Report: Audit Committee - November 30, 2022

Simcoe Hall Rm 209 Boardroom, 2nd floor


NOVEMBEr 30, 2022

To the Business Board,
University of Toronto

Your Committee reports that it held a meeting in the Boardroom, Simcoe Hall, on Wednesday, November 30, 2022, at 4:00 p.m. with the following:

Joanne McNamara (Chair), Teodora Dechev (Vice-Chair)*, Sue Graham-Nutter,  Rajiv Mathur, Paul Huyer, Rima Ramchandani, Lara Zink

David Bowden

Non-Voting Assessors:

Trevor Rodgers, Chief Financial Officer
Sheree Drummond, Secretary of the Governing Council
Scott Mabury, Vice President, Operations and Real Estate Partnerships

Alex Matos, Director, Internal Audit

Timothy Harlick, Secretary

In Attendance:
Helen Bao, Executive Financial Officer, Operations and Real Estate Partnerships
Sanish Samuel, Controller & Director of Financial Services
Daniel Ottini, Deputy Director, Internal Audit
Diana Brouwer, Ernst & Young
Joyce Yu, Ernst & Young

*Attended Remotely

Audit Committee met in Closed Session

Pursuant to section 6.1 of the Audit Committee terms of reference, consideration of items 12 and 13 took place in camera.

  1. Chair’s Welcome

    The Chair welcomed members and guests to the meeting and provided a brief update on the Report of the Governance Task Force on Risk Reporting recently submitted to the Chair of the Governing Council.
  2. External Auditors
    1. Audit Plan (including Engagement Letter for 2023 and Report on Non-Audit Services)

      The Committee received and reviewed the Audit Plan (including Engagement Letter for 2023 and Report on Non-Audit Services).

      Mr. Rodgers explained that the Engagement Letter set out the terms of the engagement with Ernst and Young, a summary of the audit approach for 2023, and areas of audit emphasis and risk. He noted that the fee increase, compared to the previous year, was mainly due to inflationary and market rate adjustments, as well as the additional level of work resulting from changes in audit standards and financial reporting requirements. 

      Ms Diana Bouwer and Ms Joyce Yu from Ernst & Young reported that the approach taken in respect of the 2023 audit plan had been consistent with the previous year and provided an overview of the audit plan for 2023 which included its scope and magnitude. Ms Yu highlighted the estimated planning materiality at 2.5% of estimated total expenses and noted that they would report on any unadjusted differences more than $4.25 million. She then discussed the audit emphasis for the upcoming year which included: revenue recognition, risk of management override of controls, pension and other retirement post employment benefits, investments, and legal matters.


      In response to members’ questions, Ms Brouwer and Ms Yu advised the Committee that:
    • The areas of emphasis were consistent with the previous year with the exception that capital contracts and impacts of Covid-19 had been removed.
    • The terms of engagement had been updated to reflect use of data and auditing tools.
    • To address industry wide staffing shortages, Ernst & Young would continue leveraging remote workers for expertise from outside the province.
    • United States GAAP (Generally Accepted Accounting Principles) Statements were completed every three years and for specified use. The University had two primary reasons: students from the United States using a federal loan program; and, from a research perspective, the National Institute of Health and grant researching funding.
    • The audit process would continue to follow a hybrid model of both remote and in-person testing.
    • Ernst and Young did not audit carbon emissions for the University, however Mr. Rodgers noted that the University reported on carbon emissions and that from an investment perspective, UTAM reported on the University’s carbon footprint.

      On motion duly made, seconded and carried,


      THAT the Audit Committee accept the external auditors’ audit plan and engagement letter for the University for the year ended April 30, 2023, as outlined in the report from Ernst & Young dated November 22, 2022.

    1. Report on Audit Fees

      Mr. Rodgers noted that the Report outlined the audit fees charged to Ontario universities from 2016-17 to 2020-21 and had been provided for background and context. An updated Report was scheduled to be released by the Council of Ontario Universities in December.
  3. Annual Administrative Accountability Reports, 2021-2022

    The Committee received and reviewed the Annual Administrative Accountability Reports, 2021-2022.

