THE PENNSYLVANIA STATE UNIVERSITY BOARD OF TRUSTEES
COMMITTEE ON AUDIT AND RISK

MINUTES OF MEETING
VOLUME AR 20

February 14, 2019

A telephonic meeting of the Committee on Audit and Risk (the Committee) of the Board of Trustees was held, on Thursday, February 14, 2019 10:45 a.m. The meeting was held pursuant to notice which was mailed to each of the members.

The following members, constituting a quorum were present (telephonically): Walter C. Rakowich, Chair (presiding); Edward “Ted” B. Brown; Donald G Cotner, Mark H. Dambly, and Brandon D. Short. Present staff included: President Eric Barron (telephonically), David J. Gray, Joseph J. Doncsecz, Daniel P. Heist, Michael J. Kubit, Gary W. Langsdale, Stephen W. Dunham, and Donald J. Welch. Constituent representative, Nicholas Rowland, was present via the phone. Also in attendance from the audit firm Deloitte & Touche LLP were John Neary (telephonically), Edward Krzemien, and Jill Strohmeyer.

Chair Rakowich called the meeting to order.

A. Approval of minutes from October 23, 2018 meeting

The Committee voted and approved the minutes of the October 23, 2018 meeting.

B. Roles and Responsibilities Matrix

Dan Heist reviewed the Roles and Responsibilities Matrix and noted that the Committee was on track for the year. He also noted that some items previously covered are now informational items for the Committee.

C. Review Deloitte June 30, 2018 Management Letter

Joe Doncsecz reported on Deloitte’s Management Letter which included eight comments centered around Access Security issues in the IT realm at Penn State. Michael Kubit addressed the comments. He noted that they can all be resolved with individual’s and unit’s awareness of University policy, IT professionals at Penn State following best practices regarding security, and a modern access identity system married with best practices and appropriate business processes. Joe Doncsecz noted that there were no financial deficiencies noted at the University level in the Management Letter.

D. Internal Audit External Quality Assessment Report

Dan Heist gave an Internal Audit External Quality Assessment report. Internal auditors from other Big 10 universities reviewed Penn State’s internal audit assessments and work. The external audit team’s opinion was such that Penn State has achieved the highest level in conforming to The Institute of Internal Auditors standards. However, four areas for enhancement or suggested changes were noted in the opinion. Dan noted that those areas are being addressed or will be addressed moving forward.

E. Information Technology Update

Don Welch gave an update on Information and Technology at Penn State specifically regarding IT security. Michael Kubit gave a status update regarding the Penn State IT transformation project.

F. Review and Approval – External Audit Engagement Letter

Joe Doncsecz reviewed the letter to engage Deloitte & Touche LLP as the University’s external auditors and recommended approval of the External Audit Engagement Letter. The Committee unanimously approved the recommendation of the following resolution to the Board:

RESOLVED, That the Officers of the University are authorized to engage Deloitte& Touche LLP, Certified Public Accountants, for the audit of the accounts of the University for the year ending June 30, 2019.

The public meeting was adjourned at 11:29 a.m. Prior to and following the public meeting, the Committee held separate Executive Sessions with management, Deloitte, Dan Heist and themselves.

Respectfully submitted,

Shelly Zeigler-Byers
Administrative Support
Board of Trustees