if? 1&"26151 it is. Jeff. Piease ?nd attached all mv comments on the draft report of the internal audit of the University?s investment function. i inctoded all sections because some earlier drafts were modified. My comments are in red. have copied individuals relevant to the audit. You must feet fortunate to have a staff with such broad expertise and experience who are ahie to orescrihe detailed recommendations on issues ranging from the optimal governance structure at a top ten. high performing endowment. oert?ormance review design. due diligence. document retention and so much more. I suggest you consider tightening tie on the style of the reports. The ?ndings may come across as accusatory and vindictn-e to oeopie not tarnitiar with your style. which can he hath upsetting and demoralizing to staff. I don't think that is the intent. Aiso consider sticking to facts that can be veri?ed and provide support have spent a lot of time checlono the allegations in the draft ?ndings for accuracy since i received it late last Friday afternoon. including the weekend. as others covered by this audit have as wail. Not hovtr imagined wrapping as my ahsoioteiv busiest tirne of the veer. And think of describing the totalityr of the investment function at the University tor contest and avoid generalized to reduce the chance that the casoei reader may conciude there is something seriouslv wrong with just shoot everv aspect of the process of managing the Universitv's endowment. Jt??i?il Eriit Lends-erg. CFA Chief investment Officer University of Michigan 1. Governance Structure High Issue: Due to the complexity of investment activities and their ?nancial signi?cance to the University, a framework for providing active oversight is necessary. A formal, organizational reporting structure is in place, but evidence of review and approval of these actions are not documented. Risk: The investment Of?ce could operate outside the parameters set by the Board of Regents. Without active monitoring and oversight, increases in the overall risk of the University? 5 portfolio may not receive preper attention of University leadership. Support: The Investment Of?ce reports to the Executive Vice President and Chief Financial Of?cer The EVPCFO under Regent Bylaw 3.07 delegated certain authority to the Chief Investment Of?cer as indicated in University Standard Practice Guide Section 601.24, Delegation ofAuthority to Bind the University to External Agreements on Business and Financial Matters. While an organizational reporting structure is in place, a governance structure would assist the EVPCFO and the Board of Regents in providing active oversight of investment activities. in the current economic and regulatory environment, the necessity of a governance structure is heightened. Collectively, the issues identi?ed during the audit emphasized the need for a governance structure that monitors accountability, enforces policies, assesses risk and compliance, and informs the and the Board of Regents. Some investment related decisions are not transparent and there is no oversight to verify that transactions fall within the parameters authorized by the Board of Regents. For example, historically, the Board of Regents has approved allocation changes to the Long Term Pool {LTPimodel portfolio. The model portfolio has increased to the current target of 40% without documented approval from the Board of Regents. Actual allocation at ?scal year-end 2014 and2013 were 46.8% and 49.4%, respectively. Additional areas of strategic importance that merit increased oversight and monitoring include review of: - Liquidity Established liquidity thresholds. - Benchmarks Documented approval of changes. - Asset allocation Initial allocation of individual investments and any changes. Categorization of asset classes Reasonabieness in comparison with the categorization of assets recorded in the Universitv's audited ?nancial statements. Recommendation: Establish a governance structure leg, investment Committee) that provides effective oversight and monitoring of Investment Of?ce activities. Monitoring needs to be comprehensive to understand the impact of activities in one area and the effects of those activities on other areas. The framework should articulate the purpose and objectives of the structure. Kev attributes of the governance structure should include: I individuals as part of the governance structure should be sufficientlv knowledgeable. serve on a rotational basis, provide diverse views, and engage outside consultants when appropriate. Establishing policies that are periodically reviewed and revised. Formalize the investment stra tegv policy: duties and responsibilities ofall parties involved, diversi?cation and rehalancing guidelines, due diligence criteria for selecting investments, procedures for controlling and accounting for investment expenses, etc. Other policies include: asset allocation, liquidity, risk tolerance - Monitoring the selection and performance of fund managers and third-party marketers or placement agents. - Reviewing all fees incurred by or on behalf of the portfolio for reasonableness. - Setting and evaluating performance goals of the portfolio to verify objectives are being met. . Documenting guidelines for timeliness and completeness ofinformation presented to the Board of Regants. - Resolving all questions of interpretation of policy As the structure is being developed: - implement the recommendations defined in prior vear internal memos prepared by Financial Operations regarding incentive plan calculations ef?ciencies of using TWR over Modi?ed Dietz]. - Consider engaging an external party to review the appropriateness hedge fund of funds composite index in absolute return, Cambridge Associate College and Endowment Universe) of current benchmarks and the potential for inclusion of a risk ratio leg, Sharpe}. investment consultant is continuously being consulted on adjustments to the Investment Of?ce Incentive Plan, which includes the use of Model Portfolio benchmarks. Document approval for all benchmark changes, including the reason for the change} Comment: All initial benchmarks used in the Model Portfolio and subsequent changes thereto were thoroughly document for rationale, discussed with the CFO, the Investment Advisory Committee, the University?s consultant Cambridge Associates and the Controller's Of?ce before being formally implemented. 