    Mr. Samuel Sanish, Controller & Director of Financial explained that all faculty and staff with financial responsibilities, including the President, had been required to complete an Accountability Report for their supervisor.  The President had submitted his report to the Chair of Governing Council.

    There were no questions or comments from members.

  4. Enrolment Report to the Ministry of Colleges and Universities, 2021-2022

    The Committee received and reviewed the Enrolment Report to the Ministry of Colleges and Universities (“MCU”), 2021-2022.

    Mr. Rodgers reminded members that the report was used to confirm the accuracy of enrolment data on which grants to the University were based. There was a 1.5% decline but well within the 3% variance required to avoid a reduction in enrollment grants. He added that the report was also used by external auditors to substantiate the provincial grant revenue on the University’s financial statements. 

  5. Internal Audit: Semi-Annual Activity Report for the Six Months Ended October 31, 2022

    The Committee received and reviewed the Internal Audit: Semi-Annual Activity Report for the Six Months Ended October 31, 2022.

    Mr. Alex Matos, Director of Internal Audit, highlighted the following key points:

  • Results to date did not indicate the existence of significant unmitigated financial, compliance or operational risk to the University.
  • Audit staff participated in multiple University committees/working groups including four related to the Information Security Council (ISC), three related to the finance function and one in the research portfolio.
  • 21 projects had been undertaken; 8 had been completed and an additional 13 were in progress and reporting.
  • Ransomware preparedness across the institution was being prioritized and included consultation with the Chief Information Security Officer regarding institutional priorities.
  • The top 5 categories of risk reported: data loss, data security, health and safety, loss of key staff/succession risk, and non-compliance with internal requirements.
  • Assistance was provided to Ernst and Young in connection with the audit of the University’s 2022 financial statements and enrolment audit.


    In the ensuing discussion, Mr. Matos advised the Committee:
  • on the process and timelines for management action plans and that Internal Audit continued working with Management in prioritizing; and
  • recruitment and retention, and the impact of a distributed accountability framework were key operational risks.
  1. Revisions to the Terms of Reference of the Audit Committee 

    The Committee received and reviewed the proposed revisions to the Terms of Reference of the Audit Committee.

    The Chair explained that as it was noted at the previous meeting, the terms of reference referred to the Pension Committee which had recently been dissolved. As a result, these revisions removed that reference.

    There were no questions from members.

    On motion duly made, seconded and carried,


    THAT the proposed revised Audit Committee Terms of Reference be approved, effective immediately, replacing the Terms of Reference previously approved on February 17, 2017.

  2. Report of the Previous Meeting: Report 149, September 21, 2022

    The report of the previous meeting was approved.
  3. Business Arising from the Report of the Previous Meeting

    There was no business arising from the report of the previous meeting.

  4. Reports of the Administrative Assessors

    Professor Scott Mabury, Vice-President, Operations and Real Estate Partnerships provided an update on Bill 124, Protecting a Sustainable Public Sector for Future Generations Act, 2019.

    The Committee was also reminded that the Information Security Dashboard continued to be presented at the first meeting of each month of the tri-campus Vice-Presidents’ and ensured leadership was aware of risks associated with information security. Professor Mabury then provided an overview of the key risks identified in the Dashboard.

    Mr. Trevor Rodgers, Chief Financial Officer, provided an update on the recent Report from the Ontario Auditor General on Laurentian University. He noted that the Report reflected best practices which were already in place at the University.

  5. Date of Next Meeting: March 13, 2023 at 4:00 p.m.

    The Chair confirmed that the next meeting of the Committee would be held on March 13, 2023 at 4:00 p.m.

  6. Other Business

    There were no items of other business.

    The Committee moved in camera.
  7. Internal Auditor: Private meeting

    Members of the administration absented themselves and the Committee met privately with Mr. Alex Matos, Director Internal Audit.

  8. Committee Members Alone

    Committee members discussed topics of interest.

    The Committee returned to Closed Session.

The meeting adjourned at 5:26 p.m.

November 30, 2022