Internal Controls and Best Practices

1
Internal Controls andBest Practices

• Robert McGee, Associate Controller
• Holley Schramski, Associate Vice President and
  Controller
• Dale Wetzelberger, Director Internal Auditing
  Division

2
Goals

• Describe Basic Internal Control Objectives
• Describe the Best Practice Procedures Applied in
  Specific Areas
• Cash Receipts
• Signature Authority
• Procurement
• Accounts Payable
• Payroll
• Independent Contractors
• Travel
• Business Meals and Entertainment
• Account Status Reports
• Property Management
• Conflict of Interest
• Information Technology
• Areas Covered in Other Programs
• P-Card and Petty Cash
• Sponsored Research Topics

3
Internal Controls 101

• Primary Objectives of Internal Controls
• Accurate Financial Information
• Compliance with Policies and Procedures
• Safeguarding Assets
• Efficient Use of Resources
• Accomplishment of Objectives and Goals
• -Institute of Internal Auditors

4
Internal Controls 101

• Why are Internal Controls Important? 
• Internal controls are designed to provide
  reasonable assurance regarding the achievement of
  objectives in the following categories
• Effectiveness and Efficiency of Operations
• Reliability of Financial Reporting
• Compliance with Laws and Regulations
• Source Internal Control Integrated Framework
  Executive Summary, Committee of Sponsoring
  Organizations of the Treadway Commission (COSO)
• http//www.coso.org/publications/executive_summary
  _integrated_framework.htm

5
Internal Controls 101

• Why are Internal Controls Important? 
• Effectiveness and Efficiency of Operations
• addresses an entity's basic business objectives,
  including performance and profitability goals and
  safeguarding of resources.
• Reliability of Financial Reporting
• preparation of reliable financial statements and
  publicly reported financial data.
• Compliance with Laws and Regulations
• compliance with those laws and regulations to
  which the entity is subject.
• -COSO Integrated Framework Executive Summary

6
Internal Controls

• Internal Controls
• Its Good for Your Fiscal Health
• Effectiveness and Efficiency of Operations
• Reliability of Financial Reporting
• Compliance with Laws and Regulations
• Its Good for Your Physical Health
• Balanced Diet
• Exercise
• Good balance of leisure and work-mental health
• (Tegen and Stinson, SACUBO April 2006)

7
Internal Controls 101

• Internal control consists of five interrelated
  components
• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring
• -COSO Integrated Framework Executive Summary

8
Internal Controls 101

• The Five Interrelated Components
• Control Environment
• The control environment sets the tone of an
  organization, influencing the control
  consciousness of its people. It is the foundation
  for all other components of internal control,
  providing discipline and structure. Control
  environment factors include the integrity,
  ethical values and competence of the entity's
  people management's philosophy and operating
  style the way management assigns authority and
  responsibility, and organizes and develops its
  people and the attention and direction provided
  by the board of directors.
• -COSO Integrated Framework Executive Summary

9
Internal Controls 101

• Creating the Control Environment
• Create environment that fosters internal controls
• Expect Ethical Behavior
• Hire qualified staff
• Get to know your staff
• Clear assignment of responsibility/Job
  Description
• Supervision
• Clear Communication

10
Internal Controls 101

• The Five Interrelated Components
• Risk Assessment
• Every entity faces a variety of risks from
  external and internal sources that must be
  assessed. A precondition to risk assessment is
  establishment of objectives, linked at different
  levels and internally consistent. Risk assessment
  is the identification and analysis of relevant
  risks to achievement of the objectives, forming a
  basis for determining how the risks should be
  managed. Because economic, industry, regulatory
  and operating conditions will continue to change,
  mechanisms are needed to identify and deal with
  the special risks associated with change.
• -COSO Integrated Framework Executive Summary

11
Internal Controls 101

• Types of Risk
• Financial
• Research
• Student
• Academic
• Athletic
• Human Resources
• Faculty
• Crime and Safety
• Information Technology
• Enrollment
• Facilities

12
Internal Controls 101

• Examples of Financial Risk
• Accounting processes
• Auditing Matters
• Compliance with Regulatory Issues
• Falsification of reports/records
• Fraud
• Improper receipt of gifts
• Improper vendor activity
• Theft
• Waste and Abuse
• Misuse of Resources

13
Internal Controls 101

• The Five Interrelated Components
• Control Activities
• Control activities are the policies and
  procedures that help ensure management directives
  are carried out. They help ensure that necessary
  actions are taken to address risks to achievement
  of the entity's objectives. Control activities
  occur throughout the organization, at all levels
  and in all functions. They include a range of
  activities as diverse as approvals,
  authorizations, verifications, reconciliations,
  reviews of operating performance, security of
  assets and segregation of duties.
• -COSO Integrated Framework Executive Summary

14
Internal Controls 101

• Key Components Control Activities
• Policies and Procedures
• Administrative Policies and Procedures
  
  (http//www.busfin.uga.edu/manual/)
• Staff Training
• Organization Charts/Job Descriptions
• Performance Measures
• Segregation of Duties
• Preventing one individual from having virtually
  complete control over a financial process.