2. Reconciliation of investment Commitments Medium issue: The process for reconciling investment commitments to the amount or asset allocation approved hv the Board of Regents is not consistent. Risk: The University may be entering into commitments that do not reflect the information presented to or approved by the Board of Regents. Support: To communicate new investment information to all interested parties Financial Operations, Of?ce of General Counsel, Tax Department) investment Of?ce staff send a fund closing notice email that contains the name ofthe investment, asset allocation, amount invested, etc. In some instances, fund closing notices are sent in advance of formal approval bv the Board of Regents. New commitments are tracked by fiscal year bv the Investment Accounting group in Financial Operations on an Excei spreadsheet using information from the fund closing notice. There has been internal miscommunication regarding when Regent communications Request 2. Reconciliation of investment Commitments Medium for Action, Item of information) are necessarv. Staff interpretations of the Request for Action relating to Alternative Asset Investment adopted in Mav 1994 have been inconsistent. In July 201:1, the Director of Risk Management documented guidelines for the Investment Office to present certain investments follow-on, add-on} for Board of Regents approval or noti?cation. Approval for additional and co-investment commitments up to an additional are, at times, approved as part of the Action Item of the original investment; however, approved Action items are not sent with the fund closing notice and the investment Accounting group may not alwavs know what historical Action item to reference for support of the additional commitment. The spreadsheet of new partnership fund commitments made in ?scal year 2014, as tracked by Investment Accounting group, and the spreadsheet of remaining commitments were reviewed. Of the 43 new partnership fund commitments, excluding commitments as part of the Michigan Investment in New Technology Startups program, testing showed there were missing and delayed Board of Regents communications and inaccurate recording of commitments. Before wires are sent, staff in the Treasurer?s Of?ce compares the amount in the remaining commitment spreadsheet tracked by Investment Accounting group to verify there are funds committed and available. No individual is tasked with verifying contracts are fully executed countersigned) before wires are sent out. Recommendation: Collaborate with the investment Accounting group, Tax Department, and Treasurer?s Office to clarify the process and responsibilities for recording and reconciling investment commitments. As part of the process: 0 Develop a form that takes place of the fund closing notice email to provide necessarv closing information for all investment types, including direct investments and corinvestments {see recommendation for issue 4). Reconcile information on the form, speci?callv the amount listed and asset allocation, to Board of Regents approval. - For current remaining commitments, verify the amount committed is accurate and supported by the Board of Regents approval. I Validate all contracts are fullyr executed prior to sending wires. - Develop a process for escalating and resolving discrepancies. 3. Due Diligence Requirements issue: Continual business and operational due diligence is not performed for all investments. Risk: Without suf?cient and continual due diligence, the University may be taking on elevated levels of ?nancial risk through its investment holdings. Reputational risk may exist if con?icts of interest are not identi?ed or if the University is invested with fund managers or have dealt with placement agents that are inexperienced, not credentialed, or have had failed previous investments. Support: It is industry standard and best practice of peer institutions Duke University} to conduct operational due diligence of each investment, including site visits, on an annual basis. Operational due diligence was performed June 2011 through August 2012 by members of the investment Office. Approximately 35 site visits were conducted, specifically hedge fund managers and equity and ?xed income managers. Two managers received final summations that were below satisfactory. A documented and ongoing, rotational schedule speci?cally for those managers that are not performing as expected does not exist. Business due diligence, including experience, track record, strategy, and operational review is the responsibility of each manager to perform prior to proposing new investments. Each year, the external auditors perform existence and con?rmation testing {on a sample basis] for investments. Due to the materiality thresholds, among other considerations, con?rmations of existence were not sent by external auditors to all investments. In fiscal year 2014, approximately or 5% of all investments were not confirmed. Con?rmation of existence is not veri?ed and independently audited ?nancial statements are not requested by the Investment Office or the Investment Accounting group for all unselected investments. External audit observations in prior years