Resources

Athletics Business Office: Emerging Changes and Challenges

Blue Logo for ACUA with the text Journal Articles

By Rachel Flenner, Bret Malone, and Marie Jackson

With recent developments such as Name, Image, and Likeness (NIL) regulations and emerging revenue‑sharing models as a result of the House vs NCAA settlement, many institutions may not fully recognize how significantly these changes impact the Athletics Business Office (ABO). The ABO is now responsible for executing payments to student-athletes arising from revenue-sharing agreements. Also, the ABO must update their NCAA reporting related to new line items related to the House settlement implementation and may need to update or create new structures in existing financial systems to accurately capture these costs. Not only must coaches and student‑athletes stay informed, but ABO staff must also ensure policies, procedures, and internal controls are functioning appropriately to keep pace. This article highlights key areas auditors should consider as they work to support the ABO in a rapidly evolving collegiate athletics environment.

Background

The College Sports Commission (CSC) is the entity created by the “Power” conferences (Atlantic Coast Conference (ACC), Big Ten, Big XII, and Southeastern Conference (SEC)) to oversee the implementation of the House settlement, including mandating the use of two new systems:

  • NIL Go  is the online platform used by student-athletes to report new third-party NIL deals over $600, with reporting expected within 5 days of each executed deal.
  • College Athlete Payment System (CAPS) is for entering revenue-sharing payments made against the annual cap ($20.5 million in FY25-26).

Financial Management

The first area of biggest impact is on the financial stability of athletics’ operations. Key risks to keep in mind regarding financial implications include:

  • Financial instability leads to the elimination or reduction of key services, personnel, and non-revenue generating sports.
  • Inability to sustain maintenance or facility improvements, debt service, or salaries.
  • Use of restricted or unallowable sources of funds to cover revenue-sharing expenses.
  • Failure to adapt and innovate financial modeling needs to consider both cost reduction and revenue maximization.
  • Increased travel and booking costs due to conference realignments.
  • Misalignment with institution leadership regarding how revenue share payments will be allocated among sports.
  • Overcommitment of funds through coaching decisions, contractual guarantees, offered Alston settlement benefits, incremental scholarships, or contingent payments included in agreements.
  • Financial statement misstatement due to improper allocation or reporting of revenue‑sharing funds.
  • Future litigation in the NIL and revenue-sharing space could lead to unexpected financial losses.
  • Inaccurate tracking, which results in financial penalties for exceeding the revenue-sharing cap or incremental scholarship cap.
  • Long-term financial risks related to private equity investment.

Contract Management

Another area to consider involves contract management. Organizations use contracts to obtain different services or products at all levels of athletics. Additionally, contracts are now being used more frequently to guarantee payments to student-athletes, adding a new risk area. ABOs should consult with university counsel to create standard agreement templates to reduce contract risks. In some areas, ABOs may work in collaboration with Athletics Compliance to institute new procedures to mitigate these risks. Some specific risks related to contract management with student-athletes include:

  • Student-athletes and coaches create informal NIL agreements and do not properly document them in an approved contract format.
  • Staffing shortages delay contract processing, approval and or payment, particularly during new enrollment and transfer portal periods.
  • Student-athletes fail to report NIL deals with third parties via the NIL Go Clearinghouse (for fair market value and valid business purpose review).
  • There is no centralized process to ensure revenue-sharing contracts are appropriately tracked and reported to the ABO for financial processing.
  • Standardized revenue sharing agreements are unenforceable or fail to address early departures, ineligibility, buy-outs, or other unique terms.
  • Contract language that creates risks for international student-athletes receiving payments, based on their visa type.
  • Institutional contracts combine NIL and revenue share distributions, creating tracking complexity (only allowable if NIL payment is from the institution not a third party; any guaranteed institutional NIL included in these contracts must also count towards the revenue-sharing cap).
  • Contracts overstate or over-promise funds or commitments to student-athletes that must be paid out regardless of situation (e.g., student-athlete leaving early with large upfront payments already occurring).
  • Inadequate third party contracts for services or software to issue or track payments to student-athletes.
  • Managing potential conflict with pre-existing institutional partnerships and exclusivity clauses.
  • Contracted payment dates to student-athletes that do not consider internal or third-party lead-time needed to establish payment processing (e.g., can you pay the student-athlete on day one of enrollment? This is especially important with portal management).
  • Exposure of sensitive student-athlete data (i.e., banking information, contract terms, etc.).
  • Over reliance or misunderstanding related to third-party tools and reporting (e.g., are roles and responsibilities clearly defined between parties, are data inputs and outputs well understood, and is there monitoring in place to identify issues?).
  • Future compliance issues with Title IX based on revenue-sharing allocations.