15
Internal Controls 101

• Key Components-Control Activities
• Adequate Transaction Documentation
• A record of (paper or electronic)
• for Revenue
• Receipt
• Transfer
• Deposit
• for Expense
• Purpose
• Authorization
• for Other
• Delegation of Signature Authority
• Monthly Account Status Report Reconciliation
• Annual Property Inventory
• Properly Designed Documentation
• Unique numbering
• Independent Verification

16
Internal Controls 101

• The Five Interrelated Components
• Information and Communication
• Pertinent information must be identified,
  captured and communicated in a form and timeframe
  that enable people to carry out their
  responsibilities. Information systems produce
  reports, containing operational, financial and
  compliance-related information, that make it
  possible to run and control the business. They
  deal not only with internally generated data, but
  also information about external events,
  activities and conditions necessary to informed
  business decision-making and external reporting.
  Effective communication also must occur in a
  broader sense, flowing down, across and up the
  organization. All personnel must receive a clear
  message from top management that control
  responsibilities must be taken seriously. They
  must understand their own role in the internal
  control system, as well as how individual
  activities relate to the work of others. They
  must have a means of communicating significant
  information upstream. There also needs to be
  effective communication with external parties,
  such as customers, suppliers, regulators and
  shareholders.
• -COSO Integrated Framework Executive Summary

17
Internal Controls 101

• The Five Interrelated Components
• Monitoring
• A process that assesses the quality of the
  system's performance over time. This is
  accomplished through ongoing monitoring
  activities, separate evaluations or a combination
  of the two. Ongoing monitoring occurs in the
  course of operations. It includes regular
  management and supervisory activities, and other
  actions personnel take in performing their
  duties. The scope and frequency of separate
  evaluations will depend primarily on an
  assessment of risks and the effectiveness of
  ongoing monitoring procedures. Internal control
  deficiencies should be reported upstream, with
  serious matters reported to top management and
  the board.
• -COSO Integrated Framework Executive Summary

18
Internal Controls 101

• Why Monitoring is Important
• Inherent Risks
• Complexity
• Decentralization many hands, need
  accountability
• Repeat Problems
• Unresponsive to prior weaknesses
• Exposures
• Changes in Regulatory Environment
• Personnel Changes
• System and Process Changes
• Rapid Growth
• New Programs, services and staff

19
Internal Controls 101

• Types of Controls
• Preventive Controls
• Forestall errors and thereby avoid the cost of
  correction
• Discourage fraud
• Detective Controls
• Measure the effectiveness of preventive controls
• Uncover errors and misappropriations
• Provide the means to establish accountability

20
Internal Controls 101

• Are Internal Controls Foolproof ?
• Controls will not always prevent fraud or
  misappropriation.
• Making controls infallible is cost prohibitive
  and unnecessarily cumbersome.
• Controls do not eliminate the human factor. To
  a significant extent, systems of internal control
  rely on people and their actions.

21
Internal Controls 101

• Real World Summary
• Why Internal Controls Are Important
• Provides management with confidence that the
  entity is operating according to standards which
  are monitored-someone is watching.
• Indicates to staff that what they are doing is
  important and that QUALITY is important.
• Sends a signal that certain behaviors will not be
  tolerated.

22
Cash Receipts

• The term cash receipts includes
• Currency
• Checks
• Credit cards
• Wire transfers
• received by mail or in person

23
Cash Receipts

• Use of Revenue Object Codes
• amounts received for
• Payment of delivery of goods or services
• Reimbursement of expenses or
• Contributions
• Examples of third party receipts include
• General revenues for tuition and fees
• Auxiliary income
• Parking income
• Sponsored awards and events
• Revenues from sale of goods and services
• Gifts and other designated funds
• Reimbursements from
• affiliated institutions
• conferences and seminars
• alumni functions

24
Cash Receipts

• Use of Expense Credits
• Refunds from vendors
• Price adjustment of goods or services
• Use same object code of the original expense.
• Examples include
• Returned or rejected items
• Overpayments

25
Cash Receipts Internal Controls

• Objective
• Ensure that all funds are timely deposited in
  the bank and are properly recorded in the
  appropriate account.
• Risks
• Theft/fraud.
• Mismanagement of funds.
• Mis-statement of revenue and expenditures.
• Noncompliance with University, BOR, State and
  Federal policies.