have indicated a need for the Investment Of?ce to maximize their use of their customer relationship management software (Salesforce) to manage current and potential investment manager relationships. Information is not consistently recorded by Investment Of?ce staff, including site visits and periodic updates. The Investment Of?ce has not yet developed standards for the types, categories, and format of information to be included in Salesforce. Recommendation: Perform operational reviews with greater regularity: - Develop and document an ongoing, rotational schedule for verifying operational due diligence of existing fund managers. include procedures for managing investments with fund managers that have less than satisfactory Operations. - Engage the Manager of Investment Operations as necessary to verify operations are suf?ciently reviewed and concerns are resolved prior to making an investment. On an annuai basis, consider verifying the existence of assets that are not selected by external auditors to close the gap of investments that are continually not selected. - Develop and document standards for the types, categories, and format of information to be included in Saiesforce. - Monitor staff to verify they are consistently recording required information in Saiesforce. 4. Supporting Documentation for investments Risk: Incomplete lack of counterparty signature) or missing investment documents may not satisfy legal requirements or allow the Tax Department to accurately report University tax information. investments may not be communicated to the Board of Regents. Support: Retained investment documents vary by manager and by investment type venture capital}. As of October 2014, at least 30 contracts on ?le were not fully executed copies lie, signed by co unterpartv}. in 2014, the University invested approximately STUM in its only direct investment. Review of supporting documentation showed that: - No fund closing notice was sent. - Contracts were not verified as being fullv executed before funds were wired out. Investment documents including the contingent capital commitment and investor support and undertaking agreement do not have a counterpartv signature. The Board of Regents was to receive an Item of Information regarding this investment in February 2014; the item was presented in September 2014. A complete listing of current investments that generate Schedule K?l forms partnerships, corporations} is not available. Both the Document Coordinator and other investment Of?ce staff send Schedule forms to the Tax Department as they are received. Recommendation: Develop and implement a checklist for use by staff, including managers and directors, that details required documents and activities for each investment direct), including retention of investment proposals, evidence of business and operational due diligence, fund closing notice, fully' executed contracts, Board of Regents approval, etc. The checklist should be signed bv both the manager of the investment and the Document Coordinator before the investment is considered complete and documents can be ?led. To verify investment documents are complete and retained, develop a department document retention and destruction policy, in line with University Standard Practice Guide Section 604.01, Departmental Record Retention for Business and Financial Records, to standardize the process for all staff. As part of the policy, include escalation procedures for when required items are not complete contracts not countersigned}. Limit the responsibility for investment document destruction to the Document Coordinator. To aid external units in their processing of new, follow-on, and add-on investments, use the form developed with Investment Accounting group, Tax Department, and Treasurer?s Office (See recommendation for issue 2). At a minimum, the form should contain: . Name of investment 0 Type of investment le.g., direct, co-invest] and asset allocation ie.g., venture capital] - Amount committed and currency - Account number - Closing date a Type of Regent communication required Item of Information, Request for Action) and when it was presented or when it is scheduled to be presented. if no Regent communication is required, list the explanation as to why it is considered an exception follow-on). For the purpose of accurate tax reporting, include procedures to verify that all Schedule K?l forms have been sent to the Tax Department. All Schedule forms received by other staff should be routed through the Document Coordinator to establish one point of contact. Consider adding verbiage to contracts requiring the forms to be sent directly to the Tax Department. 5. Performance Evaluations Issue: The performance evaluation process is not documented and is not transparent to participants, including reviewers outside the investment Office. Risk: The process may appear to be more subjective than intended. Reviewers may not feel encouraged to provide honest feedback for fear of retaliation or harm to business relationships. Support: There are two annual performance evaluation processes, one for staff that are part of the Investment Of?ce Incentive Plan and one for those that are not; neither evaluation process is Incentive Plan. For those staff that are part of the Incentive Plan, the overall performance evaluation rating has a direct impact on the incentive compensation earned. Total incentive compensation earned by the 10 participating staff members for ?scal vear 2013 was $2,752,560 with three staff to receive approximatelv 75% of total compensation earned. Based on a review of the process and interviews with investment Of?ce staff and reviewers outside the lnvestme n1: Office. the following is noted: - At the beginning of the evaluation process, each staff identi?es reviewers, internal and external to the investment Of?ce that they expect to review their performance for the vear. Reviewers can be changed or removed at the discretion of the Chief investment Of?cer. in some instances not all reviewers complete the feedback survev, making it unclear to staff who actually reviewed them. a The process is intended to be confidential. Comments and ratings are collected through a feedback survev link sent by the Assistant Director for Bene?ts Administration. However. the fu ii results are sent to the Chief Investment Of?cer who is able to attribute ratings and comments to each reviewer. 