Kwantlen Polytechnic University

Internal Audit of Human

n Resources
Processes and Controls
Executive Management Compensation and
Employment-related Expenses

Prepared For: Board of Governors, Kwantlen Polytechnic University

Issued On:

January 28, 2015

Prepared By:

MNP LLP
2300, 1055 Dunsmuir Street
PO Box 49148
49148, Vancouver, BC V7X 1J1

MNP Contact: Peter Guo, Partner

Partner, BC Enterprise Risk Services Leader
Phone: (604) 637
637-1513
Fax:
(604) 685
685-8594

TABLE OF CONTENTS
Executive Summary ................................................................................................................... 3
Background .............................................................................................................................. 3
Scope....................................................................................................................................... 4
Approach ................................................................................................................................. 5
Limitations ............................................................................................................................... 6
Key Findings and Recommendations............................................................................................ 7
Appendix 1: Current and Proposed Process for Appointment of New Senior Academic Administrators
..............................................................................................................................................20
Appendix 2: PSEC and SOFI Report Process Narratives and Flowcharts ...........................................22
Appendix 3: Summary of Recommendations ...............................................................................29

Limitation of Use
This report is intended solely for the information and use of Kwantlen Polytechnic University. This report should
not be distributed to third parties without MNP LLPs written consent. Any use that a third party makes of this
report, and any reliance or decisions made based on it, are the responsibility of such third party. MNP LLP accepts
no liability or responsibility for any loss or damages suffered by any third party as a result of decisions made or
actions taken based on this report.

Executive Summary
The Board of Governors of Kwantlen Polytechnic University (the Board) engaged MNP to assess and
report on the processes and controls related to the employment, compensation and accountability
reporting for Kwantlen Polytechnic Universitys (KPU or the University) executive managers (Pay
Grade 9 and above) during the period from April 1, 2010 to June 30, 2014.
MNP found significant gaps in the manner in which senior executive employment terms were
documented. Contract terms and salary adjustments were not fully documented in the files provided by
KPU. These gaps made it difficult to ascertain the manner in which terms were agreed, the specific
terms of employment in each case and whether the terms identified were complete.
Appropriate financial, human resource and legal consultation was not fully utilized and relevant
functional expertise was not always taken into consideration. This contributed to significant
inconsistencies that were identified between contracts. KPU has already instituted some improvements,
however further progress is required.
MNP did not identify the existence of any further pre-employment contracts during the review period,
except for those that have already been publicly identified. With the exception of disclosures related to
these pre-employment contracts, MNP did not note significant deviations from the disclosures required
under the Public Sector Executive Compensation Reporting Guidelines promulgated by the Public Sector
Employers Council Secretariat (PSEC). For the sample of senior managers selected, MNP did not note
significant deviations from the disclosures specified for the Statement of Financial Information as
required by the Financial Information Act. However, MNP did identify opportunities to improve the
internal control environment underlying, and processes for overseeing, these reports.
In summary, MNP made a total of 24 recommendations to KPUs Board of Governors to improve the
processes and controls related to the employment, compensation and accountability reporting for the
Universitys executive managers, as well as general governance and oversight at KPU.

Background
Kwantlen Polytechnic University (KPU or the University) employs a number of senior administrators
charged with managing various aspects of the Universitys academic programs and administration.
These positions are excluded from membership in collective bargaining groups such as the Kwantlen
Faculty Association or the BC Government Employees Union.
Senior administrators are employed by KPU as either temporary appointments, regular appointments
with an indefinite term or as regular appointments under fixed term contracts. Regardless of the
manner of appointment, employment of senior administrators is governed by the Public Sector
Employers Act (the Act), as administered by the Public Sector Employers Council Secretariat.
Amongst other things, PSEC regulates the compensation paid to KPUs senior administrators.

KPU is required to submit a Compensation Plan to PSEC for its review and approval. The Compensation
Plan identifies the duties, responsibilities and compensation for each position. Once approved by PSEC,
the Compensation Plan is a legally enforceable compensation standard, from which KPU is not allowed
to deviate without permission from PSEC. The compensation plan is the basis for KPUs compensation
grid, which links each position to a particular pay grade. The most recent compensation plan required
by PSEC was approved in November 2010.
The Act and related Public Sector Executive Compensation Reporting Guidelines also contain
accountability reporting requirements that oblige KPU to disclose the compensation of Named
Executive Officers (NEOs). NEOs are defined as the chief executive officer and four highest ranking
corporate officers earning a base salary of $125,000 or more per year. For the purposes of this
disclosure, KPU is required to include everything that a reasonable person would view as
compensation, including salary, bonuses, allowances, benefits paid on the employees behalf, paid
leaves and perquisites. Perquisites are further defined by what they are and are not. An item is not a
perquisite if it is integrally and directly related to the performance of an executive officers duties, for
instance the cost of travel and registration to a conference related to the duties of the executive officer.
A long, though not exhaustive, list of perquisites is provided in the Guidelines, including such items as
cars, personal travel, clothing, club memberships, theatre tickets, parking and housing subsidies.
In addition to PSEC requirements, KPU is also required under the Financial Information Act to disclose a
Statement of Financial Information (SOFI) that lists, among other things, the compensation of all
employees earning in excess of $75,000 per year.
As part of its annual internal audit plan for 2014-15, MNP was engaged to assess KPUs current HR
processes and controls in relation to executive management compensation and employment-related
expenses.

Scope
The objectives of the engagement were:
To understand and assess KPUs current processes and controls in relation to its executive
management compensation and employment-related expenses;
To assess whether KPUs current practices are in compliance with the statute(s), regulation(s),
and government guidelines or policies that govern executive and excluded compensation at KPU
(the External Regulatory Framework),
To identify improvement opportunities for executive management compensation and
employment-related expense processes and controls; and
To provide practical recommendations for improvement.
As part of the planning phase of this audit, the following in-scope areas of focus were identified:

For the period April 1, 2010 to June 30, 2014, review the processes and controls in relation to
4

KPUs Executive Management (senior administration Pay Grade 9 and above) compensation
and employment-related expenses, including:
o Hiring
o Compensation package determination
o Offers and contracts
o Employment-related expense claims (this does NOT include expense reimbursements that
are due to the normal course of conducting job duties.)
o Any other material payment to KPU Executive Management, including but not limited to
research allowance, moving allowance, professional development, pre-employment
contracts, etc.