26
Cash Receipts Internal Controls

• Audit Check List
• Persons verifying the monthly Account Status
  Reports do not process cash receipts.
• Timely and adequate restrictive endorsement of
  checks
• Documentation and procedures are sufficient so
  that loss or misappropriation of funds can be
  traced to the responsible individual(s).

27
Cash Receipts Internal Controls

• Documentation and Procedures
• Types of documentation
• Pre-numbered cash receipt form
• Payment log
• Cash register tape using locked-in sales totals
• Workshop attendance roster

28
Cash Receipts Internal Controls

• Documentation and Procedures
• Verification Procedures
• Depositing cash receipts timely and intact.
• Independently tracing cash receipt forms, logs
  and/or register tapes to the Bursar Office
  receipt and the Account Status Reports.
• Comparing attendance rosters to revenue posted to
  workshop account.
• Reviewing deposit documentation before gift
  acknowledgement letters are signed and mailed.
• Accounting for unsold tickets.
• Maintaining control over pre-numbered receipts.
• Immediate notification to the Controllers Office
  of detected shortages or inappropriate activity.

29
Signature Authority

• Transactions must be reviewed and approved by
  those officers under whose responsibility the
  project lies.
• Signatory authority may be delegated however,
  primary responsibility for funds and transactions
  remains with the budgetary unit head.
• It is therefore necessary for a policy to be in
  writing to ensure the delegation is authorized.

30
Signature Authority

• The written signatory authority document should
  be
• Initiated by the budgetary unit head.
• Contain
• A description of the documents for which
  authority is being conveyed.
• Examples
• Vouchers.
• Purchase requests.
• Specimen signatures of persons to whom authority
  is conveyed.
• Signed by the appropriate department head,
  dean/director or vice president.
• Copies sent to
• Accounts Payable
• Payroll
• Budgetary units should revise the policy when
  personnel or job assignments change.

31
Signature Authority Internal Controls

• Objectives
• Documents are properly authorized.
• Budgetary unit heads and principal investigators
  understand their responsibility.
• Risks
• Noncompliance with federal regulations.
• Noncompliance with University policies.
• Misappropriation of funds/fraud.
• Disallowance of costs.
• Personal liability.

32
Signature Authority Internal Controls

• Audit Check List
• The department has identified faculty and staff
  members authorized to sign documents in either
  paper or electronic form.
• The list is up-to-date.
• Budgetary unit heads and principal investigators
  understand their responsibility.
• Documents are signed by the appropriate
  individuals at both the departmental and
  college/school levels
• Delegated faculty / staff members sign their own
  name and not the dean or budgetary unit heads
  name.

33
Procurement and Accounts Payable

• Procurement
• The University Procurement Office has sole
  responsibility for the coordination of all
  University procurement activities.
• Departments are authorized to make direct
  purchases with P-Cards and Petty Cash.
• Streamline payment procedures
• Reduce the administrative burden
• All purchasing is subject to
• State of Georgia purchasing regulations
• Board of Regents' policies
• University of Georgia policies
• The budgetary unit heads have the primary
  responsibility for the approval of all purchases
  charged against the accounts under their
  administration.
• Budgetary units should maintain a file of their
  own purchasing documents.

34
Procurement and Accounts Payable

• Procurement
• Purchase requests may be generated electronically
  or manually.
• Purchase requests should be limited to items that
  can be supplied by one vendor.
• When formal quotations are needed
• Complete as much of the Purchase Request Form as
  possible.
• Forward the departmental copy (blue) directly to
  the Procurement Office for use in obtaining
  quotations.
• Place a note on the face of the purchase request
  providing the reason for using this procedure.
• All check requests must be accompanied by an
  original of the invoice for payment.
• The responsibility for receiving and inspecting
  supplies and equipment rests with
• The central receiving units.
• Budgetary units requesting the supplies and
  equipment.