0 Evidence shows that in the past, reviewers have been asked to adjust their comments or limit their ratings. Both internal and external reviewers expressed concerns about the confidentiality of the process and their willingness to be completely honest. - Not all participants, including those external to the Investment Office, are aware of the impact of their rating. Ratings are weighted depending on how well the reviewer knows the individual, as indicated by the reviewer. Nonresponses and those marked as not applicable are given a weight of zero. - The number of reviewers per staff varies as does the reviewer?s relationship with the individual. 0 Of the eight evaluations reviewed, two were not in the emplovee?s personnel ?le and one evaluation could not be located at all. Recommendation: Document the performance evaluation processes for both administrative staff and those that are part of the investment Of?ce incentive Plan. As part of the Incentive Plan, include steps to address the following: - Anv changes leg, replacement, removal) to reviewers should be communicated to the staff member being reviewed. - To fulfill the intent of the process, comments and ratings should remain con?dential. Before the feedback data is sent to the Chief investment Of?cer, the Assistant Director for Bene?ts Administration should remove the names of all reviewers. I The rating process should be made clear to staff members and reviewers before the survey is distributed. Participants should be made aware of how responses are weighted. - All evaluations should be retained in the employee?s personnel file. 6. Board Participation and Compensation - Medium Signi?cance Issue: A documented management action plan does not exist for the participation and compensation of the Chief Investment Of?cer on external boards. Risk: Because Business and Finance senior staffare key decision makers, conflicts of interest and conflicts of commitment {either in actuality or in appearance} could lead to situations that are not advantageous to the University. Lack of compliance by senior staff with University and department policies may undermine the significance of the policy to other staff members. Support: For staff, the Investment Office Conflict of interest policy requires board participation to have written approval and all compensation received to be paid to the University. The Chief Investment Officer is required to comply with Business and Finance Conflict of Interest Policy, which incorporates the University Standard Practice Guide Section 201.65-1, Conflicts of Interest and Conflicts of Commitment. This policy does not speci?cally address board participation or compensation. The most recent conflict of interest and con?ict of commitment disclosure form completed by the cro was signed and dated 1/11f2013. The CIO is compensated for his participation on two of the boards listed on his disclosure form, one is a board of an investment fund and the other is a board of a foundation. Given that a management plan is not documented, University Audits was unable to determine details or requirements of the arrangement, speci?cally when it began. Per the CED, it was the undocumented understanding between him and the former Chief Financial Of?cer that his participation on the boards is advantageous to the University and that all compensation received for participation on the board of the investment fund would be donated to the University of Michigan investment Of?ce Scholarship Fund. As part of the understanding, compensation received for participation on the foundation board was not required to he donated. The Eli) stated that he would donate all compensation from the foundation board beginning calendar veer 2015. Since 2006, compensation received by the CIO from the foundation board totals $39,000 and compensation received by the CIO from the investment fund hoard totals $627,500. There is no individual outside the Investment Office that is responsible for reconciling the compensation received by the C10 and the amount paid to the Universitv. Given that the CIO does not personallv pay for travel expenses to attend board meetings and events and he does not use vacation time to participate, tax code requires all compensation to be paid to the University. Recommendation: 1- Anv management plans agreed to by the CIO and the Chief Financial Of?cer should be documented and retained on ?le. The plan should detail the parameters of participation including expectations of time commitments and payment of travel expenses. All compensation for participation of the C10 should be paid directly to the University. To mitigate any tax related concerns, consider discussing current and future commitments with the Tax Department. It To support and encourage Investment Of?ce operations, it is best practice that the C10 continues to follow the investment Of?ce Conflict of Interest policy in addition to the Business and Finance Con?ict of interest policy. The Eli) should complete a conflict of interest and conflict of commitment disclosure form on an annual basis. I identify an individual outside the Investment Of?ce to reconcile reported compensation prospectus and tail.r form