J. Colin Dodds, Ph.D. President

1. J. Colin Dodds, Ph.D.President CAUBO 2007, Track # 1 The Relationship of Management, Auditors, Audit Committees and the Boards working together for better governance. UPEI, Tuesday, June 26th The Audit Committee – Management Perspective 1

2. Audit Committee- a leader for university corporate governance Terms of Reference • The Audit Committee contributes to the overall governance of Saint Mary’s University by promoting a culture of transparency, honesty and ethical behaviour • It is now considered a critical part of university governance Performance • Audit Committee must annually review its mandate and self-assess its performance • Audit Committee takes its work much more seriously than in the past Meetings • more and longer Audit Committee meetings each year with greater documentation Whistle Blowing • Audit Committee has requested that management look at whistle-blowing policy.Our initial survey shows that only 2 of 40 universities currently have such a policy. 2

3. Audit Committee qualifications CICA  All members of the Audit Committee should be financially literate, being defined as able to read and understand basic financial statements, and at least one member of the Committee shall have accounting or related financial management expertise. SMU Audit Committee • appointed by the Board of Governors • all appointees are unrelated Board members, i.e. not ex officio, faculty or students • Audit Committee members are all financially literate and have significant accounting or related financial experience • Chair – CA with 30 years audit experience with KPMG • Two other members – CA with 20 years management experience and an MBA who is head of a large corporation • Four support staff – CA, CMA and 2 CGA’s • Previously there was the perception that the Audit Committee was seen as a Committee to ‘park’ the ‘less’ talented Board Members. 3

4. Risk Assessment SMU Terms of Reference for the Audit Committee requires a review of the overall effectiveness of the managerial process for identifying risks affecting financial reporting • increases onus to demonstrate risk management • management developed a high level description of risks we face on each category • also has the effect of "pushing-down" work onto middle managers where the controls actually exist (or should exist) – risk assessment has to be embedded in all operations • at SMU the Audit Committee has led a move toward a comprehensive inventory of corporate risk – not just risks affecting financial reporting • new Risk Committee established by the Board of Governors,chaired by the head of the Audit Committee 4

5. Risk Assessment – led by Chair of Audit Committee 5

6. Auditor Issues • SMU Audit Committee constantly guarding auditor independence – top priority • Relationship between external auditor and management has definitely changed over the past 5 years or so – a more distant relationship • Management Representations (CICA 5370) • List of representations growing over the years - currently 36 distinct items, e.g. management’s knowledge of fraud activities, compliance with laws and regulations, and recently – representing that SMU has obtained all consents for the use of personal information provided for the auditor’s work • AC interested in a Sox-like management “certification” of internal controls, but has settled for now for a copy of the management representations letter • Expansion of required representations has created more work, but a useful checklist of to do items 6

7. Auditing overload The university is getting audited from all sides • Federal Contractors audit • Granting agencies • Federal Family Education Loan Program • HST audit • IMPACT fund - accountant's report on applied procedures • HRSDC audit • Workers Compensation Board review • CRA audit • Indirect costs of research grant audit • External financial statement audit • Auditor General of Nova Scotia broad scope audit No internal audit to assist with these SMU Audit Committee reviews all audit planning and year-end documents as well as any other reports of the external auditor or any other auditor 7

8. Case study – HST review • HST audit scheduled – to prepare, we engaged an HST consultant from Grant Thornton (also the financial statement auditor) • Preliminary review revealed potential HST liability for non-credit programs in Continuing Education (had been considered an exempt HST supply) • Management decided that Saint Mary’s should voluntarily report the discrepancy, estimated at $400,000 • Working with the consultant, the amount was reduced to $170,000 • Audit Committee was pleased with “tone at the top”, i.e. self-disclosure • However, the AC concerned about auditor independence 8

9. Case study – HST review (continued) • Another HST opportunity came to our attention shortly thereafter • This involved a complex review of SMU capital real property expenditures • Management brought the matter to the attention of the Audit Committee and called for proposals – 3 bids received including one from the audit firm • Selected KPMG this time, using RFP criteria (management would have needed AC approval had we selected Grant Thornton) Result  $244,000 in HST recoveries 9

10. Case study – “Broad Scope Audit ” by the Auditor General of NS Response to $850,000 fraud at Collège de l’Acadie Minister of Education requested OAG to audit the general control environments at Nova Scotia universities. Included a general review of all NS universities but detailed audit work at four institutions: • Saint Mary's University • Dalhousie University • University College of Cape Breton • Université Sainte-Anne Specifically, the Minister of Education wanted… “assurances that the audit procedures and control mechanisms in place are adequate and appropriate to protect tax dollars.” 10

11. Case study – Auditor General scope of audit work AUDIT SCOPE discussed with Audit Committee (limited to Operating Fund) • Determine if Board of Governors, Audit Committee and management have adequate systems for budgeting, internal financial reporting and monitoring • Determine if the Board/Finance Committee are receiving sufficient, appropriate information from management to fulfill their stewardship responsibilities • Assess internal controls over operating revenues and expenditures • Assess policies and systems to control its inventory of computers • Test compliance with the government’s procurement policy • Ensure adequate systems to collect and report reliable enrolment data 11

12. Case study – Auditor General reported results Our audit of the internal control environment over the revenue/receipts and purchases/payment cycles at four universities identified no significant control weaknesses. There is a need at all universities to enhance their business planning processes. Although the universities have clearly documented policies on when payment of student fees are due, we believe that the policies should be more strictly enforced. Procurement transactions tested were in compliance with applicable procurement policies. Processes for the collection and reporting of enrolment data are generally good although we believe that identification of non-Canadians requires improvement at some universities. Concluding Remarks of the Auditor General Overall, our testing and other audit work including review of the external auditors’ working paper files did not reveal any significant weaknesses with respect to the financial management and internal controls at the universities. 12

13. Conclusion From the management perspective, the Audit Committee adds value in several ways: - objective sounding board for financial issues • experience of members outside the university offer a broad perspective • monitor the performance of the firm’s external auditors and audit process Audit Committee should oversee; it should not manage. It needs to retain the "big picture," rather than get buried in detail. Audit Committee is now a critical piece of corporate governance of the university at a time when the latter is assuming a greater role in universities. 13