35
Procurement and Accounts Payable

• Accounts Payable
• The Accounts Payable Department is responsible
  for
• examining all accounts, claims, and demands
  against the University, and
• making payment of all the University's legally
  incurred obligations
• No payments are to be made
• Unless there is money in the account for such
  payments.
• Until the Accounts Payable Department has been
  presented with supporting documents.
• Purchase Authorization
• Original Invoice
• Receiving Report

36
Procurement and Accounts Payable

• Accounts Payable
• The department will encumber all
• Purchase orders
• Physical plant work orders
• Requests for authority to travel

37
Procurement and Accounts Payable Internal Controls

• Objectives
• Expenses charged are reasonable and allowable.
• Expenses are properly coded.
• Unallowable charges are separately designated.
• Purchase order processing is completed promptly
  and accurately.
• Risks
• Misappropriation of funds.
• Loss of sponsored funding.
• Disallowance of costs.
• Noncompliance with federal regulations.
• Delay of future funding.
• Delay of delivery of goods and services.
• Delay of payments to vendors.
• Jeopardized relationships with vendors.
• Jeopardized credit standing of the University.

38
Procurement and Accounts Payable Internal Controls

• Audit Check List
• Transactions are properly approved and the stated
  purpose is reasonable.
• Invoices are submitted to Accounts Payable
  timely.
• Account Status Reports are independently reviewed
  for accuracy of encumbrances and charges.

39
Payroll

• Payroll disbursements represent the single
  largest expense category to the University.
• All payrolls are processed electronically
  through a web based electronic payroll system.
• All new employees are required to have their
  payments made through direct deposit.
• The University processes four types of payrolls
• Monthly Payroll
• Academic Payroll
• Salaried Biweekly
• Hourly Biweekly

40
Payroll

• Monthly Payroll
• Faculty (other than those on an "A" or "L"
  contract code).
• Administrative personnel.
• Graduate assistants (other than those on a "S"
  contract code).
• Employees exempt from coverage under the Fair
  Labor Standards Act (Wage and Hour Law)
• Academic Payroll
• Faculty with a contract code of "A" or "L.
• Graduate assistants with a contract code of "S.
• Compensation is earned at the rate of one-half of
  the contract salary for each academic semester.
• Additional payments for Maymester summer
  session classes can be made.

41
Payroll

• Salaried Biweekly
• Payroll employees covered under the Fair Labor
  Standards Act.
• The hourly rate of pay is determined by dividing
  the annual rate by the number of available work
  hours in the fiscal year.
• The gross amount of each check is determined by
  multiplying the hourly rate of pay by the number
  of hours reported on the time sheet.
• Hourly Biweekly
• Employees covered under the Fair Labor Standards
  Act.
• Temporary or part-time employees
• (paid from lump sum positions in the University
  budget).
• The gross amount of each check is determined by
  multiplying the hourly rate of pay by the number
  of hours reported on the time sheet.

42
Payroll

• The basic documents used to effect payroll
  payments are
• Personnel Report
• Payroll Voucher
• Time Records

43
Payroll

• The Personnel Report is used to document
• Employment
• Termination
• Change in status of all personnel
• Approved by
• Department heads
• Deans
• Vice presidents (in some cases )
• Personnel Reports are electronically routed to
  the appropriate units.

44
Payroll

• Payroll Vouchers contain
• Names of all persons paid on the preceding
  payroll
• Social security numbers
• Hourly rate of pay or gross salary
• Approved by
• Department heads
• Payroll vouchers are sent to the Payroll
  Department.

45
Payroll

• Time Records, are prepared for each employee who
  is covered and nonexempt under the Federal Fair
  Labor Standards Act. The document records
• Name of employee
• Pay period
• Hours worked
• Approved by
• employee,
• Supervisor
• These signatures and dates are important in
  complying with Federal Regulations.
• The time records should be retained by the
  Department for 5 years after the fiscal year
  ends.

46
Payroll

• International Employees
• All international employees are required to
  complete the UGA Tax Information Form for
  Internationals
• The completed form must be submitted to the
  International Tax Coordinator along with
• Immigration documents
• Passport
• I-94 card and
• Visa
• The International Tax Coordinator will perform a
  tax analysis and will provide the appropriate
  payroll withholding forms to the employee for
  review and signature.

47
Payroll Internal Controls

• Objectives
• Proper authorization and payment of salary and
  wages.
• Responsibility for payroll processing separated
  between
• authorization/processing
• distribution of the pay check
• Proper allocation of resources and system access
  privileges.
• Current submission of payroll documents.
• Risks
• Noncompliance with federal/state regulations.
• Civil liability/lawsuits.
• Non-compliance with University policies.
• Penalties/fines.
• Fraud/theft.
• Retroactive transactions.
• Personal/employer tax liabilities.