information) with the amount received by the University to verify compliance with tax code and department policy. Monitoring of Personal Investments Medium Signi?cance Issue: An independent validation process does not exist to verify employees are in compliance with the investment Office Conflict of Interest policy regarding personal trading of prohibited investments. Comment: The need for an independent validation process needs to be weighed against the cost and bene?t of such a process. Risk: Con?dence in the management of the endowment can be undermined if there is the perception that the Investment Of?ce does not have suf?cient policies and procedures in place to prevent improper personal investing. Support: The investment Office is in a unique position to initiate investment transactions and access nonpublic information on behalf of the University. The department conflict of interest policy provides guidelines for personal investing and speci?cally prohibits investing based on nonpublic information. Any personal transaction that has the potential to be a prohibited investment must be disclosed through self-reporting in advance of the transaction to the Chief investment Of?cer (CID), and in the case of the to the Chief Financial Of?cer. No documented self-reporting or policy disclosures were evidenced for ?scal year 2014. Recommendation: Because of the access to information afforded to employees by their assigned responsibilities, the personal investments of employees should be monitored at least annually to verify compliance with federal laws and department requirements. On an annual basis, employees should ?le a comprehensive ?nancial disclosure attesting that they have not personally traded in any prohibited investments. This is best practice amongst peer institutions University of Texas investment Management Company}. New employees should attest within SO days after the date they were employed by the Investment Office. To verifv compliance, the new governance structure {see issue 1] should consider additional steps such as random audits of personai brokerage statements performed by an individual outside the investment Of?ce. Disclosure and approval of personal trading activities should be documented and retained. Update the department con?ict of interest policv to include disciplinarv actions for policy violations failing to pre-clear transactions}. The updated policv should be reviewed by the Chief Financiai Officer and the Of?ce of General Counsel as warranted. 8. Employee Travel and Expenses issue: Departmental review of procurement expenses, including those for travel and hosting, does not consistently verify expenses comply with procurement policies before approval. Risk: The University may be paying for additional expenses that are unrelated to University business. Support: For the period of January 2013 through June 2014, hotel charges were approximately $105k and air travei was approximately $2Y4k, inclusive of change and agent fees. Of the 15 expense reports sampled, the following were noted as exceptions to the University Standard Practice Guide Section 501101, Travel and Business Hosting Expenses Policies and Procedures for Concur Users: - No pre?approval was evident for any business class flights from the Chief investment Officer or in the case ofthe (310, the Chief Financial Of?cer. Of these ?ights, two were in excess of $13k and at least one other ?ight, while international, was not over 8 hours in duration. Lack of clear business purpose for multiple expenses. - Per diems were claimed for personal travel day and when meals were provided. Dther exceptions include supervisor approvai of an expense they were part of, an improper hosting expense, and unclear flight class docvmentation. While not explicitiv against SPG, the following were noted as deviations from niversitv best practices: - Hotel expenses were significantly higher than typical for the University. Of the sampled reports, some hotel charges were in excess of $600inight. - At least one report contained expenses where an individual arrived in advance of time required because it was more economical; however, support was not submitted in the University's travel and expense system. 1: External vendors Delta Vacations) were used without submitting support to show that it was a more economical option. Recommendation: Reeducate personnel responsible for preparing, reviewing, and approving expenses to verify expenses are compliant with University SPG, speci?cally Section 50101, General Policies and Procedures and Section 50110-1, Travel and Business Hosting Expenses Policies and Procedures for Concur Users. - All business class travel for international nonstop ?ights that exceed 8 hours in duration are required to be preapproved by a senior University official. Evidence of approval should be included as sopport for the expense in the University?s travel and expense system. - The business purpose for each line item should indicate the manager meeting, event attended, etc. instead of a vague business purpose for the all expenses for the entire trip. - Business hosting should be directly related to University business. Those that host or attend a hosted meal while on travel status must forego a portion of their per diem for the hosted meal. - To simplify the approval process, documentation for air travel should include class information. - To avoid the perception that supervisors are approving their own expenses, when an expense is incurred for a group, the senior most individual should pay for the expense. . Flights booked less than 14 days in advance of the trip require written explanation for the booking delay for approval. in addition, educate staff as to University best practices: - As responsible ?scal stewards of University funds, the most economical hotel should be chosen with consideration of proximity and safety when stays are not for a meeting or conference held at the hotel. Advanced preparation and travel planning will help to reduce expenses associated with the cost of changing flights, incurring hotel cancellation fees, etc. 0 Submit support in the travel and expense system to show that external vendors or advance arrival options were more economical. I Itineraries to support attended meetings and events, including conference brochures, etc. 3. Employee Travel and Expenses Medium should be included as support in the travel and expense system to assist in calculating accurate per diems. - Prepaid hotel bookings should be supported by an itemized receipt once the stay has taken place. - Instances of continued noncompliance could be reported to the University Compliance Hotline. 