Assess the processes and controls in relation to KPUs compliance with the External Regulatory
Framework, including:
o Identifying and reporting Executive Management compensation and employment-related
expense information

This encompassed examining the supporting documentation for 68 employment transactions (hire,
temporary assignment, promotion or reclassification) for 42 individual employees.

Approach
Fieldwork for this assignment was completed between July and October, 2014. The review consisted of
reviewing a sample of documents and reports; a series of interviews with relevant management and
staff; along with a more detailed review and testing of controls in relation to the in-scope areas of focus
noted previously. As noted in the Scope section, the sample that was tested for this review focused on
pay grade 9 and above for the period April 1, 2010 to June 30, 2014.
In summary, the approach included the following:

Understanding and documenting executive hire and accountability reporting processes and
controls by reviewing existing policies / guidelines and other related documents and
interviewing relevant key management and staff. For the documentation of accountability
reporting processes and controls, please see Appendix 2: PSEC and SOFI Report Process
Narratives and Flowcharts.
Reviewing PSEC and SOFI accountability reports for 2010 to 2013. For PSEC reports, all reported
items were examined in detail. For SOFI reports, a sample of senior executives was examined in
detail, as well as the overall process.
Reporting any specific significant exceptions, and opportunities for improvement of internal
controls.

Limitations
MNPs work to provide this report was carried out based on the assumption that information provided
by management and employees of KPU was reliable, accurate and complete. MNP did not subject the
information contained in this report to checking or verification procedures except to the extent
expressly stated. In no circumstances shall MNP be responsible for any loss or damage, of whatsoever
nature, arising from information material to MNPs work being withheld or concealed from MNP or
misrepresented to MNP by management and employees of KPU or any other person of whom MNP may
make enquiries.
This reviews activities do not constitute an examination in accordance with generally accepted
accounting standards or attestation standards. As a result MNP does not provide an opinion, attestation,
or other form of assurance.
MNPs review activities do not constitute an examination for fraud or fraudulent transactions under any
standards. This review is not a forensic review and has not been designed to search for fraud,
fraudulent or suspicious transactions. If such matters arose from the review activities, they would have
been brought to the attention of in-house legal counsel and the Chair of the Audit Committee of KPUs
Board of Governors.

Key Findings and Recommendations

A number of issues were identified in a report written by Rob Mingay, who was then the Assistant
Deputy Minister for Labour Relations, Public Sector Employers Council Secretariat. It is not MNPs
intention to repeat these findings, so they have been taken as read. Instead, the focus of MNPs internal
audit report is to identify underlying causes and what KPU should do to reduce the likelihood that they
could recur.
The existing process for the appointment of senior academic administrators is described in the flowchart
in Appendix 1-A. During the course of this review, opportunities to improve this process were noted.
Recommendations for improving the process are detailed in this section, and are further described in
the flowchart in Appendix 1-B.
Recruitment and Appointment of Senior Academic Administrators
Observations Documentation
During the course of this review, significant gaps were noted in the manner in which senior executive
employment terms were documented. In some cases, the terms of employment were specified in an
offer or appointment letter. In others, there was a formal contract. In some cases, there were both.
However, in other cases, particularly relating to long serving employees, there was neither, even where
job responsibilities substantially changed. Contract terms and salary adjustments were not fully
documented in the files provided by KPU. These gaps made it difficult to ascertain the manner in which
terms were agreed, the specific terms of employment in each case and whether the terms identified
were complete.
Recommendation
1. Consistent processes and documentation should be used for all senior executive appointments. While
details of the processes for internal or external candidates may differ, all appointments, reclassifications
and salary adjustments should be fully documented in each employees personnel file. (Also see
Recommendations 4 and 7.)
Observations Appointment Term Compliance
It was found that in all cases, senior academic administrators were appointed for terms not exceeding 5
years, in accordance with KPUs Executive Recruitment Procedure HR 20. It should be noted that this
policy applies only to academic administrators. Other senior executives, for instance the Vice President,
Finance and Administration, Associate Vice President, Administration, and other non-academic
positions, were appropriately appointed for indefinite terms.
Observations Research Allowances and Professional Development
Though not normally considered part of compensation, research and professional development
allowances were, in some cases, negotiated as part of the compensation package. This was particularly
acute in one instance, where a negotiated research allowance was used to fund a taxable benefit related
to moving expenses for a new hire. The offer letter/employment contract made no mention of

reimbursement for moving expenses, nor did it specify repayment terms in the event of termination of
employment. Reimbursement of paid moving expenses on early termination is a normal condition, the
absence of which does not protect the best interests of the University. Further, in some cases, contracts
specified that computers can be purchased through the research allowance, which is outside of KPUs
normal procurement procedures.
Recommendation
2. In order to clearly delineate compensation from non-compensation related matters, KPU should
ensure that non-compensation related items, such as research allowances, are negotiated and agreed
separately from the compensation negotiation process.
Observations Consistency in Employment Contracts
Inconsistencies were noted in the employment contracts among senior executives. For instance,
vacation allotments vary from between 4 and 7 weeks, without reference to the number of years of
employment at KPU. There were also inconsistencies in research and professional development
allowances.
Employment contracts for academic administrators frequently specify a term of administrative leave,
usually offered in contemplation of a transition from an administrative to a teaching position at the
conclusion of the contracted appointment or its renewal. Such administrative leaves are conditional on
the individual obtaining a faculty appointment within one of KPUs academic departments. However, in
at least one instance a term of administrative leave was agreed to without reference to continued
employment by KPU. In this case, the leave was more akin to a sabbatical.
In addition, some offer terms could have put KPU and the individuals being hired offside with the CRA.
For instance, in at least one case, the offer letter specified an amount available for relocation, but did
not specify the requirement to provide moving expense receipts. In the absence of receipts, a moving
allowance becomes a taxable benefit rather than a non-taxable reimbursement. (In all instances, KPU
did seek receipts; that receipts would be required was not always made clear in the formal
documentation provided to recruits.)
There was one instance where a housing loan was made available, although it was not used. In another
instance, KPU offered and paid for three months of furnished housing; a taxable benefit and reportable
under the compensation reporting guidelines. That this formed part of the individuals compensation
package was not made clear in the offer letter to the individual.
KPU works within a challenging recruitment environment it is understood that externally imposed
compensation restrictions have made it difficult to attract the calibre of candidate the University
desires. As a consequence, KPU has sought innovative ways to attract high quality senior
administrators. These efforts have had a contributing effect on these inconsistencies.

