| Public Release Date: October 1, 1999 | No. 99-53 |
Minnesota State Colleges and Universities (MnSCU) began operations on July 1, 1995, and includes three state-level higher education systems: state universities, community colleges, and technical colleges. Currently, MnSCU consists of 36 different institutions at 54 campus locations with estimated tuition revenues of $245 million for fiscal year 1999.
MnSCU designed and developed its computerized business systems in-house. The accounts receivable module of the Student Information System (SIS) controls tuition assessments, collections, and outstanding receivables by automatically:
Three pilot schools began using the new accounts receivable module in the fall of 1997. The remaining institutions were phased into the module.
Our audit focused on the application controls over tuition and fee assessments, collections, student accounts receivable balances, and the accounting transactions that result from these activities and processes. Application security controls were reviewed. We utilized MnSCU databases to assess the integrity of the rate tables, registration and collection data, and resulting calculations and accounting transactions.
We found that the system properly assessed tuition and fees, applied collections and financial aid properly, maintained student balances, and posted the appropriate accounting entries. We did, however, note some concerns with application security controls. Two security groups were designed with excessive clearance to incompatible functions and institutions did not adequately restrict access based on job responsibilities. We also found that negative receipt transactions were vulnerable, and management reports are needed for registration cancellations, waivers, and aging of unpaid accounts receivables.
The MnSCU system office agreed with the findings and recommendations contained in the audit report and are working to resolve the issues identified.