9. Gift Policy - Medium issue: investment Office employees are not taxed on gifts and items they receive from external parties le.g., fund managers}. Risk: A staff member?s ability to make fair and objective business decisions may be compromised by their acceptance of gifts, including trips. Acceptance of these gifts may also create a personal tax liability for employees without their realization. Support: The Investment Of?ce receives gifts throughout the year from fund managers, after entering into new investments, etc. The Investment Of?ce does not receive gifts after entering into new investments. A gift log is kept ofal! received gifts at the Investment Of?ce, but may not be complete given that gifts are, at times, received at home addresses or while travelling to attend annual investor meetings. The Investment Of?ce Con?ict of Interest policy was modified during the audit to include guidelines for gifts. The prior department policy stated that staff members were to act in accordance with the University of Michigan Business and Finance Vendor Gift and Gratuity Policy. The policy now states members should act in accordance with BELF policy, ?to the extent not inconsistent? with the department policy: - The BELF policy directs employees not to accept gifts unless they are unsolicited promotional materials ofa general nature and that are of nominal value le.g., pencils). - Investment Office policv allows for the acceptance of gifts through a process that includes no-cost alcohol] and ?xed-cost raf?es of received items for staff members. Proceeds are to be donated to charity. Through observations and interviews, the following is noted: Received gifts are stored in the investment Office and, at times, have disappeared. - Baffled or purchased gifts are not always purchased at fair market value. - Donations are not always made immediately after the raf?e; one donation for an item won in April was not made until Julv, coinciding with when the process was audited. Gifts received in ?scal vear 2014 were not generic or of nominal value, including bottles of wine and champagne, Tumi luggage, and a Lore Piana hat. For these items, a total of approximate-Iv $75 was donated to a local charity. As a department, the Investment Of?ce should follow BELF policv and not accept gifts, including those related to fund closings or that are personalized le.g., signed memorabilia}. To reduce the administration and handling of gifts, the investment Office should send out an annual letter to those individuals or organizations that generallv send gifts fund managers) stating that investment Office staff does not accept gifts and that sent gifts will be refused. Consider including verbiage to future contracts that does not allow gifts. It is acknowledged that some ofthe items received are branded, in these instances staff should work with the Tax Department to verify the appropriate actions to be taken regarding personal tax liability, if any. 10. Con?ict of Interest and Commitment Documentation Issue: Investment Of?ce staff did not complete conflict of interest or con?ict of commitment forms in ?scal year 2014. Risk: Con?icts of interest and con?icts of commitment may not be identi?ed resulting in noncompliance with federal and state laws, as well as University and unit policy. Support: The Investment Office has a department con?ict of interest policy that requires annual attestation by staff. In fiscal year 2014, no potential or actual disclosures were documented as reported to the Chief Investment Of?cer The disclosure process changed in July 2014 to require staff members to complete the form each year during performance evaluations. An email requesting staff to complete the form for ?scal year 2015 was sent out at the end ofiuly 2014. Recommendation: University of Michigan Standard Practice Guide Section 20165-1, Con?icts of Interest and Con?icts of Commitment requires all staff members to disclose all actual or potential conflicts of interest or con?icts of commitment to their supervisor. For staff in the investment Office, conflicts should be reported to the CIO, and in the case of the CIO, to the Chief Financial Of?cer as potential conflicts arise or are identi?ed. To incorporate best practices, complete the attestation process annually and update the department policy to include procedures for evaluating disclosures and managing con?icts as well as for responding to alleged violations of unit and SPG policies. 