The UC Board of Regents met during finals week amidst ongoing negotiations between California Governor Jerry Brown and UC President Janet Napolitano over state funding for the University of California.

The meeting’s first day addressed an internal financial auditing of the UC system’s campuses, labs, health centers and other facilities, the current financial status of the UC’s healthcare enterprise, the current accreditation status of campus mental health centers and reports on various University administrative activities on mental health and UC finances.

Following the Committee on Compliance and Audit closed session, the Committee of the Whole met for public comment, with both undergraduate and graduate students from across the UC system presenting their concerns to the Board.

Guillermo Rogel, third-year political science major at UC Santa Cruz (UCSC) and UC Students Association Board Member (UCSA), said it was difficult for him to attend the Regents meeting because it coincided with finals testing.

“I have two finals coming up in 36 hours, I took one yesterday,” Rogel said. “Just think about it when you’re scheduling these meetings, how accessible you’re really making these meetings to students. I know that often times they tend to scare you all but these kinds of interactions are needed for the University to properly function.”

According to Rogel, students do not believe the board is adequately accessible.

“Whenever we think of the Regents we kind of see them as this ominous figure that don’t really interact with students,” Rogel said.

According to Rebecca Ora, UC Santa Cruz Ph.D. Film and Digital Media candidate and UCSA Board member, the Board needs to address the financial burden on masters and Ph.D. students.

“I am not guaranteed any funding beyond my first year,” Ora said. “UC Irvine recently implemented a normative time to degree guarantee when students upon admission are guaranteed five years of at least T.A.-ships. I think that this is something that we really need systemwide.”

Following public comment, the Committee on Compliance and Audit met and unanimously passed the external audit plan for the current fiscal year, ending June 30, 2015. The plan contracts auditing firm KPMG to conduct an external audit for the current fiscal year to ensure the University’s financial activities are accurately reported.

KPMG Partner Mark Thomas said large-scale financial activities are the focus of the external audit planned for this year.

“For the financial statement audit we are looking at where the biggest numbers are and where the biggest numbers flow, so that is a primary focus of our audit and it kind of drives our audit,” Thomas said. “We are also required to introduce a level of surprise in our audit, so we’ll change our audit each year. Nobody is exempt … we make that judgment call on a year to year basis.”

Following the presentation of the audit plan, the Board discussed the use of data analysis on auditing and monitoring activities, using specific software for data mining activities. According to Senior Vice President and Chief Compliance and Audit Officer Sheryl Vacca, data analysis has become a very important tool to use for audits.

“It’s an extremely good use of resources to help identify patterns and trends in our data,” Vacca said. “We actually have purchased software at this point; our issue is maintaining that subject matter expertise for that software.”

Systemwide Audit Director Matthew Hicks said data analysis allows for more thorough auditing.

“It allows for greater coverage in transactional testing,” Hicks said. “It’s a much more powerful statement for us to go to our stakeholders and say, rather than we looked at fifteen invoices, we looked at all of your invoices and here’s what we found.”

According to Hicks, there is not a significant financial obstacle when trying to implement data analysis.

“You could do this really with [Microsoft] Excel,” Hicks said. “It’s really about trying to get the data and try to reformat it in the format you want and understanding how to use these tools.”

Executive Director of Ethics and Compliance Elizabeth Boyd then began the presentation of the international activities report and said UC influence extends around the world.

“These activities range from formal research collaborations, they involve training and capacity building, partnerships with Universities, NGO’s, foundations … around the globe,” Boyd said.

On the issue of the UC Export Control Compliance Program, a University effort to comply with federal laws regarding the transmission of certain UC-generated information and research abroad, Vacca said any lack of compliance is a result of lack of education on policy.

”We know the number one reason people are non-compliant is not because they don’t want to comply, it’s usually because they don’t know,” Vacca said.

Systemwide Export Control Officer Brian Warshawsky said the “rapid pace” at which the U.S. federal government is issuing new sanctions against certain international parties has created new challenges for the UC compliance process.

“As the number of sanctioned parties increases, so does the likelihood that the UC or other universities may inadvertently enter into a transaction with a sanctioned party,” Warshawsky said. “Ethics Compliance on that services make available to all locations effective tools which quickly screening the names of individuals and entities against the sanctions list.”

Regent Fred Ruiz said while he supports the services Warshawsky described, he is uncertain about the accountability of the service given its size.

“I just don’t see how we can get our hands around it, because it is just so huge,” Ruiz said. “To me, training is important and I’m sure there is some basic training that we can implement but you know you are talking about so many different areas that we impact, whether its medicine or agriculture … what about accountability or consequences?”