The most significant inconsistencies were noted in a period between 2010 and 2012. The services of a
professional recruiting agency were retained, but the advice of KPUs Human Resources and Finance
departments was not always consistently sought during the executive recruitment process. It was also
unclear the extent to which professional legal advice was obtained. It is likely that the inconsistency in
seeking timely professional human resource, finance and legal advice, during the executive recruitment
process, led to many of the variations identified above.
The negotiation of varying employment terms is a normal practice in the private sector. However, in the
private sector, individual compensation is usually a confidential matter. On the other hand, in the public
sector, compensation is a matter of public record. In this environment, even small inconsistencies in the
compensation provided to individuals at the same level can lead to significant human resource and
oversight challenges.
Recommendations
3. In order to improve consistency, KPU should formally delegate responsibility for making offers of
employment and procuring contracts of employment to the HR Department.
4. In order to improve consistency, standardized templates for key aspects of the recruitment process
should be developed by Human Resources, with the advice and assistance of Finance and Legal
departments. In the near term, until standard templates are established, all draft offers of employment
to senior executives should be reviewed and formally signed-off by KPUs Human Resource, Finance and
Legal departments, to ensure conformity with KPU policies and procedures, public sector requirements
and limits and the Income Tax Act, prior to offers being made to prospective senior employees. (Also
see Recommendation 1.)
Observations Recent Progress towards Consistency
KPU has initiated a process to create consistency through an annual professional development fund,
from which executive managers can claim reimbursement for eligible professional development
expense, subject to an annual limit associated with their position.
It is understood that responsibility for administering executive recruitments has been assigned to KPUs
Human Resources department. With this move, there was improved consistency and clarity in the
wording of recent contracts and offers. However, further progress is required.
KPU has developed standard appendices for inclusion in employment contracts that standardize certain
items such as vacation entitlements. However, inconsistencies in vacation entitlements were noted
between contracts and the standard form appendix attached to them.
In June 2013, KPU instituted policies and procedures for the Search Advisory, Appointment and Reappointment of Senior Academic Administrator Positions (Policy & Procedure HR 20) and a revised
appendix to the Board Governance Manual for the appointment of employees (Appendix H). These

policies and procedures are now being instituted and represent positive steps towards ensuring
professional, consistent executive recruitment; however they have not yet been fully implemented.
Recommendations
5. Contracts of employment with senior executives should be consistent with the standard terms
developed by KPU.
6. Terms of each draft offer of employment should be formally signed-off by the person or group
assigned responsibility for approving candidates, as specified in Appendix H of the Board Governance
Manual.
Observations Responsibility for Executive Contract Negotiation
KPUs executive recruitment policies and procedures outline the powers and responsibilities of the
Board, President and administration in relation to recruitment. They detail the role and composition of
Search Advisory Committees (SAC) and outline, at a high level, the search process. The Board
Governance Manual delegates responsibility for hiring to the Human Resources Committee for specific
positions. However, the policy guidance speaks more to who should have input into decision making
than it does to specific procedures. The policies do not identify requirements for formal documentation,
including approval sign-offs, nor do they provide guidance for the negotiation process that is integral to
the hiring of senior academic administrators, including the determination of compensation and all
compensation related items.
Recommendations
7. KPU should enhance its policies and procedures for hiring senior academic administrators. These
enhancements should clearly define the activities and requirements in the hiring process, including the
necessity of formal documentation and where approvals are required.
8. Negotiating contract terms should be limited to those persons or groups assigned responsibility for
approving candidates as specified in Appendix H of the Board Governance Manual, in consultation with
the Human Resources department. KPU should develop guidelines for negotiating contracts that
identify negotiating ranges for specific compensation items consistent with the PSEC-approved plan, and
ensure that KPUs standard contract terms are consistent with these items.
Pre-Employment Contracts
Observations
Our review did not indicate the existence of any further pre-employment contracts during the review
period additional to those already publicly identified.
Notwithstanding any deliverables provided or performance expectations outlined, all of the individuals
that were interviewed and who received pre-employment contracts understood them to be integral
with an offer of employment, either as inducements to sign or in an effort to make prospective
employees whole in a challenging salary environment. Mingays report characterizes the pre10

employment contracts he examined as vague on deliverables or not containing any discernible

deliverables. The absence of clear, specified deliverables or remuneration rate contributed to a
perception that pre-employment contracts were developed with the intention to skirt compensation
limits.
It must be pointed out that the individual employees in question bear no responsibility or fault. In fact,
Mingay noted that Dr. Davis ...worked extensively during the period...and provided valuable services to
KPU. They were negotiating in good faith with the University, with the reasonable assumption that any
terms offered would be consistent with all applicable laws and policies under which KPU was obliged to
operate. Typically, professional finance, legal and human resource advice (whether in-house or
external) is obtained, with the intention to preclude organizations from going offside of laws and
policies during the negotiating process. As noted earlier, such advice was not always sought at KPU.
It was also noted that KPU does not have any policies that provide guidance regarding the offering of
pre-employment contracts to prospective employees.
Recommendation
9. KPU should develop a policy that discourages pre-employment contracts. In the rare circumstances
where specific services may be appropriate during the transition period prior to employment, KPU
should develop guidance for pre-employment contracts to ensure compliance with legal and policy
compensation restrictions. Any pre-employment contracts should be procured in accordance with good
procurement practices, with clear deliverables, specified time frames and appropriate rates, and precleared through PSEC.
Compensation disclosure PSEC
Observations Reporting Process
The process for creating KPUs annual Executive Compensation Disclosure Report was obtained and
documented through interviews conducted during this assignment (see Appendix 2-A). In addition, the
compensation disclosures for all employees included in the PSEC reports for the years ending March 31,
2010 2014 were reviewed.
KPUs process for generating this report is largely manual, requiring coordination between the Human
Resources department that is responsible for drafting the report, and Finance Payroll department that
has care and custody of the underlying financial data. The process is adequate with respect to gross
salary items, as most payments are made through payroll. However, there is a gap related to items that
could potentially be considered compensation, as defined under PSECs guidelines. Such items would
likely be paid via purchasing card (P-card) or expense claims, and so would not show up in a payroll
report. The manual process undertaken between Human Resources and Finance may not be sufficient
to ensure that the information required is complete and accurate.
Based on interviews with KPU management and review of KPU policies and procedures, there is no clear
definition of perquisites, and it is not clear how these perquisites should be tracked. In practice, the
11