11. Standardization of investment Proposal Presentation - importance: Medium issue: Not all proposals for new investments cover the same areas and performance of due diligence varies. Risk: The University mal,f invest in investments that have not been sufficiently reviewed through primary research, which could increase the overall risk of the investment. Support: Staff present proposals for new investments at weekly meetings. Each manager has their own process for obtaining and presenting information. One reviewed proposal identi?ed a con?ict of interest where an empiovee had personal holdings in the proposed investment; however, there was no documentation detailing how the conflict was to be managed, if at all. Recommendation: To streamline review and decision-making, standardize new investment proposals to the extent possible to verify all investments have had the same types of due diligence site visit} and review performed before it is presented for consideration by the investment Office staff. As an of?ce, define and document the most relevant information and steps to be performed before proposal of a new investment for the University. Consider developing a proposal template that includes a checklist to verify, among other items, that the proposed investment is not restricted bv the Board of Regents. As part of the due diligence performed bv staff, include steps in the checklist to verify and conclude that no conflict of interest or commitment exists between investment Office employees or members of the investment Advisoryr Committee and fund managers, placement agents, personal accounting holdings, etc. if a conflict is identi?ed, include procedures to review and manage the conflict in accordance with University Standard Practice Guide Section 201.554, Conflicts of Interest and Con?icts of Commitment and department policv. Due diligence should include both business and operational due diligence components, engaging the Manager of Investment Operations as necessary. Retain alt proposals as part of supporting documentation for the new, approved investment. 12. Cash Handling and Deposit Certi?cation Issue: Department cash handling practices do not comply with Universitv cash management requirements, including completion of required training. Risk: There is the potential for undetected loss or misappropriation of cash and cash equivalents. individuals responsible for cash management may not be aware of the proper internal controls to reduce this risk and to verify that the University?s general ledger is accurate. Support: Within the Investment Office, documented check register procedures exist. The Investment l{Ih?fice receives cash and cash equivalents for: - Reimbursements for travel expenses for staff that participate on external boards. These checks are deposited at Bank of America. Fiscal year 2014 deposits were $11361 - investment related checks le.g., rebate ef management fees}. These checks are deposited at Bank of New York Mellon. At times, gift cards are received as gifts from fund managers, etc. in review of the department?s check register, the foliowing is noted: - Staff is not consistently reconciling to verify that checks are deposited. As of 7f23l2014, there was no documented veri?cation for at least one year, inciuding a check in excess of $150]: that was processed for deposit at Bank of New York Mellon. - Deposit legs of 2-4 days were noted between the date the check was received and the date the check was processed for deposit. II Checks for deposit at Bank of America are not restrictively endorsed when the check is received; they are endorsed by the individual that deposits the check. - in some instances, the individual that received and deposited check were the same. Although several individuals handle and deposit checks, only one has taken any of the required cash handling and depository trainings required by the University Standard Practice Guide Section 519.03, Cash Management Poiicies. Recommendation: Investigate the ability to have investment checks sent directly to the Bank of New York Mellon and for external boards to arrange for staff travel directly to eliminate handling of checks. if checks continue to he received, reeducate staff about the requirements of SPG, speci?cally on the following: I Deposit all checks into a University account on the date ofcollection. Where this is impractical and where the total deposit is less than $500, the deposit must be made within one business day of collection. The Treasurer?s Of?ce must approve any exceptions. I Restrictively endorse checks when they are received. I Reconcile checks I Segregate responsibilities so that one individuai cannot receive, deposit, and reconcile checks. I Control access to cash and cash equivalents, deposit supplies, and account information. Store cash equivalents checks, gift cards) in a locked safe or cash drawer. I All individuals that handle or deposit cash and cash equivalents must be certi?ed in the TMEIUS cash handling course. Any analyst or individual that processes checks for deposit, including those for Bank of New York Mellon, are required to complete depository training. I Designate an individual to monitor the certi?cation status of the employees responsible for cash management activities to confirm that they remain certi?ed on a continual basis. in addition, consider the following best practices: I All checks received, regardless of to whom they are made payable, should be logged. I Do not maintain copies of checks. I Reimbursements from external parties for travel expenses should be made payable to the University. I Update check register procedures as necessary to indicate the accurate individuals responsible for each step in the investment Of?ce process initiator, processor, veri?er}. 