A few questions:
1. When Navigant was retained in 2009, was this firm retained by, and accountable to, a Special Committee of only independent Governors of York U, or by Management? Best practice, generally, would be that an independent committee of a board would directly oversee an investigation of a significant matter involving potential fraud and reputational impairment, generally, as internal audit and control procedures over financial reporting may need to be strengthened, and management would not be overseeing the assessment of its own work, potentially.
2. Why is it that York U, to the best of my knowledge, information & belief, does not have a code of conduct that all employees and key suppliers must sign off on annually, as well as an established whistle-blowing procedure? (These are also common best practices, since S-Ox in 2002, including for not-for-profit institutions. Potential fraud often does not occur in a vacuum and a code and whistle-blowing are effective deterrents, for a board to oversee potential fraud within an institution. Code compliance and whistle-blowing reporting should also reach directly an audit committee of a board, or its equivalent. The SEC also implemented a new rule that potential whistleblowing can now go directly to the regulator, as an indication of where best practices are emerging in terms of codes and whistle-blowing practices.)