ABO Potential Procedures

With so many new and expanded risks, the ABO should consider implementing the following additional controls and procedures:

Roles and Responsibilities

  • Identify the finance and budget lead.
  • Identify revenue share and NIL point personnel.
  • Establish approval authority for revenue contracts (Athletic Director involvement, coach authority, etc.).
  • Verify separation of duties for revenue sharing and NIL (i.e., contract creation, contract approval, disbursement, and reconciliation).
  • Create new processes to initiate and record revenue-sharing agreements by contracted dates.
  • Ensure that new processes incorporate all types of revenue-sharing benefits (e.g., is your institution providing additional benefits such as Alston requirements?).
  • Ensure access to private data (i.e., contract amounts and bank routing information) is limited to applicable employees, and there are privacy safeguards within the software, excel spreadsheets, google docs, etc.

Reconciling and Monitoring

  • Verify gross conference distributions against revenue sharing payments.
  • Ensure agreement between the CAPS system to actual disbursements to contracted amounts ,and document known differences or offsets, in preparation for year-end CSC reporting of revenue-sharing payments.
  • Reconcile revenue share payments in total to per-sport allocations.
  • Identify communication channels to ensure ongoing collaboration and monitoring (likely by Compliance) to ensure payments are made only to eligible student-athletes included on rosters.
  • Monitor cap balances regularly to ensure alignment with institutional allocations.
  • Consider timely communication with stakeholders, and when approaching key thresholds (e.g., 75% of allowable distributions made).
  • Potentially build multi-year forecasts and implications to the budget.
  • Confirm payment distribution method (i.e., direct deposit, monthly, quarterly, tax withholdings, etc.).
  • Verify NIL opportunities exceeding $600 are disclosed, tracked separately from revenue sharing, and are reported through NIL Go.

Training and Communication

  • Train ABO staff and other applicable staff members involved in the NIL and revenue-sharing transactions on NCAA and CSC regulations, as well as applicable institution policies regarding contract management, revenue handling, and disbursement procedures.
  • Train ABO staff and other applicable staff members on the new software that will be used in the NIL and revenue-share process, including privacy (HIPAA/FERPA) and security awareness.
  • Verify staff knowledge aligns with the new tasks, such as financial forecasting and planning.
  • Ensure staff capacities are not being exceeded, leading to gaps in other business office processes.
  • Meet with coaches/administrative staff to ensure all are aligned on the procedures and update them regularly regarding current cap balances and applicable finance situations.
  • Review institutional travel policies and ensure institutional compliance can be maintained with the increase in travel costs due to conference realignments.
  • Document and communicate revenue-sharing allocation methodology to ensure applicable ABO staff members and others (i.e., coaches, ABO, Compliance, institutional leadership, etc.) are aligned and tracked toward agreed amounts.

Internal Audit’s Role

So, you are probably asking yourself, “How can Internal Audit help?” or “I am not an expert on the new requirements, what can I do?” Athletics, despite operating in a very public and rapidly changing environment, can benefit from Internal Audit in a similar way as any other campus unit. For example, Internal Audit can:

  • Evaluate the governance framework in place related to revenue-sharing allocations and strategies.
  • Help evaluate risks and offer an independent and objective assessment of the controls in place to mitigate these risks.
  • Review reconciliation processes for student-athlete payments and assess segregation of duties within revenue‑processing workflows.
  • Evaluate communication and training related to NCAA bylaw and CSC rules requirements for NIL licensing and revenue-sharing.
  • Conduct advisory engagements on new or evolving processes.
  • Ensure process changes still align with institution policy.

While this is just sample of considerations for the ABO, oversight by other offices is also important (i.e., Athletic Compliance, Office of the General Counsel, Tax Office, etc.) Feel free to share this article with your contacts in the ABO. Even sharing best practices and relevant articles with your ABO can provide value. It is more important than ever that the ABO knows where every dollar is going, why it is going there, and whether it aligns with applicable policies and procedures. As Athletics continues to evolve rapidly, auditors play a critical role in ensuring transparency, strong internal controls, and responsible stewardship of university resources.

Game Plan: Evaluating Athletics Facility Security and Access

Blue Logo for ACUA with the text Journal Articles

By Candice Lewis and Marie Jackson, ACUA Sidelines Committee

Being a college athletics fan means being a part of something bigger than yourself. It’s about finding community and being a part of a shared experience with your fellow fans for those few hours when time stops but the game clock ticks down. It means retracing your steps on campus, reminiscing about years past, and revisiting traditions that you never seem to outgrow.

