One of the most important contributors to an institution’s sustainability and success is its reputation. Hand-in-hand with reputation is the institution’s ranking/standing in comparison with peer colleges and universities.
As reporting of inaccurate institutional data to external organizations continues to receive national media attention, the reputational risk associated with managing and reporting institutional data has increased substantially. In addition to the press these universities have received, U.S. News & World Report (U.S. News) temporarily removed more than a dozen institutions from their rankings in 2018 to date, as a result of the misreporting.
Managing and reporting institutional data
In response to these events, proactive institutions are taking steps to protect themselves against the risk of reputational damage caused by misreporting. While financial data receives another level of scrutiny from external auditors, nonfinancial institutional data reported to outside entities is not commonly audited by either internal or external auditors. Executive leadership and board members at colleges and universities may seek assistance from internal and external resources to understand the breadth of institutional data reporting and address the associated risks.
Approach to addressing risk
Consider placing nonfinancial information reported to external entities higher on your institution’s risk profile and tasking management and/or objective resources with reviewing the process and controls over institutional data reporting.
Some approaches to addressing the most pressing risks could include:
1. Audit admissions data
Perform a detailed review of processes and controls and test a sample of admissions data reported to external entities starting with the data used by U.S. News to rank colleges and universities and by bond ratings agencies, including:
- Acceptance Rate
- Test scores (relevance varies by institution)
- High school class standing (e.g., Top 10 percent)
2. Perform trend analysis on undergraduate data
Analyze trends in data reported to U.S. News to identify potential areas for a more detailed review, including:
- Year-over-year analysis: Review three to five years of rankings data reported to U.S. News to identify any trends or unexpected spikes in those metrics
- Peer institution analysis: Compare reported rankings information for five to ten peer institutions to identify any areas where the institution may differ significantly from their peers
3. Review and document processes and controls for undergraduate data
In this review, institutions could capture some of the following data points to assess the sufficiency of segregation of duties and controls in place to manage risk:
- Source of the information
- System used to store the data
- Personnel managing/reporting the data
- Formal documentation of process
- Data definition documentation and review
- Regular audit or review of reported data
4. Review and document processes and controls for graduate data
The assessments above can also be performed for graduate data. In addition to the risks noted above, graduate data is often managed by graduate schools and is not typically reported by personnel responsible for undergraduate reporting; therefore, the process for validating the data should be assessed. Additionally, schools should save a snapshot of the data being reported at a specific point in time as this information could change after being reported.
5. Create an inventory of nonfinancial information
This inventory would assess the relative importance of the data being reported to external entities in order to prioritize future monitoring reviews.
For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.