expense forms / P-card statements are reviewed more from an authorization / reasonableness
perspective rather than perquisites compliance and disclosure purposes.
During the period of this review (April 1, 2010 to June 30, 2104), minor amounts (approximately $3,000
in total) were noted through our assessment of P-cards and expense claims, that related to perquisites
and should have been included as compensation. Further minor amounts (approximately $5,000 in
total) could possibly have been classified as perquisites, but there was insufficient information to
confirm these items.
Recommendations
10. As part of drafting the Executive Compensation Disclosure Report to PSEC, the Finance department
should be consulted regarding items that could be considered compensation under the Public Sector
Executive Compensation Reporting Guidelines issued by PSEC.
11. KPU should establish a clear definition of perquisites in its expense / P-card policies, consistent with
the definition provided for expense reporting by PSEC, which should be communicated throughout the
University. The perquisites / potential perquisites should be identified during the expense form / P-card
statement review and tracked for annual reporting purposes.
Observations Board Chair Attestation
There were no significant variances between the payroll records and PSEC reports, other than for those
employees who received pre-employment contracts. The manner in which pre-employment contracts
were reported as contract payments rather than compensation was not an oversight; it was a
judgement made by KPU management at the time based on their interpretation of the guidelines. The
current guidelines governing the disclosure of executive compensation are specific regarding the
requirement to include payments under pre-employment contracts with total compensation. However,
before they were revised in May 2014, the guidelines were silent in this regard. KPU management notes
that the disclosure guidance was ambiguous regarding pre-employment contracts, and felt that the
manner in which they were disclosed was correct and consistent with the disclosure of professional
services contracts with other non-employees.
From the fieldwork conducted during this review, it appears that management did not attempt to
deceive with respect to how pre-employment contracts were disclosed. However, it is unclear whether
a fulsome briefing was provided to the Board Chair, especially regarding judgement calls that were
made regarding this disclosure.
Current PSEC reporting guidelines require the Board Chair to provide an attestation letter confirming
that:
The board is aware of the executive compensation paid in the prior fiscal year
The compensation information being disclosed is accurate and includes all compensation paid
by the employer, foundations, subsidiaries, or any other organization related to or associated

12

with the employer. It also includes the value of any pre or post-employment payments made
during the 12 month period before or after the term of employment.
Verifying that compensation provided was within the approved compensation plans and
complies with these guidelines.

Board Chairs are not expected to have detailed knowledge concerning the administration of the
organizations they oversee. However, in this instance, the attestation report requires the Board Chair to
stake her or his reputation on the veracity of the information submitted. Consequently, this requires a
rigorous underlying process to ensure the completeness and accuracy of the information provided to
the Board Chair, including a documented review of this material at the senior administrative level. Both
the process and documented review were not clearly evident.
Instead, the accountability information provided to the Board Chair was compiled by an administrative
manager and reviewed by a senior member of the Finance department, but without further review and
formal sign-off. This process, while adequate for matters of routine administration, is not
commensurate with the serious nature of the Chairs required attestation.
Recommendations
12. KPU should formally institute procedures for senior management (VP Finance & Administration
and/or the President) review and sign-off of disclosures required under the Public Sector Employers Act,
including the identification of any judgements made in the compilation of this information, prior to its
submission to the Board Chair for formal attestation.
13. KPU should ensure that the processes for collecting, validating and certifying PSEC and other key
regulatory submissions are consistently documented and communicated. Key control points in these
processes should be clearly identified, and tested on a regular basis to ensure that the processes
function rigorously and consistently.
Compensation disclosure - SOFI
Observations Reporting Process
As part of this review, the process for creating KPUs annual Statement of Financial Information,
required under the Financial Information Act was documented (see Appendix 2-B). The assessment of
the information reported under SOFI for all Presidents, and a sample of currently employed grade 9 and
10 employees, for the period April 1, 2010 to March 31, 2013 (the 2014 report was not yet available at
the time of field work) was performed, and no significant exceptions were noted.
KPUs system for generating the SOFI report is generally adequate with respect to reporting information
that is processed through payroll. However, as was the case with the Executive Compensation
Disclosure Report, KPU does not have a process for ensuring that compensation-related items expensed
through P-cards or expense claims have been correctly captured in the SOFI report.

13

KPUs accounting and payroll systems do not easily lend themselves to the kind of reporting required
under SOFI. Consequently, there is considerable manual intervention required to produce the
information required. Automating the process, at least in part, could make the resulting data more
reliable, and would improve the ease with which it is extracted. For instance, it may be possible to have
Banner produce a report showing total employee expenses. This could be compared to the total
employee expenses reported in the SOFI report to check that the information is complete (see also
observations and recommendations previously noted under Compensation disclosure PSEC).
While costs to automate the entire system would likely be significant, a cost/benefit analysis has not
been performed with respect to automating any part of the system to support SOFI reporting.
Recommendations
14. As part of drafting the SOFI, the Finance department should identify and provide information
regarding items that could be considered compensation under the guidance provided by the Ministry of
Finance, such as perquisites and taxable benefits, which have been processed via P-cards or expense
reports.
15. KPU should perform a cost/benefit analysis of automating at least part of the SOFI report generating
process.
Observations Oversight of Guidance Updates
Each year, the Ministry of Finance updates its guidance for the preparation of the SOFI report. This
guidance forms the basis on which the SOFI report is prepared the value of the report could be
undermined should the interpretation of the Ministrys guidance be incorrect in any way. These
requirements are reviewed by Finance department management to ensure the report is prepared
correctly. However, this review is informal and not documented.
Recommendation
16. Given that the SOFI report will be released to the public, a formal, documented supervisory review
should be implemented by KPU to validate that the SOFI guidelines, or any changes that may occur yearto-year, have been interpreted correctly.
Observations Review and Approval
The SOFI report is provided to the Executive Director of Finance for detailed review and approval. The
report is also forwarded to the VP Finance & Administration; however the VP is not required to review
or approve it. Given that the SOFI report is a public document, and that the Board Chair is required to
approve the report as part of the package of financial information released by KPU, formal review and
approval of the SOFI report by a member of the senior administration should be required, attesting to
the completeness and accuracy of the information reported.