In response, Boyd said bringing the right offices and business units to the table on the administrative level will allow to begin to “build a comprehensive map.”

“We know who to bring to the table to help make sure that we have addressed all of the concerns that that particular agreement or those kinds of agreements might bring,” Boyd said. “It’s not a single approach. Training alone isn’t going to do that, but making sure that we get the right people talking and building process across units will be very very important in making sure we are addressing those risks.”

The Board approved Vacca’s request for the Ethics and Compliance Activities report be deferred until the upcoming May regents meeting and the Board moved on to the internal audit activities report.

Systemwide Information Technology Audit Manager Greg Loge said the number of data breaches is increasing, particularly among health departments because of the substantial amount of personal information on individuals using and working in the UC healthcare system.

“Many of these breaches have been the result of increased hacking activity and more sophisticated attacks using malicious software,” Loge said. “We are seeing that healthcare is an increasing target as well in what some of these attacks are trying to target in order to get personal information.”

According to Loge, changes are being made within the system to make communication more cohesive to better protect information and reduce risk of cyber-attacks.

“We are also working to leverage a recognized industry framework for information security to help facilitate alignment of the audit projects we are doing with the industry best practices which will help us with compliance with regulations and laws,” Loge said. “We are also using a frameworks that is being widely adopted in the UC IT community so we can speak a common language when talking about addressing risk and certain areas of control.”

Loge said storing data on a cloud service instead of on a laptop can be beneficial, but will still introduce new risks to be addressed.

“There is a trend now in moving more information into the cloud. A lot of it has to do with the cost — in many times to outsource some of that stuff is actually a lot less,” Loge said. “Having information stored on your laptop if its unencrypted presumes some risk; if it’s in the cloud and the laptop is stolen that reduces some of that … I think overall the move to the cloud is positive in many ways, but it just changes the way we address those risks.”

Executive Vice President of UC Health Jack Stobo began a special meeting of the health services committee with an overview of the financial status of the UC Health Program.

According to Stobo, the net patient revenue and net expenses of the UC medical centers have seen an increase of 1.9 times in the past seven years, but changes in accounting rules result in a six percent difference between revenues and expenses. Stobo attributed these values to the successes of CEO’s concerning management skills with the medical centers and said the resulting increase in operating revenue funds UC medical schools in addition to the revenue they make from patient care.

“Operating margin is critically important for two reasons: not only can it replenish the capital necessary to keep our medical centers, it is also used to support program growth in schools of medicine,” Stobo said. “Of the 500 million dollars that have gone to UC medical schools in 2013, 250 million comes from the operating margin.”

Stobo said the portion of medical school budgets that comes from the operating revenue of UC medical centers continues to increase as state funding diminishes.

“In 2013, the portion of the medical school budget that came from medical centers was two and three times that came from the state general budget,” Stobo said. “So our medical schools now receive anywhere from 14 to seven percent of their budget from medical centers as opposed to seven percent and going down from the state.”

Stobo also addressed management of Medicare and medical patients regarding hospital revenue after the implementation of the Affordable Care Act. According to Stobo, the goal of the Affordable Healthcare Act has been accomplished with more people enrolled in insurance programs, but the UC medical board is in the process of figuring out the effects of the program on UC medical centers.

CEOs from each of the UC’s five medical centers at UC Davis, UC Irvine, UC San Diego, UC Los Angeles and UC San Francisco presented a transaction detail from the past three years that summarized expenditures and efficiency in the different hospitals. The CEOs also discussed issues of self-governance within the medical centers.

According to Stobo, an outside group reviewed the UC student health centers three years ago and found several issues including “the absence of bylaws, absence of a governing group, absence of consistent practices for verification of credentials, privileging,” that have since been addressed and resolved in the last two and a half years based on a recent progress audit.

“I think you can all be proud of what has happened with the student health centers now,” Stobo said. “We have one medical record called Point and Click in all ten centers, we have a single credentialing verification process, we have bylaws, every senate has a governing group.”

Stobo said UC San Diego is currently the only UC campus where the student health center works closely with the medical health center, whereas student centers often have no connection with medical centers and only with the vice chancellor for student affairs. Other UC campuses should try emulate UCSD’s system, which has been successfully implemented for a little over a year now according to Stobo.

“I would like over the next several years, on a voluntary basis, the other four campuses that have medical centers to try to move to a similar type of situation where there’s a closer relationship between the medical operations student health center and the existing medical center,” Stobo said. “And then if that’s successful, try to figure out what to do with campuses that don’t have medical centers.”