In this new era of college athletics, schools build on those feelings of nostalgia and use technology and social media to provide all-access passes to our favorite teams. Sports marketing teams share behind-the-scenes looks at the newest facility upgrades. Student-athletes share their workouts, nutrition tips, and “outfit-of-the-day” videos. Coaches speak on podcasts and break down plays. As schools look to partner more with alumni and donors in the new age of Name, Image, and Likeness (NIL), it becomes increasingly important to craft positive fan experiences. But how can schools boost fan engagement and provide innovative experiences while balancing security and access to protect our student-athletes, staff, and facilities?

This article will highlight some best practices for both routine as well as game day security and access. Your internal audit function can help your athletics department assess their approach to evaluating safety and security, including utilizing campus and third-party experts when needed. Remember that a comprehensive security plan will include physical security, operational security, and cyber security. This article will focus on suggested best practices for physical and operational security for on-campus events and hopefully will get you thinking about how to leverage these concepts for off-campus and cyber-related processes and controls

Ongoing Safety and Security

Academic institutions hold the utmost responsibility to provide a safe environment for their students, staff, and fans. The very nature of campuses, which are generally accessible to the community-at-large, creates additional complexities when planning for security and limiting access to restricted spaces. Poor security practices can significantly impact brand reputation and increase the potential for legal liabilities, so thinking about safety measures is a critical exercise for colleges and universities.

On any given day, access management is crucial to ensuring the ongoing security of athletic facilities and the safety of those that use them. An internal audit review of access management could include:

  • Ensure appropriate processes are in place to grant, manage, and terminate access (both physical keys and digital IDs). Evaluate policies and procedures for administering access, and ensure those policies include guests and third parties (e.g., guidelines for accompanying visiting recruits and their families, or temporary access and credentials for vendors, multimedia partners, press, etc.).
  • Determine who manages this access, and whether campus staff provide any support in this area. Athletics should have practices to effectively and timely address employee terminations, vendor terminations, and changes in student status. Communication protocols in place should ensure ongoing collaboration between campus and athletics staff.
  • Athletics facilities staff should develop a risk-based approach to restricting access and should equip entry points with physical or electronic locks. Entry access controls should include consideration of field gates, parking areas, stairwells, locker rooms, practice facilities, utilities, IT, electrical and mechanical spaces, and media and operation centers. Security alarms may also provide an additional layer of protection in these spaces to deter, detect, and notify staff of intrusions.
  • Evaluate the use of emerging technologies such as facial recognition. Many campuses are using biometric authentication to manage both access to facilities, and to admit fans through entry gates. Consider both security merchant contracts and user agreement terms related to data privacy, collection, and use of data.

Schools rely on security and facility staff to promote safe and secure spaces on their campuses. Here are some best practices to consider when evaluating security operations on your campus:

  • Use of initial and routine background checks for security staff. Consider the timing and renewal of these checks for employees, and in what way Athletics utilizes contracted security companies.
  • Obtain and review incident reporting and communication protocols. Evaluate whether Athletics effectively documents, communicates, and trains security staff on how, to whom, and in what timeframe they should report incidents.
  • Consider ongoing threat assessment practices, and coordination with campus leaders and campus police to ensure consistent application of protocols for gathering information and analyzing and assessing potential threats.
  • Video surveillance is a key component of security operations, and athletics should consider using and monitoring camera footage for athletics event management. Schools should have a policy in place governing the use of both cameras and footage which should include viewing, retention, and release guidance.
  • Determine whether trainings and drills are performed for evacuations, lockdowns, active shooter situations, etc. Verify there is an understanding of emergency management roles and responsibilities, and opportunities to identify shortcomings and enhance processes.
  • Consider cybersecurity risks that are unique to athletics. Network or application outages could affect security systems, parking access, concessions sales, scoreboards, electronic banners, spirit wear sales, fan ticketing, and facial recognition. Additionally, Athletics often uses unique vendor applications not used elsewhere in the university. Conducting an application inventory audit could be a great project for your department and could include data classification and storage, and application user access management.

The following athletics venue and facility risks should be considered:

  • Older stadiums and facilities were not designed with modern day safety and security threats in mind. Ongoing assessment of electrical and mechanical systems, screening systems, evacuation plans, accessibility, and other security technologies is a best practice to continually improve the safety and user experience within facilities.
  • Evaluate non-event credentialing processes for venue staff, security, and vehicles to control and restrict access to appropriate areas within the venue. This is a complex exercise with multiple groups needing unique access (e.g., equipment managers, sports medicine trainers, contractors, volunteers, campus recreation, visitors, and sport camp attendees).
  • Consider the “empty state” of venues, facilities, and fields and how Athletics incorporates closing processes, sweeps, and cameras both within the venue and outside (e.g., attached parking and other spaces included in defined security boundaries). For those schools that rent out facilities or premium spaces for non-athletic events, consider how Athletics is securing those spaces after rentals.