14

Recommendation
17. The Vice President, Finance and Administration should review and formally approve the Statement
of Financial Information required under the Financial Information Act, attesting to the completeness and
accuracy of the information reported, before it is provided to the Board for its review and approval.
Compensation Compliance with Legislation and Policy
ObservationsCompliance with the Management Compensation Freeze
On September 13, 2012, Government announced a management compensation freeze for all public
sector organizations. The written direction from the Minister of Finance was specific that this freeze
applies to any movement within existing compensation ranges on the basis of service, merit or other
progression, or changes to existing ranges and to position reclassifications without substantive changes
to responsibilities. The management compensation freeze remains in effect.
There were three instances where senior management received annual step level increases identified
during the review period. However, KPUs Policies Concerning Working Conditions, Salaries, Benefits
and Retirement Provisions for Administrative Employees states that advancement within the
applicable salary range shall take place annually (based on FTE service) on the anniversary date,
provided that the employee is assessed to be performing at least satisfactorily. PSEC concluded that
this wording legally obligated KPU to continue providing increments, and therefore KPU was exempted
from this directive as it related to the awarding of increments.
As part of this internal audit, the compensation paid was compared with the salary specified for the
position on the compensation grid, to ensure consistency and to ensure that the government-imposed
wage freeze had been respected. There were no significant deviations from the salary grid.
However, there were some instances where salaries changed over this time. KPU maintained that in all
instances salary changes were due to individuals changing positions or positions being reclassified.
Where PSEC approval was sought by KPU, approval was not always received prior to changes being
made, and in some instances, approval was only sought retrospectively.
Recommendation
18. KPU should request and receive written approval from PSEC prior to implementing changes to the
compensation of excluded staff, unless the change falls within the PSEC-approved plan.

15

Governance and Oversight

Observations
During the course of this review, a number of opportunities for KPU to improve its overall governance
and oversight practices were noted. These observations are based on the widely-adopted Committee of
Sponsoring Organizations of the Treadway Commission (COSO) standards.
ObservationsNew Governor Orientation
At the time of our fieldwork, orientation for new Board members consisted of a brief overview of KPUs
history and operations. This is usually conducted via a meeting between the existing Chair and the new
Board member, with support from the Board Secretary. There is no formal orientation package or Board
members handbook that outlines responsibilities of the Board as a whole or of Board members
individually.
At a minimum, Board member orientation should include:
major issues related to the post secondary sector in general, and KPU in particular;
the Universitys organizational structure and major programs;
KPUs strategic objectives its mission, vision and values;
the operational plans for achieving KPUs strategic objectives;
the measures of operational performance used by KPU to gauge its success in achieving these
objectives;
how the Board is organized and how major decisions are made;
the Universitys budget, current financial statements and key financial management issues;
key risks facing KPU and how they are managed;
Board member fiduciary duties;
regulatory requirements for, and related expectations of the Board;
expectations and responsibilities of individual Board members as specified in the Board
governance manual; and
how the performance of individual Board members and the Board as a whole, is monitored.
Recommendation
19. KPUs Board should implement a formal orientation process for new Board members that includes
elements such as the Universitys structure and operating environment; strategic plan and objectives;
operational plans and measures of success; Board governance, expectations and performance
monitoring; KPU finances and Board fiduciary responsibility; and KPUs risk management framework and
process.
ObservationsPerformance Management
A significant quantity of information is provided to Governors in advance of each Board meeting.
However, while the volume of information provided is significant, it tends to be operational in nature,
and not packaged in a decision-useful format appropriate to a governance board.

16

Until recently, KPU has not had a plan that outlines the Universitys strategic goals, and measures of
performance for those goals. Since the arrival of Dr. Davis, a strategic plan has been developed and
performance measures have been, or are being, identified. Performance measurement is still being
implemented, and as such, effective monitoring by the Board is not yet a part of routine governance.
Recommendation
20. KPUs Board should receive and review regular reports of the Universitys performance against its
strategic objectives, including analyses of deviations from objectives and KPUs intended response.
ObservationsRisk Management
Under S.4.2.3 of the Board Terms of Reference, KPUs senior leadership is responsible for establishing
processes, procedures and mechanisms by which key matters or risks are identified, and ensuring that
strategies are developed to manage such risks. The Board ensures, through regular reviews and
assessments, that senior leadership has established appropriate systems to identify and manage these
risks and receives regular reports on the management of these risks.
Under S.17, primary responsibility for KPUs risk management is vested in the President and overseen by
the Board. The President is responsible for establishing processes, procedures and mechanisms by
which key financial and non-financial risks are identified, and ensuring that strategies are developed to
manage such risks.
The Board has responsibility to:
a) understand the key financial and non-financial risks of KPUs operations;
b) ensure, through regular reviews and assessments, that senior leadership has established
appropriate systems to manage these risks; and
c) receive regular reports on the management of material risks to KPU.
In particular, the Board will review with senior leadership the policies and procedures that are in place to
identify, manage, and monitor material risk...
At least annually, the Board oversees a risk review where it reviews:
a) KPUs material risks
b) the adequacy of senor leaderships systems, policies and procedures to identify and manage risk;
and
c) the effectiveness of senior leaderships risk management process.
The risk management function at KPU was established in 2012 to initiate the implementation of
enterprise risk management (ERM). Over the past two and a half years, ERM has evolved to include a
recognized framework (ISO31000), standardized tool set, operational risk assessments, updates to the
Board Manual (S. 17 as noted above), administrative oversight and periodic reporting to the Board.

17

Since its inception, the risk management function has been staffed by one individual. At this time, the
risk management function does not report to the Board or the President; instead, it reports
operationally to the AVP Administration, and is physically housed in HR.
Currently, KPU does not yet have a comprehensive risk register. Moreover, the risk reports that have
been made to the Board have been somewhat ad hoc, relating to specific issues of the day rather than a
comprehensive identification and assessment of risks that encompass all categories of risk (strategic,
operational, financial, reputational, regulatory, etc.)
Recommendations
21. Given the Presidents direct responsibility for risk management, overseen by the Board, the
operational responsibility for risk management should be reassigned directly to the President, or in the
alternate, the Board. Accordingly, risk management staff should report directly to the President or the
Board.
22. Using the ISO31000 risk management framework, KPU should develop a comprehensive risk register
as soon as possible, and use this register as the basis for regular reporting to the Board on the status of
risks and KPUs programs to manage them.
ObservationsCode of Conduct
Under S.4.2.6 of the Board Governance Manual, the Board is required to approve and monitor
compliance with a Code of Conduct for KPU senior leadership.
KPU is now (as many institutions are also doing after having been directed by government) developing a
Code of Conduct for its staff and senior leadership. Minimum requirements have been established
under the Standards of Conduct Guidelines for the B.C. Public Sector (July 2014).
In response, KPU has developed draft guidance in the following areas:
Conflict of Interest,
Conflict of Commitment,
Confidentiality,
Use of University Property,
Protected Disclosure (Whistle blowing), and
Intellectual Property.
The development of policies and procedures in these areas is an important first step, but in itself is not
enough. To bring the Code of Conduct to life, KPU will need to assign ownership to a specific individual
to ensure the new policies and procedures are embedded in KPUs operations and culture. This will
involve the development and delivery of an implementation plan, employee orientation including
training, formal sign-off, and periodic review to ensure the Code remains current.

