Dear Colleagues:

In a recent posting regarding Sarbanes-Oxley, an invitation was made to
those interested in Sarbanes-Oxley to participate in a telephone
discussion.  This posting is a summary for the subscribers of RESADM-L of
the ad hoc group's discussion on Sarbanes-Oxley.

The Sarbanes-Oxley Act (SOX) was passed into law on July 30, 2002 in
response to the events associated with the recent Enron and Arthur Andersen
scandal.  SOX was not intended to affect higher educational institutions or
non-profits, but because many of the board members of universities and
non-profit are officers of corporations, these board members are
questioning university officials about implementing the requirements of
SOX.  At least 2 states have required non-profits in their state to comply
with SOX requirements.  Universities and non-profit officials are just
beginning to review the Act; determining how it may affect them; and what
universities and non-profits should do in response to SOX.

A small ad hoc group of subscribers of RESADM-L recently participated in a
conference call about SOX.  The group composed of financial analyst,
compliance officers, mangers of grants administrations, vice president for
risk managements, and associate dean for research.  The affiliations of the
group were from Oregon Health Science University, Penn State College of
Medicine, Kansas City Children's Mercy Hospital, Institute of Ecosystem
Studies, University of Maryland at College Park, and Carnegie Mellon
University.

The questions discussed by the group regarding SOX were:

1.	How widely is SOX accepted by Universities?
2.	Are there any university best-practices to deal with SOX?
3.	What are universities doing about SOX?
4.	What are the university board structures and the composition of the
university's audit committee?
5.	For state universities, how are audit committees established when such
committees have to follow state guidelines for the establishment of such
audit committees?

The group's discussions of these questions were:

o  SOX is just being looked at by universities, separately from the
sponsored programs office.

o  Universities are in process of understanding the regulations especially
as it applies to medical centers with clinical trials, conflict of
interest, and institutional conflicts of interest.

o  SOX is in the discussion stage at universities or just beginning to talk
about it.

o  Discussion centered around A-133 requirements versus requirements from
SOX.  These discussion questions are being raised by the university's
board.  For example, how involved should the audit committed be and should
it be involved with the universities' A-133 audit?

o  According to accounting firms, there are not many universities who have
embraced SOX.

o  Universities are looking at the cost/benefit ratio of preparing for and
complying with SOX.

o  There are no best practices among the group for SOX.

o  Some universities have created audit committees while others have not
because there are restrictions within their governing structure that are
causing them to proceed more slowly.

o  Medical Centers of universities may have concerns different and above
those of their affiliated universities.

Not discussed by the group is the SOX requirement for a hotline access.  It
is only being considered by research administrators at a few organizations.
This may be due to the already established requirements of responsible
conduct of research and provisions for whistleblower protection.  However,
SOX is about accounting and financial reporting practices rather than
responsible conduct of research so other anonymous reporting mechanisms of
financial transactions may still need to be considered.

Also not discussed by the group is the requirement of the Act to have
financial reports certified by the top executive of the institution.  For
de-centralized organizations, this may involve certification of financial
reports at multiple levels.  This issue is likely to be revisited at a
later time.

In summary, SOX is just beginning to get the attention of university and
research administrators.  A small handful of institutions have begun to
form audit committees.   University and non-profit administrators are
carefully studying the impact of the Act.  They are looking at what their
colleagues are doing and looking for best practices that will allow them to
be in compliance with minimal expenditures of resources.  Universities and
non-profits will do well to review SOX as it serves as a harbinger of
things to come if universities and non-profits are negligent with the
financial governance of their institution.

There is not much literature on the impact of SOX on higher educational
institutions.   For the subscribers to RESADM-L, here are links to two good
articles worth your reading about SOX:

http://www.nacubo.org/documents/news/2003-03.pdf

http://www.boardsource.org/clientfiles/Sarbanes-Oxley.pdf

There were many questions raised by this small ad hoc group that will
warrant further discussion after more is known about SOX.  Perhaps this
posting will bring out additional information or discussion from the
subscribers of RESADM-L who may have been directly impacted by SOX or may
have intimate knowledge of SOX that they can share with the subscribers of
RESADM-L.  Let me know if you should have any questions regarding the
subject matter.  Your comments (posted or directly emailed to me) are
welcomed.  Thanks.  JC.

John Chinn
Compliance Director
Carnegie Mellon University
Regulatory Compliance Administration
5000 Forbes Avenue
413 Warner Hall
Pittsburgh, PA  15213
Voice:  412-268-4727
Fax:  412-268-6279
E-mail:  xxxxxx@andrew.cmu.edu

======================================================================
 Instructions on how to use the RESADM-L Mailing List, including
 subscription information and a web-searchable archive, are available
 via our web site at http://www.hrinet.org (click on "Listserv Lists")
======================================================================