Remember to include adjacent spaces as appropriate. These could include practice facilities, mobile or attached operation centers, broadcast and production facilities, school-sponsored tailgates, and museums.

Gameday Preparations

The safety and security of athletic venues becomes even more critical on game day. As your university prepares to host thousands of visiting fans, opposing team players and coaches, and game day staff, it is essential to ensure appropriate controls are in place for a fun and safe game day experience. Whether you are preparing for an audit or assisting with a review, consider the following points. Note that this list is not exhaustive and each game situation is unique and may require modified or additional controls.

Game day preparations begin way before the first tip of the ball, whistle by the referee, or points scored by the home team. Key coordination and pre-game preparation considerations undertaken by Athletics often include:

  • Game day safety and security requires coordinating multiple safety oversight units, agencies, and processes. University departments such as Athletics, Public Safety, Event Services, Emergency Management, and the Police Department must work with local law enforcement agencies, fire departments, emergency medical personnel, and any contracted security.
  • Ensure proper contracts are in place with external agencies where needed.
  • Verify that all key personnel from other agencies use the correct radio channels and communication methods.
  • Train all personnel in the correct university procedures and review game day operation plans and emergency action plans.
  • Hold pre-game safety meetings with key personnel to review game day events and important information.
  • Conduct tabletop exercises to walk through responses to potential game day risks.
  • Establish command centers both on-site and off-site (if feasible). The off-site command centers allow access to resources if the on-site command center goes offline. These centers should have access to all mentioned resources, personnel, security cameras, weather data, and other agency data as needed.

Athletics personnel should conduct a pre-game security sweep to ensure the venue is secure before players, coaches, and fans enter the venue. Key activities include:

  • Ensure all personnel in the venue prior to the game have proper uniforms and credentials visible. The credentialling process should include a secure storage location and ID verification prior to release. A good example of a credentialing control is the numbered photographer vests seen on the sidelines of conference tournament games.
  • Require University employees, vendors, and outside agencies to enter through authorized entrances, keeping other entrances locked or guarded by security personnel.
  • Place security personnel at key locations, such as all unlocked entrances, locker room entrances, and field access locations, to ensure only authorized personnel gain access.
  • If feasible, use a K-9 explosives detection team to sweep the entire venue, team buses, and any vendors and deliveries that enter after the original sweep.

Physical Security

As fans start arriving the excitement starts to build, and the game day experience begins. Athletics personnel should make additional efforts to ensure a safe and secure environment.

Traffic management controls should be coordinated between the university and local authorities so that fans can arrive at the game on time and depart safely. Implement a game day traffic flow with clear traffic patterns, directions, and signage. Consider non- motorized traffic such as foot or bike. There may also be mass transit routes to accommodate shuttle buses from park and ride lots.

Gate security includes ensuring barriers or barricades, such as concrete posts, are strategically placed to prevent motorized traffic from entering restricted areas. Ensure all gates have security present and gates not in use are locked. Once the gates are open to the public, patrons may go through metal detectors and have bag checks performed by trained personnel to ensure unallowable or dangerous items are not brought into the venue. Consider implementing a clear bag policy to enhance and ease the bag check process.

Field/court and locker-room security is necessary to keep coaches and student athletes safe. Consider using a credentialing process for field/court and locker room access that prevents unauthorized individuals from entering the areas. Security personnel should be positioned at all entry points to field/court to prevent unauthorized access and respond to situations as they arise.

Police/Security/EMS personnel should beproperly stationed at key locations throughout the venue to provide safety and assist patrons, act as a crime deterrent, and have access to resources as needed. They should provide on-going game day security sweeps.

Camera coverage is beneficial in key areas such as parking lots, seating areas, and concourses can help ensure a safe and secure game day environment and assist command centers and security personnel.

Post-Game Considerations

After the game ends and fans are exiting the venue, there is still work to be done.

Rowdy fans or court/field celebrations can happen, especially during rivalry games. In the heat of the moment, fans can get overly excited and take actions such as court/field storming, which could put the safety of players, coaches, and fans at risk. To prepare for this, Universities should educate fans on the consequences, such as fines/penalties, of storming the court/field. There should be an emergency plan that includes standard emergency response codes (e.g., code blue), personnel, and action to be taken.

After the game has concluded and everyone has left the venue it is important for key personnel to hold an official post-game debrief to determine what went well and what didn’t. Lessons learned from this debrief should be implemented at future events to enhance the game day experience for everyone.

Conclusion

The ACUA Sidelines Committee hopes this article provides valuable insights into best practices for routine and game day security and access. As you plan future engagements, consider applying these principles to other on-campus events and event planning. Embracing a proactive and collaborative approach to reviewing and updating security and access protocols is a winning strategy!