18

Recommendation
23. KPU should formally assign responsibility for the Code of Conduct to a senior staff member, and this
responsibility should include the development and delivery of an implementation plan as well as
periodic review and updating of the Code.
ObservationsInternal Controls
Under S.4.2.4 the Board is required to verify that internal financial and operational controls and
information systems are in place and functioning satisfactorily. Logically, responsibility for this oversight
should be delegated to the Finance and Audit Committee.
While the Board may oversee KPUs internal control framework, it is KPUs senior administration that is
responsible for developing it, maintaining it, and ensuring that it operates effectively.
To date, the Finance and Audit Committee has not performed a comprehensive review and assessment
of KPUs control environment. It would be appropriate and beneficial for KPU to identify, document and
assess its controls related to areas of high risk (as determined through its ERM programsee previous
discussion and recommendation). In particular, controls around compensation transactions, data
accumulation, disclosure, reporting and compliance would be an obvious high priority area.
Recommendation
24. Using a well-established control framework (e.g., COSO Internal Control-Integrated Framework), KPU
should assess, enhance and/or implement controls related to key financial areas and processes. These
activities should include identification of key controls and control gaps in high priority processes for the
University. Testing of such key controls should occur on a regular basis.

19

Appendix 1:: Current and Proposed Process for Ap

Appointment
pointment of New Senior
Academic Administrators
1-A:
A: Current Appointment Process for New Senior Academic Administrators

Candidate Selection - SAC

Selection process Procedure HR 20 of Board
Governance Manual

Recommends up to 3 candidates

Candidate Approval - President or Designate

Responsibility to appoint, per Appendix H of
Board Governance Manual

Required to approve selection, or makes final

selection - no sign off

Employment Contract Negotiation

Responsibility for negotiation not specified

Not all negotiating ranges are specified

Offer of Employment
Responsibility for offers of employment informally delegated to HR

Contract of Employment
Responsibility for employment contracts
informally delegated to HR

Standard Terms Appendix - not always followed

20

1-B:
B: Proposed Appointment Process for New Senior Academic Administrators

Candidate Selection - SAC

Selection process Procedure HR 20 of Board
Governance Manual

Recommends up to 3 candidates

Candidate Approval - President or Designate

Responsibility to appoint, per Appendix H of Board
Governance Manual

Required to approve selection, or makes final selection

Employment Contract Negotiation

Responsibility for negotiation
formally assigned with
responsbility to appoint

Formal sign-off consistent with

Appendix H

Negotiating ranges specified by

policy

Draft Offer of Employment

Using standardized templates , draft offers of employment with consistent terms*

Offer of Employment
Responsibility for offers of employment formally delegated to HR

Contract of Employment
Responsibility formally delegated to HR

Standard Terms Appendix - always followed

* until standard templates are established, all draft offers of employment to senior executives should be reviewed and formally signed-off
signed
by KPUs Human Resource, Finance and Legal departments

21

Appendix 2: PSEC and SOFI Report Process Narratives and Flowcharts

2-A: Executive Compensation Disclosure Report (PSEC report)
Current Process Current gaps in, and recommendations for, the process are highlighted in yellow
below and in the respective flowchart.
KPU is currently using the following process to prepare its compensation figures for the Executive
Compensation Disclosure Report:
In order to be included on the Executive Compensation Disclosure Report the following
requirements must be met:
o The employee must be in a key decision making position at the university.
o The employees annualized base salary must be greater than $125,000 (Note that this
means employees who work a partial year should be adjusted to determine if their
annualized salary would have been greater than $125,000).
The report also breaks down what type of income was earned. The categories are Salary, Bonus
and / or Incentive Plan Compensation, Benefits, Pension, and All Other Compensation.
The Manager of Human Resources & Benefits coordinates with The Payroll Operations Manager
in the payroll department to determine who meets this definition.
o The working copy of the report is automatically populated with the executives who
were reported last year to determine if they still meet the criteria.
o There are few executive officer positions and so the Manager of Human Resources &
Benefits would be aware of the people in these positions.
o This is an example of the sort of judgement call that should be explicitly reviewed and
approved by KPU senior management, as noted in Recommendation 12.
Once the employees to include in the report have been determined, the Payroll Operations
Manager prepares a manual excel spreadsheet to calculate each of the required columns.
o Most of these numbers come from the payroll program Banner.
o The Executive Compensation Disclosure Report contains all amounts paid on behalf of
employees including employer paid benefits and severance payments.
o The Payroll Operations Managers calculations only include amounts that are paid
through the payroll system.
Although most payment items are paid through the payroll department; there are two columns
in the report titled Vehicle / Transportation Allowance and Perquisites / other Allowances.
These items would be paid through a P-card or expense claim. The manual process undertaken
between Human Resources and Finance may not be sufficient to ensure that the information
required is complete and accurate. (See Recommendations 10 and 11).
After completing the payroll columns the Payroll Operations Manager compares the amounts in
the working copy back to the employee register in Banner. The Manager does this for all of the
employees in the report.

22

The Payroll Operations Manager then sends the report to the Manager of Human Resources &
Benefits for review.
Once the Manager of Human Resources & Benefits is satisfied with the report, it is forwarded to
the Executive Director, Finance and the Associate Vice President, Administration for additional
review.
The report is reviewed by the Executive Director of Finance, but not reviewed further, and
presented to the Board Chair for attestation. (See Recommendation 12)
The finalized report is then sent to PSEA, and after PSEA reviews the information, to PSEC for
approval.

