,

in conformity with GAAP.

Audit approach

Other required communications

Independence

There were no relationships or other matters identified that might

reasonably be thought to bear on independence.

In accordance with the AICPA’s Code of Professional Conduct, we are

required to communicate a breach of external independence requirements

to you as soon as possible or in line with a communication protocol that is

confirmed in writing. As of the date of this report, we are not aware of

any breach of external independence requirements since the time of

our last meeting.

Non-compliance with

laws and regulations

and illegal acts

We are not aware of any instances of non-compliance with laws and

regulations. We are not aware of any potential illegal acts.

Significant issues

discussed with

management

prior to

appointment or

retention

There were no significant issues discussed with management in

connection with the retention of PwC.

Materiality

We determine the materiality level for the financial statements as a

whole for purposes of (1) identifying and assessing risks of material

misstatement and (2) for determining the nature, timing and extent

of audit procedures. We consider both quantitative and qualitative

factors in our assessment of materiality. We also assess the metrics

used by the users of the financial statements in determining the

appropriate basis for calculating materiality. The benchmark we use

to calculate materiality varies based on the audit being performed.

For the University’s financial statements, we use total assets as our

benchmark. Industry practice is to apply a percentage to this

benchmark of total assets to calculate overall materiality.

For the University’s medical centers’ financial statements, we use

total operating revenues as our benchmark. Industry practice is to

apply a percentage to this benchmark of total operating revenues to

calculate overall materiality.

For the University’s benefit plans, we will use fiduciary net position

as our benchmark for the Defined Benefit Plans and UCRSP, and

total deductions from net position for the UCRHBT. Industry

practice is to apply a percentage to these benchmarks to calculate

overall materiality.

Obtain information

relevant to the audit

We will inquire of the Committee on Compliance and Audit about

whether it is aware of matters relevant to the audit and about the

risks of material misstatement.

Audit approach

Audit results