48
Payroll Internal Controls

• Audit Check List
• Staff members who approve or process payroll
  documents do not have access to payroll checks.
• Payroll vouchers are properly approved by an
  appropriate supervisor having knowledge of the
  hours worked.
• Payroll vouchers agree with time sheets and leave
  records.
• Payroll vouchers are signed and approved on the
  last working day of the pay period.
• Time cards are checked for accuracy.
• Overtime if paid is allowable and approved in
  advance.
• Time cards are not returned to employees after
  they are approved by supervisors.
• Terminated employees are removed promptly from
  payroll.
• New hires are processed and paid in the
  appropriate pay cycle.

49
Payments to Non-Employees

• Independent Contractors
• General Rule the employer has the right to
  control or direct only the result of the work,
  and not the means and methods of accomplishing
  the result
• Some of the other factors to determine if a
  worker is an independent contractor include
• Has the contractor other clients?
• Is the person an employee of any State of Georgia
  agency or institution?
• Is there a contract for services?
• Does the service involve an independent
  profession, trade, or business?

50
Payments to Non-Employees

• Independent Contractors - Minimum standards of
  documentation to use of independent contractors
  as consultants require evidence that
• The services are needed.
• Cannot be met by direct salaries provided under
  the contract or grant.
• A selection process was used to identify the most
  qualified individual available.
• The individual or firm qualifies as an
  independent contractor.
• The fee is appropriate considering the
  qualifications and services to be provided.
• The express advance approval by the sponsoring
  and parent Federal agency of a consultant who is
  also a full-time employee of the Federal
  government.

51
Payments to Non-Employees

• Honoraria
• An honorarium is
• A onetime tax-reportable payment
• To a non-University employee
• For general service in education, research, or
  public service
• Where the University does not expect nor is
  payment contingent upon a particular result.
• Examples are
• Guest lecturers
• Workshop leaders.
• An "Honoraria and Fees Information Sheet" must be
  completed and attached to the check request when
  payment is requested.
• Payments can not be prepared in advance of
  service performance.

52
Payments to Non-Employees

• Prizes and Awards
• Prizes and awards are classified by the IRS as
  tax-reportable income.
• Prizes and awards to employees, which recognize
  professional achievements related to employment,
  are paid through payroll.
• Prizes and awards to non-employees or students
  (whose part-time employment has no professional
  connection to the award) are paid through
  Accounts Payable and are issued an IRS Form 1099.

53
Payments to Non-Employees

• Stipends/Fellowships
• A stipend / fellowship is in the form of
  financial aid for which no services are
  performed.
• Three tests to determine whether or not payments
  for stipends and fellowships are taxable to the
  recipient
• Only students (candidates for a degree) qualify
  for exclusions.
• Up to the total of tuition and required fees,
  books, supplies and equipment can be excluded.
• Amounts related to services performed even if
  such services were requirements for the degree
  can not be excluded.

54
Payments to Non-Employees Internal Controls

• Objective
• Individuals are classified correctly as either
  an employee or consultant / independent
  contractor for tax withholding purposes.
• Risks
• Noncompliance with federal regulations.
• Noncompliance with University policies.
• Fines and penalties.

55
Payments to Non-Employees Internal Controls

• Audit Check List
• The departments determination on the
  classification of an individual as either an
  independent contractor/consultant or employee
  meets the IRS criteria.
• There is sufficient documentation for need,
  qualifications, and selection process.
• The fee is reasonable considering the
  qualifications and services to be provided.
• Departments have properly completed
• Honoraria and Fees Information Sheet.
• Consulting Agreement Form.
• Forms are signed by consultant/contractor and
• the appropriate University official.

56
Travel

• The University reimburses employees for
  approved, necessary, and reasonable travel
  expenses incurred while conducting business for
  the University.
• Each employee is required to have travel
  approved by his/her department head or other
  designated official.
• For out-of-state travel, it is necessary to
  obtain
• Prior approval from the appropriate dean's,
  director's, or other unit head's office.
• A financial review by the Travel and Encumbrance
  Section of the Accounts Payable Department.
• Travel outside of the continental limits of the
  United States must be approved first by the
  appropriate vice president and then by the
  President's Office.
• Reimbursement for travel expenses (meals,
  lodging, transportation and miscellaneous
  expenses) is requested using an Employee Travel
  Expense Statement.

57
Travel

• In general, services (as well as materials,
  goods, or supplies) must be received before
  payment can be remitted.
• Food, lodging or other non-conference related
  expenses must be paid by the employee.
• The employee will be reimbursed, as appropriate,
  using normal travel reimbursement procedures.