23

Kwantlen Polytechnic University (KPU)

Process: Executive Compensation Disclosure Report Compilation Procedure

Banner

Banner Calculates
Employee Payroll

The Human Resource Manager and the

Payroll Operations Manager discuss who
meets the definition for Executive
Compensation Disclosure

Banner Generates Reports

Detailing Payroll

Payroll reports are used to manually calculate an

excel working copy of Executive Compensation
Disclosure information

The payroll
department does not
coordinate with the
finance department
for taxable benefits in
the expense claim
process

The Executive Compensation

Disclosure report is developed
from the working copy

The Executive Compensation

Disclosure report is forwarded to
the human resource department
The process could be
improved by adding
sign-offs by the VP
Finance and the
President before
presenting the report
to the Board Chair

The Executive Compensation Disclosure report is

forwarded on to the Associate VP, Administration and
the Executive Director of Finance

The Executive Compensation Disclosure

report is provided to the board

The report is attested to by

the board chair

The finalized report is sent

to PSEC for review

: Key Controls in existing process

: Opportunities for Improvement

24

The Payroll
Operations
Manager tests all
employees for
accuracy of
calculation

The Human
Resource
Manager performs
a review of the
report

The Executive
Director of Finance
performs a review
of the final report

2-B: SOFI Report

Current Process Current gaps and recommendations to the process are highlighted in yellow below
and in the respective flowchart.
KPU is currently using the following process to prepare its SOFI report:

All employee payrolls are processed by the University using Banner.

Banner is configured so that each employees annual salary is for 26 pay periods. It takes their
annual salary and divides it by 26 to obtain the gross pay in each pay run.
Banner tracks the employee and employer paid deductions as well as taxable benefits that are
paid through payroll.
After the fiscal year has ended, Banner can generate a report to show the total gross wages for
the fiscal period. This report shows employer paid benefits and taxable benefits separately. The
amounts on the report are dependent on manual earnings codes which are identified by the
user.
o Some taxable benefits are deductions which are embedded in the employer paid
benefits. A separate deduction report needs to be run and merged with the earnings
code report to obtain the correct taxable benefit amount. Other taxable benefits are
obtained in the report under separate non-cash earning codes.
o This report does not adjust for accrual of wages for pay periods which end outside of
the fiscal year. Reconciliation to accrual wages is performed later in the process.
Before generating any reports, the Payroll Operations Manager reviews the SOFI guidelines for
remuneration to ensure appropriate earnings and taxable benefits are included in the report.
There is no supervisory review to validate that the SOFI guidelines, or any changes that may
occur year-to-year, have been interpreted correctly. (Recommendation 16)
The Payroll Operations Manager then generates the Banner report by indicating all earnings
codes that are required under the SOFI disclosure and merging the deduction taxable benefits
with this report.
The Payroll Operations Manager uses this report to create a manual excel spreadsheet working
copy for summarizing the SOFI report wages.
This excel sheet contains each employees name, their wages in the year (excluding employer
paid benefits), and their taxable benefits.
After completing the excel working copy, the Payroll Operations Manager picks a risk adjusted
sample of 10 employees and checks that their wage amounts reconcile back to the employee
payroll register in Banner. Of the ten people chosen, the Payroll Operations Manager attempts
to ensure that they are from different areas of the University. The President, the Payroll
Operations Managers immediate supervisor, and the Payroll Operations Managers own
calculation are always selected in this sample. The Payroll Operations Manager also attempts to
pull employees who have had a one-of-a-kind payment, as they would be more likely to have
differences in their calculation.

25

The Payroll Operations Manager adds the wages and taxable benefits to determine which
employees have a total of greater than $75,000. These employees are included on the report.
The compensation of all employees with a total of less than $75,000 are added-up and included
on the SOFI report at the bottom as employees who do not meet the threshold.
Once the Payroll Operations Manager is satisfied that the payroll numbers are correct, the final
version of the report is forwarded on to the Finance department to incorporate the expenses
claimed by employees throughout the year (reported as a separate column).
The Payroll Operations Managers report only includes taxable benefits that have been paid
through the payroll system. If any P-card or expense claim items are taxable benefits they would
need to be added in by Finance. There is currently no system to check for this or add in these
additional taxable benefits. (Recommendation 14)
The expense claim numbers included in the SOFI report are pulled from the finance module of
Banner. This is a long process with a number of manual steps.
o The IT department creates a report from Banner showing all GL expense transactions
matched with cheque paid information.
o The Finance department then takes the prepaid/advance information and manually
compares it to the GL expense transactions to determine the actual expense paid in the
period.
o The Finance department then manually goes through adjustments to see if there are
any offsets or account changes.
o Employee expense claims and P-card transactions contain a code within Banner that
identifies them and relates them to the employee name. This helps with the matching of
expenses.
Automating this process is recommended as it is a largely manual process which could result in
errors. Kwantlen is currently exploring this option. (Recommendation 15)
The Finance department performs the following checks on expenses:
o The Banner report showing the total GL expenses is reconciled back to the expense
accounts in the GL to ensure all expenses are included in the account.
o A variance analysis is done by employee / vendor to compare expenses reported to the
previous year.
It may be possible to have Banner produce a report showing total employee expenses. This
could be compared to the total employee expenses reported in the SOFI report to check that the
information is complete. (Recommendation 15)
The Manager of Financial Reporting & Systems performs a completeness check on the payroll
numbers by comparing the end wages in the SOFI report to the wages recorded in the GL and on
the audited financial statements. This involves reconciliation from accrual to cash since the SOFI
report does not adjust for accruals of wages.
The Manager of Financial Reporting & Systems confirms that all of the Board members are
included in the first schedule. The Board members are not paid remuneration and so do not
meet the $75,000 threshold but still need to have all of their expenses disclosed.

26

The Manager of Financial Reporting & Systems provides a copy of the report to the Payroll
Operations Managers supervisor for review as well.
After Finance has added the expense numbers and completed their review, the SOFI package is
forwarded to the Executive Director, Finance for final review and approval.
The Executive Director of Finances review consists of:
o Comparing the values reported in the working papers, the final draft, and Banner for the
key earners.
o Review that titles on the report are correct
o Reviews employees who have significant expenses other than salary.
o Looks at the reconciliation to the annual report
The SOFI package is also provided to the VP Finance and Administration, although no formal
review and sign-off is required. (Recommendation 17)
These sign offs occur throughout the review process:
o The Executive Director, Finance signs a covering memo to the Board Chair
o The Board Chair signs the Statement of Financial Information Approval
The value of these sign-offs could be enhanced if they included specifics regarding the steps that
were performed, or that the signer confirmed the completeness and accuracy of the reported
information. (Recommendation 17)

27

Kwantlen Polytechnic University (KPU)

Process: SOFI Report Compilation Procedure

Banner Calculates
Employee Payroll

Banner

Payroll Operations Manager Reviews

remuneration guidelines for SOFI

Banner Generates Reports

Detailing Payroll

No secondary
review is done to
ensure that this
has been
interpreted
correctly

Payroll reports are used to manually calculate an

excel working copy of SOFI information
This calculation
only includes
taxable benefits
which are
processed
through payroll.