13. Gap Analysis issue: The internal controls certi?cation for fiscal year 2013 was not accurate. Risk: Operating, monitoring, and oversight controls may not be adequate or compliant with University requirements. Control gaps may not be addressed, resulting in improper practices in the management of human, financial, physical, and information resources. Support: Based on review of the fiscal year 2013 internal control certification form: a The compliancefhotiine section was marked as in compliance; however, a communication informing staff of the reporting process for incidents and concerns was not sent out by the Chief Investment Of?cer. I As part ofthe ?scal year 2013 gap analysis, P-Card limits were analyzed and proposed limit reductions were discussed with the Chief investment Of?cer. No reductions were submitted for processing by Procurement Services. P-Card gap analysis guidance from the Of?ce of internal Controls states that a reduction of credit limits is warranted if maximum spend is less than half the credit limit. In review of the last two fiscal years, four individuals have spent less than half their credit limit. 0 Evidence of the completed gap analysis review was not retained for the most recent year. The gap analysis tools used may not have been the most current tools available from the Of?ce of Internal Controls? website. Some issues identified during the audit could have been self-identi?ed by the gap analysis and corrected through the annual certi?cation process including: - Cash Handling and Deposit Certification {see issue 12]. Cash handling processes were marked as not applicable; however the department routinelvI receives checks for reimbursements and investment distributions. - Employee Travel and Expenses {see issue Recommendation: Use the current tools available from the Of?ce of internal Controls for completion of the gap analvsis and internal control certi?cation form. Retain evidence of the completed gap analvsis. To accurately complete the annual internal control certi?cation: - Clearly identify roles and responsibilities for completion of the gap analysis and certi?cation. The identi?ed individuals should have access to necessarv management oversight reports, speci?callv through MReports to perform their responsibilities. 0 The Chief Investment Of?cer should send out a communication each year reminding staff of the process for reporting incidents and concerns at U-M. - Reduce the credit limits of P-Card holders using the guidance of the Of?ce of internal Controls. When a business purpose warrants a temporarv credit limit increase leg, Investment Advisorv Committee meetings], complete and submit the P-Card Limit Change Request Form in advance to Procurement Services. Document and retain the 13. Gap Analysis Medium annual review of P-Card holders and limits completed as part ofthe internal control certification process. 14. International Travel Registry Importance Medium Issue: International travel is not consistently registered in the University Travel Registry. Risk: Faculty, staff, or students may find themselves in situations that require University support to ensure their health or safety. Without accurate information in the Travel Registry, it may be dif?cult for the University to properly assist individuals and in a timely manner. Support: University Standard Practice Guide Section 601.31, International Travel Policy requires that all international travel for University-related purposes be registered in the University Travel Registry. A sample of expense reports were reviewed from the last two ?scal years, six contained international travel. Foreign travel expenses for ?scal year 2014 were approximately $100k. 0f the travel included on the six reports, two international trips were not registered with the Travel Registry. Recommendation: Register all University related international travel. Reeducate individuals, particularly those with responsibilities for registering travel, that all international travei for University related must be registered in the University Travel Registry. To verify that registered travel information is accurate: When there are multiple destinations in a trip Norway, United Kingdom, Sweden} record the days spent at each location separately. - Remove travel from the registry when trips are cancelled. 15. Policies and Procedures Importance Medium Issue: Although there are established processes within the Investment Office. procedures for signi?cant processes are not fuliv documented or have not been communicated to staff. Risk: Undocumented processes do not promote transparency, may result in inconsistent application of procedures, and is not efficient for continuitv of operations. Support: Documented procedures exist for certain processes check register. operational due diligence}. Interviews conducted during fieldwork identi?ed several significant processes that were either unclear or understood differently amongst staff. Work from homefoffsite arrangements are a recent development and the details of these arrangements travel and expense obligations of the employee and the University} have not vet been documented. Recommendation: Update or document significant Investment Office policies and procedures to reflect current processes. Examples of significant processes identi?ed during the audit include: Working from homeioffsite and remote employees. - Criteria for advancement, including position descriptions and responsibilities. 0 Annual performance evaluations, including expectations for staff that are not part of the incentive plan. - Employee hiring and orientation, continuous training and professional development, and termination. - Document retention and destruction Reference related policies from the University Standard Practice Guide where appropriate and clearly de?ne the department policy when it is more restrictive than the SPG. As part of documented department procedures: 1' Clearly identify the employeeis} responsible for completing each task. 0 Confirm segregation of duties exist where warranted. - identify training opportunities for staff to increase their knowledge of University systems, reports, and processes as applicable. - Establish a procedure to periodically review documentation to verify that it is reflective of current processes.