58
Travel

• Non-employees or any other organization for
  rendering a service
• Travel and subsistence expenses must be in
  accordance with the University of Georgia Travel
  Policy.
• A "Honoraria and Fees Information Sheet" and
  check request is used to process reimbursement.
• Charges are recorded as per diem and fees expense
  and not travel for non-employees.
• Prospective employees may be reimbursed for
  travel expenses.

59
Travel Internal Controls

• Objectives
• Expenses charged are reasonable and comply with
  University policies.
• Expenses are legitimate and approved by
  authorized department personnel.
• Expenses are accurately calculated.
• Expenses are coded to the proper object codes,
  and unallowable charges are separately
  designated.
• Special Purpose Petty Cash Funds (travel
  advances) are properly requested, utilized, and
  accounted for in a timely manner.
• Risks
• Improper use of University funds.
• Noncompliance with Internal Revenue Service and
  other regulatory authorities.
• Noncompliance with granting agencies.
• Excessive aging of travel advances.

60
Travel Internal Controls

• Audit Check List
• Special Purpose Petty Cash Funds are approved,
  utilized appropriately and promptly returned.
• Travel forms are signed by the traveler and an
  authorized approver.
• Reported expenses are in compliance with the
  Universitys policies and procedures
• Correct per diem rates
• Correct currency conversion rates
• forms are accurately totaled
• Original receipts or other appropriate
  documentation attached to support charges on the
  Travel Expense Statement and Honoraria and Fees
  Information Sheet.
• Paid consultant travel expenses are included in
  the consulting contract.

61
Business Meals and Entertainment

• All University funds should be used only for
  activities related to the Universitys mission of
  education, research, and public service.
• In general, University accounts cannot be used
  to pay for the cost of University related
  entertainment.
• Sponsoring entities occasionally include a
  provision that funds may be expended for
  University related entertainment.
• It is important to note that expenses, personal
  in nature, such staff social parties
  (celebrations of a birthday, marriage, birthetc)
  or holiday celebrations are not reimbursable.
• Employees may be reimbursed for meals, not
  associated with overnight travel, if
• The meals are part of a required registration
  fee or
• The employees is on a work assignment more than
  30 miles away from home or headquarters).
• Approved, necessary, and reasonable business
  expenses may be reimbursed by submitting a Travel
  Expense Statement or Reimbursement of University
  Related Entertainment Expenses Form.

62
Business Meal and Entertainment Internal Controls

• Objectives
• Reimbursements for business meals and
  entertainment are made only when considered
  necessary and reasonable to fulfill the
  Universitys mission of education, research, and
  public service.
• Entertainment expenses are supported by proper
  documentation.
• Expenses are charged in accordance with
  University policies and sponsoring agency
  guidelines.
• Risks
• Non-compliance with federal regulations.
• Loss of funding.
• Penalties/fines.
• Disallowance of costs.
• Personal liability.
• Impairment of reputation.

63
Business Meal and Entertainment Internal Controls

• Audit Checklist
• Entertainment costs are in compliance with the
  Universitys policies and procedures and
  sponsoring agency regulations.
• The purpose for these types of expenses are of a
  business nature rather than personal.
• Expense reimbursement requests include written
  documentation stating the business purpose of the
  activity, the names of all individuals present
  and original receipts.
• The proper object codes are used when coding
  various entertainment expenses.
• Departmental personnel approving such expenses
  are familiar with the Universitys policies and
  procedures.

64
Account Status Reports

• Monthly verification of the Account Status
  Reports is a critical control.
• A certification of financial information at the
  department level.
• Performed timely.
• The Controllers Office distributes to
  departments each month the Account Status Reports
  for all accounts that had activity during the
  year.

65
Account Status Reports

• A review of the account status reports can be
  called
• Account Reconciliation
• Transaction Verification
• No matter what the procedure is called
• Source documents retained by the department need
  to be compared to the account status report
  entries.
• Timely.
• Preferably by someone who is independent of the
  processed transaction.
• Prompt reconciliation of revenue, expenditures
  and encumbrances can reveal
• Missing or misapplied deposits.
• Unallowable charges
• Duplicate payments or
• Non-payment of invoices.
• Exceptions must be promptly researched and
  corrected.

