REPORT NUMBER 141 OF THE AUDIT COMMITTEE
March 3, 2021
To the Business Board,
University of Toronto
Your Committee reports that it held a virtual meeting on Wednesday, March 3, 2021, at 4:00 p.m. with the following members present:
Janet Ecker (Chair), Joanne McNamara (Vice-Chair), Teodora Dechev, Robert Boeckner, Kathryn Jenkins, Sue Graham-Nutter, Rajiv Mathur, Andrew Szende, Lara Zink
Mark L. Britt (Director, Internal Audit), Sheila Brown (Chief Financial Officer), Sheree Drummond (Secretary, Governing Council), Scott Mabury (Vice President, Operations and Real Estate Partnerships),
Tracey Gameiro, Secretary, Audit Committee
Diana Brouwer (Ernst & Young), Alanna Charles (Ernst & Young), Daniel Ottini (Deputy Director, Internal Audit), Pierre Piché (Controller and Director of Financial Services)
The Audit Committee met in Closed Session.
ITEM 2 WAS APPROVED. ALL OTHER ITEMS ARE REPORTED TO THE BUSINESS BOARD FOR INFORMATION.
Pursuant to section 6.1 of the Audit Committee Terms of Reference, consideration of items 9 and 10 took place in camera.
- Chair’s Remarks
The Chair welcomed members and guests to the meeting and reminded those in attendance that the Committee meets in closed session.
- Report of the Previous Meeting
Report Number 140, from the meeting of December 1, 2020, was approved.
- Business Arising from the Report of the Previous Meeting
There was no business arising from the report of the previous meeting.
- Risk Assessment Report 2020
Professor Mabury provided highlights of the Risk Assessment Report, 2020 (“the Report”). He reported that at the direction of the President and Chair of Governing Council in recognition of the significant and non-uniform impact of COVID on staff, many of whom acted as respondents for the Report, each portfolio was asked to respond only to the Top 11 risks identified in the 2019 Report.
A decision was also made to suspend the narrative portion of the Report. Professor Mabury considered this a loss as it was often the richest part of the Report, but indicated he looked forward to its return next year. Professor Mabury added that the Chief Financial Officer was not represented in the Report as that Office does not typically respond to the 11 remaining risks, nor do they have carriage of them.
As part of his presentation of the Report, Professor Mabury stated that input was received from 69 representatives of the 11 portfolios, and that while the number of risks had been reduced six-fold, the responses were more robust for this reduced list. He went on to explain that while risk management responsibility and accountability resided collectively with the administrative team across the institution, those portfolios having carriage of a particular risk saw their risk likelihood and significance override others within the Report. Professor Mabury noted that this year, in response to the Audit Committee’s recommendation last year, only 1-2 senior administrative leaders in each portfolio had access to the reports from previous years, rather than all respondents. Respondents could view responses from their particular portfolio, but not the full report.
Professor Mabury thanked Ms. Elizabeth Cragg, Director of the Office of the Vice-President, Operations and Real Estate Partnerships, for her extensive work on the Report. He maintained that while the global pandemic had not been included as a risk in previous risk reports, many associated risk mitigations such as the institution’s business continuity planning, and the pre-pandemic transition to Office 365, (including the University’s investment in Quercus which helped manage and support students taking courses online, and the installation of the VOIP-based phone system), resulted in a nimble and proactive response to the pandemic.
In his remarks, Professor Mabury reviewed the 11 risks, many of which had been affected or influenced by the pandemic:
- Social Activism
- Nation State Threats
- Data Security
- FIPPA breaches
- Collective Bargaining
- Emergency Communication
- Individual Behaviour
- System Development
- Political Government
Professor Mabury indicated that data was collected in four categories: Compliance, Financial, Operational and Strategic. He went on to advise that, given the circumstances, there were similarities in risk assessment results year over year, but of note this reporting year were data security and nation state threats. Professor Mabury commented that next year’s report would likely see changes to results for enrolment and reserves.
