An audit report showed St. Mary’s College of Maryland failed to accurately report costs related to its food vendor, provide supporting documents and safeguard sensitive information, among other faults.
The state’s department of legislative services published its audit review of the college on July 14. It covered the college’s finance history from Aug. 24, 2015, to Aug. 25, 2019, and flagged six findings.
“I’m not too concerned. There’s some big numbers there I guess. It’s really more a matter of procedure,” Lex Birney, chair of the college’s board of trustees, said in a phone interview Tuesday.
It’s Birney’s first audit as the chair, but he said he ran a business for over 40 years. He said he thinks the findings are all “fixable.”
“Institution budgets like St. Mary’s College always have opportunities for improvement,” he said.
One of the findings stated the college did not ensure the propriety of labor charges billed by its food services vendor in fiscal 2019. The contract called for the college to reimburse Bon Appetit, the college’s food vendor, for costs like labor and goods that exceeded the revenue collected by the vendor.
The report labeled this a “repeated” finding.
Mike Bruckler, spokesperson for the college, said Paul Pusecker, the college’s vice president for business and CFO, was not available for an interview.
However, Bruckler told Southern Maryland News that in a prior audit, the department of legislative services “took exception to the college not auditing every expense item on a weekly basis. We had agreed at the time to audit expenses on a spot-check basis randomly requesting supporting documentation for all cost of goods categories, and to work with the vendor to improve the payroll reporting.”
He said the college implemented procedures to verify invoiced costs for sold goods, but procedures to verify the invoiced labor costs were not put in place.
“Chris True [assistant vice president for finance] has worked with the [state’s department of legislative services] on a system to reconcile numbers in a weekly invoice along with supporting documentation,” Bruckler said, adding the college is working with Bon Appetit on its labor schedule and invoices. “The DLS has agreed that these procedures will answer their concerns the next time they visit in three years.”
Another finding states changes in student residency status, from out-of-state to in-state, were not subject to independent review and approval, and not always supported.
“For example, one student was granted in-state status due to their spouse being an active military member (an accepted condition), but the college did not have documentation to support the spouse’s active duty status,” the report stated.
Tuition for the upcoming school year is $12,116 for Maryland residents and $28,192 for out-of-state students.
The college did not accurately report the cost of a contract to implement a system that manages admission, academics, finances and human resource activities to the state’s board of public works in 2018.
The college reported $2.4 million when the total cost was $3.5 million. It also did not have documents to support changes to the contract terms.
It also did not have adequate control over its $22.7 million in fiscal 2019. Collections were not always safeguarded or deposited on time, daily deposit verifications were not being performed and there was no procedure to ensure all non-cash credits were independently reviewed and approved.
“As a result, collections could be misappropriated and the related accounts receivable records could be adjusted to avoid detection,” the report stated.
The last two findings state the college did not safeguard a computer application that contained sensitive personally identifiable information, or PII, involving 127,717 records.
“College personnel advised us that this sensitive PII was subject to other protective data transfer controls; however, our review determined these controls were not comprehensive,” the report stated.
And the college granted 202 non-IT employees administrative rights on their computers, which increased malware risk, according to the report.