66
Account Status Reports

• Fiscal management responsibility rests with the
  department directors or principal investigators
  (PIs)
• Transaction verification procedures may be
  delegated to the administrative staff.
• Oversight of such delegated fiscal
  responsibilities remains with the department
  directors, or PIs.
• Department directors or PIs should review the
  monthly Account Status Reports to ensure revenue
  and expenditure transactions are reconciled and
  reasonable.

67
Account Status Report Internal Controls

• Objectives
• Revenue and expenditures are correct and
  reflected in the appropriate account with the
  proper object/revenue codes.
• Expenditures are allowable and comply with
  federal regulations and University policies
• The report reconciliation process is completed
  monthly
• Department directors and PIs understand their
  fiscal responsibilities
• Risks
• Non-compliance with federal regulations and
  University policies
• Disallowance of costs
• Delay or loss of future funding
• Delay in the discovery of inappropriate
  transactions
• No budgetary control
• Loss of revenue

68
Account Status Report Internal Controls

• Audit Checklist
• Revenue and expenditure transactions are
  reconciled monthly.
• Verification of transactions are performed by
  staff who are knowledgeable of University and
  sponsoring agency cost policies.
• When possible, verification procedures are
  performed by staff who do not
• Have access to cash or checks,
• Make purchases, or
• authorize payments.
• The reconciliation between source documents and
  the Account Status Report would likely detect
  items
• On the report and not in departmental records.
• In departmental records and not on the report.
• All unresolved items are promptly researched and
  corrected.
• The department director or PI review the monthly
  reports once the reconciliation is completed

69
Property and Equipment

• Movable personal property must be inventoried
  and tracked if
• Estimated usable life of three or more years.
• Acquisition cost of 3,000 or more.
• The University also inventories items costing
  under 3,000 but more that 500 which include
• Office Machines.
• Electronic Audio/Visual Equipment.
• Photographic Apparatus.

70
Property and Equipment

• The following items are inventory controlled
  without regard to cost
• Books if procured through the Library Accounts
  and catalogued by the Libraries.
• Firearms.
• Art objects/Antiques.
• Vehicles licensed for road use.

71
Property and Equipment

• Items acquired through the University
  Procurement Office do not require any additional
  reporting by the custodian of the equipment for
  purposes of establishing the inventory records.
• Items received from other sources do require
  action initiated by the custodian.
• Notice of Change in Departmental Equipment.
• Notify the University Property Control Office.

72
Property and Equipment

• Assistant Inventory Control Officer (AICO)
• Designated by the head of each college, school,
  department, or other administrative office.
• Responsible for the departmental procedures
  related to equipment.
• Notification of equipment transfers.
• Completion of an annual physical inventory.
• Ensuring initial and annual authorization of
  off-campus equipment.

73
Property and Equipment

• Surplus Property
• The Unassigned Property Unit is responsible for
• Acquisition,
• Reutilization, and
• Disposition
• of excess, surplus, unassigned, and unneeded
  equipment
• Each unit must initiate action with Property
  Control to remove items
• Disposed,
• Cannibalized,
• Traded-in, or
• Judged obsolete
• from the department's accountable records.
• Whenever the loss or theft of equipment is
  discovered, the custodian must
• Immediately report the loss to Campus Police
• Submit a Notice of Change and copy of the police
  report to Property Control

74
Property and Equipment Internal Controls

• Objectives
• Equipment is properly identified.
• Equipment is properly labeled with a tag.
• Proper object codes are used.
• Property Control is notified of equipment
  acquired other than through the standard
  University procedures.
• Property Control is notified of equipment lost,
  stolen, salvaged, or scrapped
• Inventory is conducted annually.
• Risks
• Non-compliance with federal or state regulations.
  
• Not identified as equipment (not in system).
• No record for insurance claims or theft.
• Reduced value of the inventory system (affects
  depreciation, which impacts the facility and
  administrative FA cost rates).
• Value of equipment inventory overstated.
• Loss of public confidence.

75
Property and Equipment Internal Controls

• Audit Checklist
• Equipment purchases are made in accordance with
  purchasing guidelines, properly authorized, and
  recorded.
• Proper equipment object codes are used for
  equipment with a per unit cost of 5,000 or more
  and with a useful life of more than three or more
  years.
• All University equipment have a decal that is
  easily visible
• Property Control are notified of
• Donations, transfers, or fabrication of
  equipment.
• Equipment lost, stolen, salvaged, or scrapped.
• Equipment moved to an off-campus location.
• An annual departmental inventory report is
  completed and returned to Property Control by the
  due date.