As part of his concluding remarks, Professor Mabury suggested that the Audit Committed could have a high degree of confidence in how the institution identified, communicated, and mitigated risk. Despite pandemics not appearing as a risk, Professor Mabury observed that the situation had been managed very well due to preparation in other areas of the University’s infrastructure and processes.
In the discussion that followed, Professor Mabury addressed the following:
- Having the appropriate people, including leading experts in the area, engaged at each stage had allowed the University to bring forth the right options and respond proactively. Leadership, both divisional and institutional had consistently come together to discuss issues and iterate on a decision on how to move forward. \
- Systems would continue to be revisited on a go forward basis, (e.g. ventilation), and would be directed by science and research to best determine where investments should be made.
- The most significant risk this year was cyber security. Together with the University of Alberta, UBC, McGill, McMaster, and Ryerson, the University of Toronto had founded the Canadian Shared Security Operations Centre (CanSSOC). CanSSOC was a specialized cyber security incident and threat detection centre focused on the higher education sector. Sixty institutions now participated.
- While this had been a unique year, it had caused Governing Council to re-evaluate what type of reporting would deliver value to senior administration, while recognizing the heavy time investment required across the shared service portfolios to complete the annual review.
- The mix of educational delivery methods was not identified as a risk in the 2019 report, and therefore was not one of the 11 areas reviewed in this year’s report. This was, however, now a top risk for the University, and instruction modalities continued to be assessed and re-assessed, accounting for variability around different divisions and academic programs.
- To continue to support diversification in international recruitment and source regions, 6% of international tuition revenue had been directed to provide scholarships to areas of the world that were underrepresented.
- Ancillary services suffered significant adverse budgetary consequences as a result of the reduction in on-campus activity, which would likely require deficit spending over the next several years to help shelter reserves.
- Impact of University Pension Plan Ontario on the Audited Financial Statements – April 30, 2021.
As per the Committee’s request, Dr. Pierre Piché, Controller and Director of Financial Services, provided an update on the impact of the University Pension Plan (UPP), on the audited financial statements. Comments from Dr. Piché included the following:
- Changes to the Registered Pension Plan were more in line with a plan amendment and therefore, it was appropriate to value the pension obligations as at April 30, 2021 using the UPP assumptions.
- Past service liability would remain on the University’s books subsequent to July 1, 2021, to be paid to the UPP over a period of 15 years.
- Liability for past service would be adjusted in the future based on changes to the UPP’s actuarial assumptions and for changes in experience in future periods, as they would continue to be the University’s responsibility to fund for the first 10 years, after which responsibility for such changes would gradually be shared with the other participants of the UPP over time.
- As a result of joining the UPP at July 1, 2021, changes were proposed to notes 2(h) and 5, of the University’s April 30, 2021 financial statements, regarding employee benefit plans.
In response to a member’s question, Dr. Piché stated that the key difference between the UPP actuarial assumptions and those used by the University of Toronto in measuring the accrued benefit obligation and benefit costs was the discount rate.
The Chair thanked Dr. Piché for his report, and noted that the draft audited financial statements would be considered by the Committee in Cycle 5, at its April 26, 2021 meeting.
- Reports of the Administrative Assessors
In response to a member’s question submitted in advance and prompted by Laurentian University’s recent insolvency, Chief Financial Officer, Ms. Sheila Brown clarified that the University had diverse revenue sources and did not use research grant funds for operating purposes.
There were no other reports from the Administrative assessors.
- Date of the Next Meeting - Monday, April 26, 2021
Members were reminded that the next meeting was scheduled for Monday, April 26, 2020.
- Other Business
No other business was noted.
THE COMMITTEE MOVED IN CAMERA.
- Internal Auditor – Private Meeting
Members of the administration as well as the Committee Secretary absented themselves and the Committee met privately with the Director of Internal Audit.
- Committee Members Alone
Committee members discussed topics of interest and concern.
The Committee returned to Closed Session.
The meeting adjourned at 5:41 p.m.
March 8, 2021