The SOFI report is developed

from the working copy

The Payroll
Operations
Manager tests a
random sample of
employees for
accuracy of
calculation

Banner
The SOFI report is forwarded to
the finance department

The finance department pulls

expense data from Banner and
compiles it manually by employee

The manual
process is time
consuming and
prone to human
error.

It may be possible
for Banner to
generate a report
of total employee
expenses to
compare to the
SOFI report

The VP Finance
and
Administration
does not review
the SOFI report

The expense data is entered

into the SOFI report

The finance
department
performs testing
on expenses for
accruacy.

The SOFI report is forwarded on to the VP Finance and

Administration and the Executive Director of Finance

The SOFI report is

provided to the board

The board chair signs the Statement of

Financial Information Approval

: Key Controls in existing process

: Opportunities for Improvement

The finance
department
performs testing
on payroll for
accruacy.

28

The Executive
Director of Finance
performs a review
of the final report

Appendix 3: Summary of Recommendations

1. Consistent processes and documentation should be used for all senior executive appointments. While
details of the processes for internal or external candidates may differ, all appointments, reclassifications
and salary adjustments should be fully documented in each employees personnel file. (Also see
Recommendations 4 and 7.)
2. In order to clearly delineate compensation from non-compensation related matters, KPU should
ensure that non-compensation related items, such as research allowances, are negotiated and agreed
separately from the compensation negotiation process.
3. In order to improve consistency, KPU should formally delegate responsibility for making offers of
employment and procuring contracts of employment to the HR Department.
4. In order to improve consistency, standardized templates for key aspects of the recruitment process
should be developed by Human Resources, with the advice and assistance of Finance and Legal
departments. In the near term, until standard templates are established, all draft offers of employment
to senior executives should be reviewed and formally signed-off by KPUs Human Resource, Finance and
Legal departments, to ensure conformity with KPU policies and procedures, public sector requirements
and limits and the Income Tax Act, prior to offers being made to prospective senior employees. (Also
see Recommendation 1.)
5. Contracts of employment with senior executives should be consistent with the standard terms
developed by KPU.
6. Terms of each draft offer of employment should be formally signed-off by the person or group
assigned responsibility for approving candidates, as specified in Appendix H of the Board Governance
Manual.
7. KPU should enhance its policies and procedures for hiring senior academic administrators. These
enhancements should clearly define the activities and requirements in the hiring process, including the
necessity of formal documentation and where approvals are required.
8. Negotiating contract terms should be limited to those persons or groups assigned responsibility for
approving candidates as specified in Appendix H of the Board Governance Manual, in consultation with
the Human Resources department. KPU should develop guidelines for negotiating contracts that
identify negotiating ranges for specific compensation items consistent with the PSEC-approved plan, and
ensure that KPUs standard contract terms are consistent with these items.
9. KPU should develop a policy that discourages pre-employment contracts. In the rare circumstances
where specific services may be appropriate during the transition period prior to employment, KPU

29

should develop guidance for pre-employment contracts to ensure compliance with legal and policy
compensation restrictions. Any pre-employment contracts should be procured in accordance with good
procurement practices, with clear deliverables, specified time frames and appropriate rates, and precleared through PSEC.
10. As part of drafting the Executive Compensation Disclosure Report to PSEC, the Finance department
should be consulted regarding items that could be considered compensation under the Public Sector
Executive Compensation Reporting Guidelines issued by PSEC.
11. KPU should establish a clear definition of perquisites in its expense / P-card policies, consistent with
the definition provided for expense reporting by PSEC, which should be communicated throughout the
University. The perquisites / potential perquisites should be identified during the expense form / P-card
statement review and tracked for annual reporting purposes.
12. KPU should formally institute procedures for senior management (VP Finance & Administration
and/or the President) review and sign-off of disclosures required under the Public Sector Employers Act,
including the identification of any judgements made in the compilation of this information, prior to its
submission to the Board Chair for formal attestation.
13. KPU should ensure that the processes for collecting, validating and certifying PSEC and other key
regulatory submissions are consistently documented and communicated. Key control points in these
processes should be clearly identified, and tested on a regular basis to ensure that the processes
function rigorously and consistently.
14. As part of drafting the SOFI, the Finance department should identify and provide information
regarding items that could be considered compensation under the guidance provided by the Ministry of
Finance, such as perquisites and taxable benefits, which have been processed via P-cards or expense
reports.
15. KPU should perform a cost/benefit analysis of automating at least part of the SOFI report generating
process.
16. Given that the SOFI report will be released to the public, a formal, documented supervisory review
should be implemented by KPU to validate that the SOFI guidelines, or any changes that may occur yearto-year, have been interpreted correctly.
17. The Vice President, Finance and Administration should review and formally approve the Statement
of Financial Information required under the Financial Information Act, attesting to the completeness and
accuracy of the information reported, before it is provided to the Board for its review and approval.
18. KPU should request and receive written approval from PSEC prior to implementing changes to the
compensation of excluded staff, unless the change falls within the PSEC-approved plan.
30

19. KPUs Board should implement a formal orientation process for new Board members that includes
elements such as the Universitys structure and operating environment; strategic plan and objectives;
operational plans and measures of success; Board governance, expectations and performance
monitoring; KPU finances and Board fiduciary responsibility; and KPUs risk management framework and
process.
20. KPUs Board should receive and review regular reports of the Universitys performance against its
strategic objectives, including analyses of deviations from objectives and KPUs intended response.
21. Given the Presidents direct responsibility for risk management, overseen by the Board, the
operational responsibility for risk management should be reassigned directly to the President, or in the
alternate, the Board. Accordingly, risk management staff should report directly to the President or the
Board.
22. Using the ISO31000 risk management framework, KPU should develop a comprehensive risk register
as soon as possible, and use this register as the basis for regular reporting to the Board on the status of
risks and KPUs programs to manage them.
23. KPU should formally assign responsibility for the Code of Conduct to a senior staff member, and this
responsibility should include the development and delivery of an implementation plan as well as
periodic review and updating of the Code.
24. Using a well-established control framework (e.g., COSO Internal Control-Integrated Framework), KPU
should assess, enhance and/or implement controls related to key financial areas and processes. These
activities should include identification of key controls and control gaps in high priority processes for the
University. Testing of such key controls should occur on a regular basis.

31