76
Conflict of Interest

• The appearance of a conflict of interest exists
  when a reasonable person will conclude that the
  employee's ability to protect the public interest
  or perform public duties is compromised by
  personal interest.
• Unlawful for any full-time state employee to
  transact any business with the agency by which
  such employee is employed.
• A full-time employee is forbidden from acting
  for himself/herself, on behalf of any third
  party, or on behalf of any business in which the
  employee or a member of his/her family has a
  substantial interest.

77
Conflict of Interest

• The term "transact any business" includes
• the sale or lease of any personal property, real
  property or services, or
• the purchase of any surplus real or personal
  property.

78
Conflict of Interest

• Unlawful for any part-time state employee, on
  his own behalf or on behalf of any business, to
  transact business with the agency by which he is
  employed, unless
• the amount of any single transaction between the
  employee and the University does not exceed 250
  and
• the aggregate does not exceed 9,000 per calendar
  year.

79
Conflict of Interest Internal Controls

• Objectives
• To provide effectiveness of operations by the
  safeguarding of human resources, i.e., faculty
  and staff members are devoted primarily to
  University objectives.
• Risk
• Impairment of the Universitys reputation.
• Independent scholarly inquiry threatened.
• Competition with the Universitys business
  interests.
• Impairment of the individuals ability to perform
  the duties of his/her University position.
• Non-compliance with federal regulations.
• Financial penalties.

80
Conflict of Interest Internal Controls

• Audit Checklist
• All faculty and staff members in the department
  have access to the Universitys policies
  regarding conflict of interest.
• Faculty and staff members know the conditions
  when special permission needs to be obtained
  before undertaking any commitment that may appear
  to be a conflict of interest.
• Faculty and/or staff members have not made
  purchases with vendors where there is a personal
  interest or reward.
• The department is free of situations where a
  staff member supervises or has significant
  control over the work or career of another staff
  member who is his/her relative or is someone with
  whom he/she shares a residence.

81
Information Technology

• Information Security
• Protect information from
• destruction,
• unauthorized access, or
• unauthorized change.
• Users are responsible for the security of data.
• An assessment of the Universitys business
  processes related to sensitive data is being
  performed.
• Training.
• Evaluations.
• Monitoring.

82
Information Technology

• Passwords limiting unauthorized access
• Passwords should be at least six characters long
  and have an alpha and numeric combination.
• Do not share computer IDs or passwords.
• Request a change in a computer password
  immediately if there is any suspicion that it has
  become known to another party.
• User IDs must be deactivated if an employee has
  transferred or terminated.
• Passwords should be changed on a regular basis

83
Information Technology

• Professional Use of University Resources
• Messages, sentiments, and declarations sent as
  electronic mail or as electronic postings should
  meet high and ethical standards
• Those users publishing their opinions
  electronically should
• clearly and accurately identify such as their own
  opinion or the opinion of the group which they
  are authorized to represent.
• Users are not permitted to transmit chain letters
  or display images, sounds, or messages that
  create an atmosphere of discomfort or harassment.

84
Information Technology

• Important data should be backed up frequently.
• Backup disks should be stored in a location away
  from the originals.
• Anti-virus software should be installed and
  frequently updated.

85
Information Technology

• Unauthorized copying of licensed software is
  illegal.
• Retain all documents on purchase and licensee
  agreements.
• There should be license documentation for all
  software loaded on each machine

86
Information Technology Internal Controls

• Objectives
• Universitys intellectual and electronic
  information is secured from inappropriate access
  or destruction
• Information technology is used only for
  appropriate business purposes
• Proper and reliable backup procedures are used.
• All software is properly licensed
• Risks
• Breach of system integrity and loss of critical
  data
• Non-compliance with federal and state laws
  regarding computer and data communications use
• Destruction of critical information by
  unauthorized users
• Violation of software licensee agreements and
  possible fines
• Employee dismissal and legal action
• Impairment of the Universitys reputation

87
Information Technology Internal Controls

• AUDIT CHECKLIST
• Employees with access to computer systems have an
  established need for the access.
• Passwords are secure and not shared.
• Procedures are in place to prevent unauthorized
  use or transmission of information.
• Access to the system is removed for terminated or
  transferred faculty, and staff, timely.
• Computers located in heavily traveled public
  areas have a screen saver with password
  activation invoked.
• Each computer software package is licensed for
  the current user.
• Computer files are backed up on a regular basis.
  Backup data is stored in a location away from the
  originals
• The department has sufficient technical support
  for ongoing operations to keep downtime minimal.
• The department has adequate resumption procedures
  for their automated systems that are considered
  critical or vital to their daily operations.